Size Doesn't Matter: A Case Analysis of the Relationship Between the Number of Employees and Risk of Fraud in an Organization

By Lisanne Graham-Scott, CPA, RFC

Small family-owned corporations are often viewed as safe, stable work environs. Fewer employees equal a less stressful workplace, the possibility of becoming the next Enron or WorldCom seems slight, and close friendships flourish. However, these very reasons can cause small businesses to have a higher risk of susceptibility to fraud. Rather than being easier to review and control financial data, having a small staff can provide greater opportunities for collusion, and segregation of duties issues result in one or two staff members having the ability to manipulate financial accounts. It can also surprise one just how little you really know your coworkers.

Conversely, others may feel more comfortable in a large corporation, believing that so many employees give someone little chance of committing fraud and getting away with it.

This article discusses two cases that highlight how the perceptions related to size of a company and the risk of fraud can be quite deceiving.

Case 1: Freeport Capital Corp
Phil was a quiet man employed for the past 12 years by Freeport Capital Corp (Freeport). He was friendly with his coworkers and, due to his longevity with the firm, was treated like family by the owners. Viewed by many as a dedicated, tireless staff member, he seldom took vacation, and often worked long hours into the night or on weekends to ensure that the job was done. He was not a qualified accountant but had been in the field for over 20 years.

Freeport was one company in the group of 14 family financial investment companies. As the Chief Financial Officer, Phil was a bank signatory for at least three of the companies with a signing authority limit of $20,000. Anything in excess of that amount was co-signed by the CEO.

The individual companies were either audited or reviewed on an annual basis, and the external auditors viewed Phil as a competent, helpful individual who ensured all schedules were prepared for their arrival. With rising interest rates, each company was performing well financially and everyone was happy. Turnover was low, and staff had built a great rapport over the years, often socializing after hours. The owners spent 3 months every year vacationing in the tropics, comforted that the business was safe under Phil's watch.

The office was small, and consisted of six persons- the receptionist, office manager, and accounts assistant (who all reported to Phil), plus the investment manager, and the CEO/owner. Phil and the accounts assistant were responsible for the day to- day transactions and accounting records of each company, with Phil working on the biggest two in the group: Freeport and Simple Inc.

Phil dealt with everything from setting up the bank account, preparing tax returns, and paying invoices to performing the bank reconciliations and financial statements on a monthly basis. In a small group it was easier for him and his assistant to split the companies in the group, with each of them performing all accounting duties for the companies in his portfolio.

There was no segregation of duties or backup checks performed on the books by management apart from the annual audit. Internal controls were not closely monitored, as it was felt that the small size of the company was a positive factor in reducing any potential for control breakdowns. The annual audit for the past 3 years had always resulted in a clean opinion, and anything Phil's assistant didn't know, Phil could do.

As fate would have it, one day Phil caught a chill and was forced to call in sick. The receptionist took the message and bade him a speedy recovery as she opened the daily mail. The first stack held correspondence from the bank, which was usually placed on Phil's desk for his action, but in his absence the receptionist decided to expedite the process. In going through the returned checks that accompanied the bank statement, she noticed one was made out to Phil in the amount of $10,000. Puzzled, the receptionist showed it to the office manager, who immediately notified the CEO. Phil had not requested a loan from the company, salary and bonus payments were always paid by direct deposit, and as a salaried employee rather than a consultant, Phil would have had no other reason for receiving a check from the company.

The first step was to locate and examine all bank statements and returned checks for the period for which Phil was an appointed bank signatory. This spanned a period of 5 years. Checks not found on the premises were requested from the bank. Completed financial records for each company could not be located either on site or on Phil's computer, so the accountants painstakingly rebuilt the cash account for those 5 years using the bank statements and printouts of the general ledger. During this process, it was discovered that a flaw in the check printing software allowed for the same check number to be generated more than once. Phil had exploited this flaw and printed duplicate checks-one made out to a legitimate vendor that was posted to the general ledger and kept in his desk drawer, and the other which was made out either directly to himself, or to a related party on his behalf. This latter check made its way through the bank system and, on its return to the company, was usually removed from the files and replaced with the check made out to the legitimate vendor.

When the team brought its findings to the companies' board it was noted:

  • Phil was unaware that the company had found and investigated his frauds.
  • Some 200 checks had been falsified during the period and had to be requested from the bank.
  • He had stolen at least $200,000 for fraudulent payments of personal expenses.
  • He had diverted an additional $300,000 for payments to related parties.
  • In total, during the last 5 years, he had steadily diverted over half a million dollars of the companies' funds for his benefit.
  • The team initially believed Phil's activities may have started earlier than the 5 years. They recommended the timeframe under investigation be expanded.


    • In his interviews with the accountants, Phil described a shattered family life caused by the increasing debts of a gambling addiction. His coworkers had been clueless to this aspect of his life. At first he had taken small amounts to cover household bills or the costs for his son's sporting events. These quickly spawned into payments of his annual income tax liability, mortgage principal, vacation trips, charity donations, and the ever-increasing gambling debts.

    At first, when Phil was faced with the checks, his defense was, "It was a loan, and I had every intention of paying it back," or "I had no health insurance and my son had been injured playing sports so I needed the money," or even, "That was my bonus for the last 2 years, which we had discussed," in an attempt to place the company on the defensive. However, when the magnitude of his crimes was revealed, he appeared shocked and dismayed, both at the fact that so much had been discovered and also at the rising possibility of his facing criminal charges. He was forced to sell his house to repay some of the funds and move in with his parents. His wife, who had left when his addiction came to light, immediately filed for divorce and sole custody of their two sons. The man who once had it all now faces potential jail time if Freeport chooses to prosecute.

    To date, Freeport has recovered some but not all of the funds and has put measures in place to minimize the risk of this occurring again:

  • Fidelity insurance was purchased so that in the event of a recurrence, the loss to the company would be minimized.
  • The accounting department was revamped, and although one person is still responsible for all the records of a company, these records are reviewed by the CEO on a monthly basis.
  • The cash management process came under great scrutiny, and monthly bank reconciliations are now prepared and reviewed by separate members of staff.
  • A qualified accountant was hired for the position of CFO and put in place a comprehensive system to ensure verifiability of all records.


    • It was a harsh and costly lesson for Freeport and showed that the control environment was not secure merely because of the company's small size.

    Case 2: ACB Inc.
    Keith was an internal auditor at ACB lnc., a large telecommunication company with well over 1,000 employees. Shortly after the completion of the annual audit, he received a report from a new employee who alleged that a manager in the sales division was committing expense account abuses. The employee had accompanied one of the vice-presidents (VP) on many business trips and noted some very unusual habits. When in restaurants or taking a taxi, the VP would often ask for extra blank receipts.

    Keith requested the VP's travel file and found some irregularities:

  • multiple receipts from the same taxi company for the same days
  • very expensive meals
  • duplicate meal receipts for the same days
  • additional suspicious charges for several hundred dollars, each billed to an unknown source


    • Keith, an experienced auditor, was aware that employees who cheat on their expense accounts can usually do so by one of four methods:

    1. Mischaracterized expenses-legitimate documentation is produced for nonbusiness- related transactions (e.g., taking a friend to dinner and charging it to the company as "business development").
    2. Overstated expense reports-inflated amounts of actual expenses where the difference is then kept by the employee (e.g., altering a taxicab receipt from $10 to $40).
    3. Fictitious expenses submitting phony documentation for reimbursement (e.g., producing a fake hotel bill on a home computer).
    4. Multiple reimbursements-copies of invoices are resubmitted for payment more than once (e.g., copying an airline ticket and claiming the cost again on the next month's expense reimbursement).
    The VP had been employing the first and last methods in his scheme in the 3 years following his promotion, and Keith found nearly $35,000 of fraudulent expenditure reimbursement during that period. This had not been caught by the accounting department. In a large company with many staff traveling weekly and submitting up to 100 expense reports a month, a lot of detail was provided for the 10 employees in the department to review. Despite the internal controls in place, the fraud was perpetrated successfully. Additionally, as VP, the person was not required to get approval for his expense reports, so they were never independently checked by his superior prior to submission for reimbursement. Although the amount uncovered by Keith's investigation was immaterial to the company, there is no such thing as an immaterial fraud when the person involved is a member of management. If the integrity of executives is so low that they would engage in "immaterial" fraud, it is only logical that they would also engage in fraud when something material is at stake. Following this, it became a mandatory company policy that expense reports be approved by an employee's immediate supervisor prior to submission. Keith also advised the head of the accounting department to be on the lookout for any of the following typical red flags and to implement additional internal controls to deter further expense account abuse by any employee:

  • Increasing expense reimbursements by employee
  • Multiple receipts from a single vendor
  • Variations from budgeted expenses
  • Unreasonable charges
  • Photocopied documents-Although there can be legitimate reasons for using photocopies for small expense items, making a copy of an altered document is a common expense account ploy. The evidence provided to support an expense claim should be carefully reviewed to see whether it appears to contain alterations, especially if this is the habit of a single employee.

    • The VP resigned after repaying the illegitimate expenses. The company elected not to press any criminal charges.

    Each of the cases above clearly emphasizes that any company, whether big or small, is susceptible to the risk of fraud. Once an employee has motive, opportunity, and can rationalize his or her behavior, the chance of committing a fraudulent act is high. In an effort to deter this from occurring, all organizations should ensure that a well-developed internal control framework exists, is independently reviewed, and is updated on a frequent basis.

    About the Author

    Lisanne Graham-Scott, CPA, RFC, is a Manager in the Advisory Services division at a Big Four Firm. Her work experience includes more than 3 years providing assurance advice to clients in the Caribbean, with an additional 3 years of international experience performing assurance services, regulatory compliance reviews, internal control reviews, and forensic accounting and litigation support services to clients in North America. She has been a member of ACFEI since 2007.
    Courtesy of Dr. Robert O'Block, Founder and Publisher