Kathleen’s house of cards came crashing down while she was at the cottage enjoying her summer vacation. A long-time employee in the accounts department of a multimillion-dollar B.C. manufacturing firm, she had quietly embezzled close to $1 million from her employer over the course of 10 years by creating a dummy company and submitting phony invoices for non-existent services.

After running her scam for so long, she never dreamed anyone would question her monthly “bill,” but in her absence a vigilant colleague thought it looked fishy. He asked around: did anyone know what the vendor was actually supplying or which department used its services? Nobody knew. Unable to contact the company by phone, fax or email, Kathleen’s colleague went to their boss.

Access denied It’s quite likely that Vaclav Vincalek can walk into your reception area, open his laptop, access your file server and download your most sensitive corporate data in a matter of minutes. “If I wanted to, I could send it who knows where to who knows who and there would be zero way to trace it.” Vincalek, president of Pacific Coast Information Systems Ltd., a Vancouver software consulting firm specializing in electronic security, routinely demonstrates his skill for astonished clients, who didn’t know their crucial, confidential data was quite so vulnerable to hackers and disgruntled employees out to sabotage systems or steal valuable corporate records. He then recommends ways to plug the leaks with advanced security tools such as firewalls and intrusion-detection systems. Companies are required by law to safeguard private employee and consumer information. However, organized crime is increasingly targeting databases, often accessing them through crooked employees, as fodder for identity-theft scams. It’s ironic that the same technological advances that have revolutionized the world of work have also made things easier for white-collar thieves. And it isn’t just criminal outsiders who screw you over. A recent study of 900 IT professionals in different sectors conducted by online survey provider zoomerang.com found that almost half take data with them when they change jobs – including documents, lists, sales proposals and contracts. Some simply email information to a personal address; others walk out carrying the data, usually on peripheral storage devices such as portable memory sticks, flash drives or iPods, tucked away in a bag or pocket. Tightening systems security should never hinder efficiency, says Vincalek. Rather than installing passwords on everything and driving your people crazy, he recommends investing in new security, such as devices with fingerprint scanners authenticated only to certain systems or portable ID cards that lock users out of the system when they walk away from their work stations. Employers should also keep tabs on their own systems teams, he says. If the individual responsible for IT ­security leaves your ­organization on a bad note, he or she can effectively shut your business down. Vincalek urges employers to think of an external form of insurance. “If you have files that would sell on the black market for $1 million, how much are you willing to spend to secure them? Losing data is essentially the same as having your money stolen.”

From the outset, the investigation focused on five individuals, one of whom had left the company. A firm of investigators attempted to trace the supplier through various corporate registries and delved into the background and lifestyle of each suspect. In time they eliminated everyone but Kathleen. She and her husband lived a fairly lavish lifestyle and had just bought brand new cars, which seemed inconsistent with their joint income. They owned recreational property in another province. Kathleen’s sister had recently bought a small business and enlisted Kathleen as a partner. As the pieces came together, the company confiscated Kathleen’s hard drive, dug back through its records and itemized her fraudulent transactions. On her return, they confronted her with the evidence and she made a full admission. Her 10-year crime spree netted a two-year jail term, and she was ordered to reimburse the company $250,000. Whether driven by need, greed, revenge or a skewed sense of entitlement, some of the folk you trust the most may right now be palming pencils and paper clips; shorting your cash registers; relieving you of valuable merchandise, office equipment and parts; cashing in on your intellectual property; padding their expense accounts; abusing their gas cards; and even stealing your time. Mitigating risks associated with employee pilfering is big business today, and it’s getting bigger. Membership in the Vancouver chapter of the Association of Certified Fraud Examiners (ACFE), a 37,000-member international professional organization dedicated to fighting corporate crime in more than 70 countries, is at a record high. Monthly chapter meetings are packed with anti-fraud experts specializing in security, investigation, loss prevention, law enforcement, forensic accounting, law and internal auditing across all business sectors, determined to keep on top of the latest white-collar scams. Of necessity they are a pretty cynical lot; they know from experience there is no limit to human imagination where thievery is concerned, especially when it comes to bilking the boss. Just how many employees have their hands in your pocket? When U.S.-based investigative and forensic-accounting specialists Michael G. Kessler & Associates Ltd. asked more than 500 workers for their views on workplace theft, a staggering 79 per cent admitted they would steal from their employer. Kessler’s research found that only 21 per cent of employees are truly honest and will never steal, 13 per cent are completely dishonest and have no problem pocketing your cash and assets, and the remaining 66 per cent say they would give it a shot if they saw their co-workers get away with it. Who are the pilferers in your ranks? You might be surprised to learn that new hires are rarely on the take; it’s more often men than women; and it’s usually older, long-serving employees, those you know quite well and trust implicitly, who are taking more than paycheques home with them. Vancouver-based BackCheck Canada, the country’s largest employment screening firm, says people aged 60 and older are 27 times more likely to steal from you than those under age 25. Career white-collar criminals are generally married, socially conforming and often described as the nicest people you could hope to meet. They appear to be loyal, devoted employees, but it’s a front designed to win your confidence. When your back is turned, they will take you to the cleaners. Interestingly, in its latest Report to the Nation, the ACFE pointed out that the average fraud committed by men was worth $250,000, more than twice as much as the average for women. The report speculates that the disparity is ¬because men still tend to hold the lion’s share of management and executive-level positions. A 2006 global study by professional-services firm Ernst & Young found that more than two-thirds of companies surveyed were victims of corporate crime. And the numbers involved are far from piddling. Employee larceny costs Canadian businesses billions of dollars every year. According to the ACFE, last year fraud and theft cost employers an average of $9 a day per employee, with the average organization losing about five per cent of its total annual revenue to thieves. On average most victimized firms lose around $159,000, up more than one-third since 2002. However in 25 per cent of cases, losses passed the $1-million mark. Nine companies surveyed lost more than $1 billion. Canadian retailers alone are relieved of approximately $8 million of merchandise every day. Surprisingly, employees outsteal the shoplifters. And it isn’t just a case of transient sales clerks with sticky fingers. More than half the fraudsters come from management ranks. South of the border, one-third of small operators that go bust are put out of business by in-house crooks, and it’s a safe bet that statistics are similar here in B.C. [pagebreak]

Veteran crime fighers War heroes like Peter Welford and his comrades at the Abbotsford branch of the Royal Canadian Legion survived some of the bloodiest battles of the 20th century, only to spend some of their golden years fighting a callous fraudster who bilked them out of $250,000. Until May 2002, the 800-strong branch trusted an experienced bookkeeper to manage their finances while they raised funds for veterans and their families and local charities. Everything changed one morning when newly elected president Welford got a surprise call from the bank. Did he realize that a $50,000 term deposit, money left over from a $360,000 legacy, was gone and that the Legion was operating in the red, amassing considerable bank charges? “I was stunned to learn we were in such dire straits,” recalls Welford, a retired mechanical engineer who is now past president. “Cheques were coming back NSF… I had to borrow $30,000 from a sister society just to keep us afloat.” Initially the Legion executive believed their middle-aged bookkeeper of three years when she said she knew nothing about the missing funds. After studying the accounts in detail, they realized they had badly misplaced their trust. When Welford realized what she’d done, he fired her. “But by then it was too late,” says Welford. “The money was gone.” After a thorough investigation, the Legion filed a civil suit against Jeanette Burkitt, alleging theft of $225,000. Using evidence gathered by Rosanne Terhart, a local fraud examiner who volunteered her services, they proved that Burkitt had boosted her paycheques by $1,000 on 58 occasions and had written herself an additional 138 cheques totaling $139,000. She was ordered to repay the stolen funds plus $5,000 in accumulated bank charges. To date, after a long, tiring struggle for justice, the Legion has only seen $80 of their much-needed cash, says Welford ruefully. “She says she’s broke so I doubt we’ll see any of it.” Burkitt does, however, have a criminal record thanks to this group of determined veterans. Shortly after the civil suit, she was convicted of fraud and received an 18-month jail term followed by 30 months of probation. A group of Legion members in full dress uniform, complete with ribbons and medals, were in court for her sentencing. Despite the potential damage to their reputation in going public with the fraud, they were determined she would not go on to bilk other employers. Psychologists say trusted fraudsters rationalize this sort of inside job as a “victimless crime,” feel entitled to dip their hand in the till and rarely feel true remorse. The Abbotsford Legion case is especially troubling since it targeted seniors who served their country, and it left their organization in serious ­financial trouble. As a result of the cash crunch, the Legion was forced to sell its branch headquarters and move to a smaller location, effectively kneecapping its operational budget and charitable fundraising efforts. “Five years later, we’re still losing money as a result of what she did,” Welford says. “In the end, the biggest thing we’ve learned from this experience is never, ever, trust anyone.”

When a major B.C. grocery chain discovered it was losing inventory from a regional store, it assumed it was due to shoplifting. In an effort to catch the crooks red-handed, it beefed up security on the sales floor, but the losses kept on mounting. After poring over reams of security-camera footage and coming up with nothing, head office added an undercover investigator to the payroll. Within weeks he reported that the store’s entire security group was on the take. Whenever the scammers removed goods from the shelves, an employee stationed himself in front of the camera, effectively obliterating the view. Eventually the crooks offered the “new hire” a piece of the action, which enabled the company to identify everyone involved and follow the trail of stolen goods from the store to a local flea market, where it was sold at discount prices to an unsuspecting public. Given the devastating impact of this worsening scourge, why is employee larceny still such a dirty little secret that rarely makes the headlines? Ken Cahoon, managing partner of Canpro Global, a Burnaby-based risk-mitigation firm specializing in private investigations, HR screening, security and training, says victimized firms, many of whom have risk-management strategists on staff, are afraid of the media and seek to avoid embarrassing publicity that could tarnish their reputation with shareholders and customers. (The three stories used in this article are actual cases investigated by Canpro. At Cahoon’s request, details such as names, places and dates have been changed.) BCBusiness has also noticed the extent to which companies will go to disassociate themselves with employee fraud. While researching this piece, only one organization was prepared to openly discuss the painful fallout from employee embezzlement (see “Veteran crime fighters,” p. 58). Instead of prosecuting the perps in their midst, employers prefer to issue a reprimand, relocate offenders elsewhere in the organization or cut them loose on an unsuspecting business community without anything amiss on their work records. In fact, according to the ACFE, fewer than eight per cent of employee fraudsters have a police record for a diligent employer to uncover. Mike had been an accountant in the head office of a B.C. retail chain for only six months when his boss had a sneaking suspicion that he was running some sort of scam. It wasn’t a single “ah-ha” moment, just a series of small things that seemed unusual for someone who came so highly recommended. Mike was taking increasingly long breaks away from the office and insisting that he personally handle the banking. Instead of tackling Mike directly and in the process tipping him off to his suspicions, the boss discreetly brought in outside help from Canpro Global. “When our client initially hired this guy, their standard pre-employment screening had come up empty,” says Cahoon. “Obviously a company with our resources can dig a lot deeper.” While Mike had no criminal record, he had previously filed for bankruptcy. Bankruptcy alone is not necessarily a deal breaker in the hiring process, but a closer look by Canpro investigators revealed a trail of bad debt – definitely a major red flag for someone applying for a senior accounting post. He had also faked his “glowing” references. A search of Canada’s civil court records, which unlike either a criminal-record or credit search does not require a job applicant’s written consent, revealed that a previous employer outside B.C. had fired Mike for stealing $250,000 over a three-year period. The company had taken him to civil court and obtained a judgment for financial restitution but had never seen the money. Given this alarming new information, the boss brought in a forensic accountant who discovered that in six months Mike had already embezzled $50,000. At this point, the police were called in. With clear-cut evidence gathered by fraud-savvy professionals, Mike was charged with theft and is currently serving a three-year prison term. Cahoon says this story underscores why employers should always perform serious due diligence, especially when hiring for senior-management or finance-related positions. “We strongly recommend that companies go that extra mile and do a thorough background check, because it could save you a substantial amount of money down the road. I tell people, ‘Trust, by all means, but always verify.’” Cahoon says our business community’s reluctance to prosecute, coupled with Canada’s underfunded policing and overburdened justice systems, makes it very tough for employers to weed out even the worst workplace crooks, let alone the hordes of small-time pilferers. If you choose to involve law enforcement, they want you to investigate thoroughly and present them with all the evidence. If you do get to criminal court, says Cahoon, first-time offenders rarely get jail time; judges generally send them for psychiatric counselling or impose conditional sentences. Even if a perpetrator is handed a prison term, there’s no guarantee of compensation. Vancouver independent forensic auditor and investigator Pat McDowell says that before going the criminal route, companies generally prefer to take thieves to civil court, where they can negotiate a judgment for reparation. Whatever route they choose, meeting the legal burden of proof is a complex, onerous business best left to the professionals. Unless the company involves a lawyer and a forensic accountant as soon as it suspects wrongdoing, McDowell says, it could taint the evidence. The crooked employee may get off scot-free. “Investigating theft can be very costly in terms of morale as well as cash,” she adds. “We strongly recommend that you don’t wait to be victimized before investing in prevention. In extreme cases, the results of fraud can be devastating: especially in ‘mom and pop’ operations where an employee gets rich off you as your business goes down the tubes.” If you don’t have an internal auditor or risk-management professional on staff, McDowell recommends designing your own internal control system with written policies and procedures for recording, processing and reporting financial data and safeguarding your assets. One of the first things you should do, and one of the most important, is to ensure what auditors call “segregation of duties.” For example, never permit only one person to approve and pay invoices or handle all bookkeeping tasks. (For more on theft-proofing your business, see “To catch a thief”). McDowell observes that, whether they are stealing pens or Post-it Notes, billing for extra hours or fiddling with your till, white-collar criminals can always justify their actions. “Often it starts because they make a mistake and they don’t get caught. So they think, ‘Well, I got away with that, why don’t I do it again? They won’t miss the money anyway.’ They have a cynical view of the workplace and actually think their employer ‘owes’ them.” Both McDowell and Cahoon stress that most incidents of fraud or theft are discovered when a co-worker blows the whistle. But your people must know who to tell and feel confident that their report will be kept confidential. In Canada publicly traded companies are required to provide a whistleblower line, which must be administered by an independent third party. McDowell and Cahoon advise private companies and smaller operations to offer their people a similar mechanism. “If you create an ethical environment which encourages your people to anonymously report what they see to someone at a senior level, without any fear of retribution, it really does pay off,” adds Cahoon. If you are not comfortable handling reports of fraud internally, consider using the services of an outside provider such as Bison Security Group’s ConfidenceLine, which, for a fee, offers companies access to a toll-free, 24-hour confidential hotline. Employees can call in and register their concerns about their co-workers on anything from fraud and theft to bullying and other erratic behaviour in the workplace. ConfidenceLine will then relay their tips directly back to you. Related stories: To catch a thief Mob Mentality