How to Identify and Mitigate Fraud Risk in Manufacturing
- Published
- Nov 18, 2022
- By
- Travis Epp
- Topics
- Share
In this episode of ManuFacts and Perspectives, Travis Epp, Partner-in-Charge of EisnerAmper’s Manufacturing and Distribution Group, is joined by Hubert Klein, Partner and Practice Leader of the firm’s Forensic, Litigation and Valuation Services Group. As part of International Fraud Awareness Week, the two discuss the actionable strategies and controls manufacturing business leaders can implement to better identify and mitigate fraud in their organizations.
Transcript
Travis Epp:Hello and welcome to ManuFacts & Perspectives in EisnerAmper's podcast series. I'm your host, Travis Epp, Partner-in-Charge of our Manufacturing and Distribution Group. Joining me today during Fraud Week is Hubert Klein. Hubert is a Partner and Practice Leader for the Forensic Litigation and Valuation Services Group of EisnerAmper. Hubert has over 35 years of experience and is frequently involved in fraud and forensics investigations.
I think this is a very topical issue given the economic challenges that some people are having. When you think of the typical fraud triangle, the corners of motive, opportunity, and rationalization are always there. In tougher economic times, maybe even more so. So I'm very glad that Hubert is able to join us today.
So Hubert, welcome. And my first question to you is, this is International Fraud Awareness Week, can you explain what occupational fraud is?
Hubert Klein:Travis, yes, I can. And thanks for having me today. Very timely topic with International Fraud Awareness Week, but also it's important to look at this from a global perspective and company perspective due to the last 24 to 36 months that we've had with the pandemic and modified work arrangements and so forth.
So occupational fraud is when fraud happens within a business. And there's three different types of occupational fraud. There's the asset misappropriation, there's what we call corruption, and then there's financial statement fraud.
The asset misappropriation is the taking of a company asset for an individual's personal use to defraud a company and for monetary gain. People might not think of it, but taking toner cartridges, taking supplies, dipping into inventory in the warehouse, whether it be raw materials, some work-in-process or finished goods.
The corruption is when two or more people are working together for their own financial gain which harms the company. And then there's the financial statement fraud, where people may be incentivized to, we'll use the common term, juice the numbers to make performance look better than it is because there's some sort of bonus or stock trigger award tied to the performance of the company.
TE:I think, Hubert, that's a great point. And also similar rationalization involved is with bank covenants. So if earnings or results are deteriorating, that may give the finance team an incentive to try and make sure the company hits covenants.
HK:Absolutely. If you look at it now, Travis, the covenants is something that didn't come into my head when I was preparing for this, but in light of the current environment with rising interest rates and talk of either we're in a recession or we're going to hit a recession, those covenants and the ability to hit the targets in those covenants is going to become a real issue for a lot of companies. And people may be incentivized to present a different picture than what the economic reality is because nobody wants their loan called, interest rate increases are going to have an effect on cash flow, and we don't know where the banks are at yet, but there could be issues with covenant. So thank you. That's an important thing I think we need to add to this conversation.
TE:Yeah, and we always try and advise clients to think ahead about the coming year to make sure that if they are having challenges with covenant compliance, that they take appropriate steps in a positive manner.
Hubert, does occupational fraud impact all business sectors?
HK:Unfortunately, yes. Occupational fraud has no boundaries. All business sectors are affected by it. There is a study by the Association of Certified Fraud Examiners and they do a global study. And according to their study, about 5% of revenues are lost each year by a company that somewhere in the entire global marketplace of revenues, 5% is lost to fraud. Now, it may be different percentages for every company, but that study indicates that it's a large number. And the median loss for fraud is about 100,000. However, depending on the business sector, some are higher, much higher, and some are lower.
TE:Hubert, could you comment specifically on the manufacturing and distribution sector please?
HK:When I talked about the higher, the manufacturing distribution sector is higher. Their median loss is almost double loss for the entire business sectors. The manufacturing distribution goes from 100,000 up to 177,000 is their median loss. And there's a lot of reasons for that just because of the uniqueness of that sector and the ability for people to be involved in more fraud schemes, which we can talk about which the different ones are. But the manufacturing sector has a higher instance of fraud and a higher dollar amount of fraud per the fraudulent activity that takes place.
TE:So obviously, this is a concern. What sort of steps or how is sort of occupational fraud uncovered?
HK:It's usually uncovered in the least likely way that people would think. Studies show that in all industries and mostly in the manufacturing distribution space, most frauds are uncovered by somebody telling on someone else.
Companies spend a tremendous amount of money in fraud prevention controls and risk management controls. And it's interesting that the studies show that somebody saw something and told someone and that's what precipitated the investigation, not the internal audit, not the certified audit. They do uncover things, but not at the same level as if somebody saw something. In today's world, someone generally sees something. And when they tell the right person, it initiates an inquiry and an investigation. That's how most of it's uncovered.
TE:Hubert, another area I just wanted to address is we had the opportunity or unfortunate circumstance of working in a fraud investigation together in the past. And in that situation, the reason for that event was that a company had too much trust in a relationship. Is this a common issue that you see as to why frauds occur?
HK:Travis, very good question. And unfortunately, yes. The studies show that there are warning signs of people who commit frauds. And a lot of times, it is a person who is a trusted employee or associate or business partner of people who will override or circumvent certain controls for their own personal gain. So in that particular case, that's what happened. And it's not uncommon. It's more of the norm than something that happens as an aberration.
TE:What are the chances of recovering the financial loss for an M&D fraud?
HK:It depends, and I know that's a legal answer, but it really depends. A lot of times with the asset misappropriation schemes, the money's gone, right? The individual took an asset that they weren't entitled to, and that asset could have been cash or petty cash or worked out some sort of scheme with a billing scheme or a vendor scheme with kickbacks. Usually when the perpetrator gets that money, they probably already spent it, so you might get a judgment.
The recovery is generally not 100 cents on a dollar, but what it can lead to is better policies, procedures, and controls being put into place to thwart any future potential fraud. But the statistics are not good on recovery or restitution.
TE:So Hubert, how can M&D companies work together to uncover and recover from a fraud that impacts their business?
HK:The best way is to do an analysis or what we call a fraud risk assessment of the vulnerabilities of the organization. Where are the strengths? Where are the weak spots? And companies know that they have very strong areas and that they have areas that are weaker, not in a negative connotation, weaker, but that they think that they're less susceptible to fraud in certain areas. So what companies should do is an assessment and an evaluation of policies and controls and procedures that are in place today.
Now, if there has been a fraud, the first thing to do is do what we'll call the postmortem. How and why did it happen? Because in order to move forward, you need to understand what happened to fix the problem, plug the hole in the dam and ensure it doesn't happen again, and reevaluate on a going-forward basis.
All too often what I see is when there is a breach in the policies and procedures and the controls, that over time it's because a fraud risk assessment was done, the organization said, "Great, we have it," and it went on the shelf and collected dust. But in today's environment, as you know, Travis, the industry technology morphs at very rapid paces. So what might have been good four or five years ago may not work today. You have different upgrades in your technology systems and reporting. Computer programs change. The reliance and data has changed. So who has access to it? Who can get to it? What is the information that's being spit out by the ERP systems and the manufacturing concerns? Who has access to it? Who has the input rights?
So I liken it to radar detectors. I try to break it down in a simple way that people would understand is your radar detector will alert you if the police have a radar on you. The police now have a unit that can detect if your car has a radar detector. In certain states, like Virginia, it's illegal to have one. So you got a war back and forth. So what do the radar detector companies do? They invent the radar that will alert you if the police has radar on you that can jam the police radar that can detect if you have a radar. So it's the game technologically that goes back and forth.That's kind of what happens in the fraud world. Just as we get good at building the better mouse trap, the person who wants to be a wrongdoer figures a way to override it. And sometimes it's a game for them and sometimes they just figured out a way around it.
Now, you'll see that more in your corruption and your financial statement, fraud schemes. In your asset misappropriation schemes, people try to put all kinds of controls in. But in a manufacturing plant, I'll give you a case example. I had a client who used a very expensive metal in their manufacturing process and it would throw off waste and the waste would be minimal, but because of the raw material, which was a very precious metal being worth a lot of money, and part of the process was you needed a certain amount of the size of the metal to go in the manufacturing. So they would clip the ends. So you'd have these little pieces at the end would be clipped that would go into a barrel for recycling or sell as scrap. They didn't really have a scrap procedure in place. They just said, "When the barrel's full, we call the guy and sell it."
We were called in because something didn't seem right and we figured out that half the scrap that they should have had was gone. And over a period of a couple years, it was millions of dollars of scrap that was missing. They didn't have a proper policy and procedure and oversight on the scrap. They just took it for granted. You fill out the barrel, we sell it, we get the money.
So putting the right procedures and controls in place are very, very important. But also updating them. What could they have done? They could have put in cameras. They could have had a log, what was the weight of the material that went out versus what they got on the price per the pound of the material?
So it's not a just-in-time protocol. It has to be able to morph as your business and the industry morph. So your fraud prevention, protection, and detection plan has to be updated, reviewed just like any of the other internal controls in a company. They're not stagnant.
TE:Yeah. I think just to summarize it, as your business changes, your controls need to change so you can protect your business. In line with that, Hubert, how can companies minimize their fraud risk and prevent losses?
HK:Well, the number one thing we always tell people is setting the tone at the top. Management has to be invested in, yes, we're here to generate sales and make money, but we're also here to have an ethical, corruption- free organization. And that has to permeate down through the lower levels of management and staff.
If management acts ambivalent and doesn't think it's a big deal because they're making a ton of money and only looking at sales, to a lot of people the bottom line's very important. So if management puts in the appearance that, "Hey, we're concerned about everything, if somebody sees something, please report it to us." It has to be ingrained in the firm culture and getting things ingrained in the firm culture comes from the top and then from the managers on down that, "Hey, if you see something, let us know. We're watching. We have programs and policies and procedures in place to catch things." And also, you do your spot checks and your audits. And if there's an anomaly in the accounting system, you investigate it.
TE:Okay, Hubert, thank you very much. Are there any other overall comments you would like to make on Fraud Week?
HK:Only to say that organizations should look into doing some sort of a fraud risk assessment, however involved they want it to be. Fraud awareness is something that an organization should have as part of their business plan, and it should be proactive and monitored because all too often we're called in on the reactive phase to basically quantify what happened. But we can also help on a preventative and detection stage.
And just think of it, you have to pay either way. You either have to pay to put in some protections and make sure something bad doesn't happen, or you could pay someone afterwards to help quantify it. But the reality is if you invest in the prevention up front, if there is something on the back end that goes wrong, you will minimize it. The average fraud in manufacturing is $177,000 and it lasts about 12 months. If you had the right policies, programs in place, maybe it only lasted three months and only cost you $30,000. So I think that's important.
And also, look for the red flags of people who may commit the frauds. Generally, there are certain traits that you look for, but people who might live beyond their means or have financial difficulties, close associations with customers and vendors, unwillingness to take vacations or share duties, bullying or intimidating subordinates in their department, the people in sales who only care about the top-line number and not making sure it's a good sale or that you're going to collect on the receivable. Those are things to look for at a minimal level. And that's kind of a daily thing that you can see.
So there are things you can do at both a fraud risk assessment level and then just a day-to-day management of the company.
TE:I guess it seems like in hindsight when you're reviewing what happened in fraud, you look back and what the opportunities were there. It sort of seems like how it could have happened and why it happened.
HK:Right. And what happens a lot of times is you have the trusted employee who's been there for 30 years and you don't think they'll ever do anything wrong. Studies show that most of them won't, but there are the cases where people, something may happen. You don't know what goes on in the four walls of someone's home outside of work that may give them the motivation. They already have the opportunity. All they need is rationalization, and then things can go south.
TE:Hubert, I want to thank you for your time today. And thank you all for listening to this episode of ManuFacts & Perspectives in EisnerAmper's podcast series. Visit eisneramper.com for more information on this and a host of other topics. And join us for our next EisnerAmper podcast.
Transcribed by Rev.com
Also Available On
What's on Your Mind?
Start a conversation with Travis
Receive the latest business insights, analysis, and perspectives from EisnerAmper professionals.