Category Archives: Conflict of Interest

The Conflicted Board

Our last post about cyberfraud and business continuity elicited a comment about the vital role of corporate governance from an old colleague of mine now retired and living in Seattle.  But the wider question our commenter had was, ‘What are we as CFEs to make of a company whose Board willfully withholds for months information about a cyberfraud which negatively impacts it customers and the public? From the ethical point of view, does this render the Board somehow complicit in the public harm done?’

Governance of shareholder-controlled corporations refers to the oversight, monitoring, and controlling of a company’s activities and personnel to ensure support of the shareholders’ interests, in accordance with laws and the expectations of stakeholders. Governance has been more formally defined by the Organization for Economic Cooperation and Development (OECD) as a set of relationships between a company’s management, its Board, its shareholders, and other stakeholders. Corporate governance also provides the structure through which the objectives of the company are set (including about ethical continuity), and the means of attaining those objectives and monitoring performance. Good corporate governance should provide proper incentives for the Board and management to pursue objectives that are in the interests of the company and its shareholders and should facilitate effective monitoring.

The role and mandate of the Board of Directors is of paramount importance in the governance framework. Typically, the directors are elected by the shareholders at their annual meeting, which is held to receive the company’s audited annual financial statements and the audit report thereon, as well as the comments of the chairman of the Board, the senior company officers, and the company auditor.

A Board of Directors often divides itself into subcommittees that concentrate more deeply in specific areas than time would allow the whole Board to pursue. These subcommittees are charged with certain actions and/or reviews on behalf of the whole Board, with the proviso that the whole Board must be briefed on major matters and must vote on major decisions. Usually, at least three subcommittees are created to review matters related to (1) governance, (2) compensation, and (3) audit, and to present their recommendations to the full Board. The Governance Committee deals with codes of conduct and company policy, as well as the allocation of duties among the subcommittees of the Board. The Compensation Committee reviews the performance of senior officers, and makes recommendations on the nature and size of salaries, bonuses, and related remuneration plans. Most important to fraud examiners and assurance professionals, the Audit Committee reviews internal controls and systems that generate financial reports prepared by management; the appropriateness of those financial reports; the effectiveness of the company’s internal and external auditors; its whistle-blowing systems, and their findings; and recommends the re-election or not of the company’s external auditors.

The Board must approve the selection of a Chief Executive Officer (CEO), and many Boards are now approving the appointment of the Chief Financial Officer (CFO) as well because of the important of that position. Generally, the CEO appoints other senior executives, and they, in turn, appoint the executives who report to them. Members of these committees are selected for their expertise, interest, and character, with the expectation that the independent judgment of each director will be exercised in the best interest of the company. For example, the ACFE tells us, members of the Audit Committee must be financially literate, and have sufficient expertise to understand audit and financial matters. They must be of independent mind (i.e., not be part of management or be relying upon management for a significant portion of their annual income), and must be prepared to exercise that independence by voting for the interest of all shareholders, not just those of management or of specific limited shareholder groups.

Several behavioral expectations extend to all directors, i.e., to act in the best interest of the company (shareholders & stakeholders), to demonstrate loyalty by exercising independent judgment, acting in good faith, obedient to the interests of all and to demonstrate due care, diligence, and skill.

All directors are expected to demonstrate certain fiduciary duties. Shareholders are relying on directors to serve shareholders’ interests, not the directors’ own interests, nor those of management or a third party. This means that directors must exercise their own independent judgment in the best interests of the shareholders. The directors must do so in good faith (with true purpose, not deceit) on all occasions. They must exercise appropriate skill, diligence, and an expected level of care in all their actions.

Obviously, there will be times when directors will be able to make significant sums of money by misusing the trust with which they have been bestowed and at the expense of the other stakeholders of the company. At these times a director’s interests may conflict with those of the others. Therefore, care must be taken to ensure that such conflicts are disclosed, and that they are managed so that no harm comes to the other shareholders. For example, if a director has an interest in some property or in a company that is being purchased, s/he should disclose this to the other directors and refrain from voting on the acquisition. These actions should alert other directors to the potential self-dealing of the conflicted director, and thereby avoid the non-conflicted directors from being misled into thinking that the conflicted director was acting only with the corporation’s interests in mind.

From time to time, directors may be sued’ by shareholders or third parties who believe that the directors have failed to live up to appropriate expectations. However, courts will not second-guess reasonable decisions by non-conflicted directors that have been taken prudently and on a reasonably informed basis. This is known as the business judgment ru1e and it protects directors charged with breach of their duty of care if they have acted honestly and reasonably. Even if no breach of legal rights has occurred, shareholders may charge that their interests have been ‘oppressed’ (i.e., prejudiced unfairly, or unfairly disregarded) by a corporation or a director’s actions, and courts may grant what is referred to as an oppression remedy of financial compensation or other sanctions against the corporation or the director personally. If, however, the director has not been self-dealing or misappropriating the company’s opportunities, s/he will likely be protected from personal liability by the business judgment rule.

Some shareholders or third parties have chosen to sue directors ‘personally in tort’ for their conduct as directors, even when they have acted in good faith and within the scope of their duties, and when they believed they were acting in the best interests of the corporations they serve.  Recently, courts have held that directors cannot escape such personal liability by simply claiming that they did the action when performing their corporate responsibilities. Consequently, directors or officers must take care when making all decisions that they meet normal standards of behavior.

Consequently, when management and the Board of a company who has been the victim of a cyber-attack decides to withhold information about the attack (sometimes for weeks or months), fundamental questions about compliance with fiduciary standards and ethical duty toward other stakeholders and the public can quickly emerge.   The impact of recent corporate cyber-attack scandals on the public has the potential to change future governance expectations dramatically. Recognition that some of these situations appear to have resulted from management inattention or neglect (the failure to timely patch known software vulnerabilities, for example) has focused attention on just how well a corporation can expect to remediate its public face and ensure ongoing business continuity following such revelations to the public.

My colleague points out that so damaging were the apparently self-protective actions taken by the Boards of some of these victim companies in the wake of several recent attacks to protect their share price, (thereby shielding the interests of existing executives, directors, and investors in the short term) that the credibility of their entire corporate governance and accountability processes has been jeopardized, thus endangering, in some cases, even their ability to continue as viable going concerns.

In summary, in the United States, the Board of Directors sits at the apex of a company’s governing structure. A typical Board’s duties include reviewing the company’s overall business strategy, selecting and compensating the company’s senior executives; evaluating the company’s outside auditor, overseeing the company’s financial statements; and monitoring overall company performance. According to the Business Roundtable, the Board’s ‘paramount duty’ is to safeguard the interests of the company’s shareholders.  It’s fair to ask if a Board that chooses not to reveal to its stakeholders or to the general investor public a potentially devastating cyber-fraud for many months can be said to have meet either the letter or the spirit of its paramount duty.

Public Trust

The current round of congressional hearings involving the secretarial appointments to the Trump administration appear to be raising numerous questions about conflicts of interest and as well as instances involving possible self-interested stock trading on the part of several of the wealthy candidates.  Issues involving self-interest are no less important for assurance professionals like CFE’s, auditors and public accountants than they are for presidential appointees.

The misuse of information for personal interest by an assurance professional can be detrimental to other stakeholders of the client or company involved. For example, the use of information by any professional before others have the right to use such information is unfair and considered unethical. This is the basic problem for anyone who is privy to inside information about a company by virtue of being its auditor or an employee, that is, an insider, to use that information personally or indirectly for any self-interested purpose. To ensure the basic fairness of stock markets so that the public and other non-insiders will wish to enter the market, regulatory bodies like the SEC require management insiders to wait until the information is released to the public before allowing insiders to trade, and then they must disclose these trades so the public will know what’s happened.

The prospect of a rigged game, in which insiders have an unfair advantage, would not be in the public interest or in the interest of the corporations using the market for fund raising in the long run. Insider trading rules also apply to the families of the insider, extending even to those who are not part of the immediate family but for or over whom the insider has an obvious ability to exert influence or extract gain. Some individuals with high-profile jobs in the public service go even further to avoid such conflicts of interest. To be entirely ethical, some politicians have placed their holdings, and those of their dependents, in so-called blind trusts, which are managed by someone else with instructions not to discuss trades or holdings with the politician. The situation for we auditors is somewhat different in that the ownership of shares or financial instruments of a client is forbidden based on the real or potential conflict of interest that would be created. Most auditing firms extend this ban in two ways. First, the ban is applied to the auditor’s family and to persons who would be considered significant dependents or subject to influence. Second, the ban may also apply to any client of the firm, even if that client is serviced through a wholly separate office (for international firms, even in another country) with which the individual professional does not have contact on a normally occurring basis.

Where the ban is relaxed on trading in shares of the firm’s clients for employees not directly involved in the client’s affairs, extreme care is taken through information barriers/firewalls and reporting/scrutiny mechanisms to manage the conflict of interest created. The extent of attention paid to the prevention of insider trading and even to the perception of it is indicative of the alarm with which most firms view its prospect. Confidentiality is the term used to describe keeping confidential information that is proprietary to a client or employer. The release of such information to the public, or to competitors, would have a detrimental effect on the interests of the client, and it would be contrary to the expectations of trust of any fiduciary relationship.

In the case of a fraud examiner, this expectation of trust and privacy is vital to the client’s willingness to discuss difficult issues, which are quite germane to the investigation, to get the opinion of the examiner on how they might be dealt with in court proceedings and even, eventually, in the public eye. In the case of auditors, how frank would the discussion of a contentious contingent liability be if there were a possibility the auditor would reveal the confidence? How could a contentious tax treatment be discussed thoroughly if there was the possibility of a voluntary or involuntary disclosure to the tax collection authorities? It’s therefore argued by the ACFE, the AICPA and others that the maintenance of client confidences is essential to the proper exercise of the audit function, and to the provision of the best advice based on full discussion of possibilities.

There are, however, limits to privacy that some professions have enshrined in their codes of conduct, or where these limits are spelled out in regulatory frameworks. Engineers, for example, must disclose to appropriate public officials when they believe a structure or mechanism is likely to be harmful to the users, as in the potential collapse of a building due to violations of the building code.  In most western countries, money laundering for drugs and terrorism must be reported to financial authorities by banking professionals. For auditors as well there appears to be an increasing focus on their public responsibility and an increasing expectation of action rather than silence. This trade-off between the interests of client, management, public, regulators, the profession, and management promises to be an ever growing conundrum for all professionals in the future. One issue that is not as well understood as is often thought is the consequence of a professional accountant observing strict confidentiality about the malfeasance of his or her employer, and being directed by the professional code to resign if the employer cannot be convinced to change their behavior. This would follow from the codes of conduct that require no disclosure of client/employer confidences except in a court of law or subject to a disciplinary hearing, and at the same time requiring resignation to avoid association with a misrepresentation. In the event of a resignation in silence, the ethical misdeed goes unrecognized by all stakeholders except the perpetrators and the silent professional. How does this protect the interests of the public, the shareholders, or the profession?

It has been suggested, as a topic for discussion, that strict confidentiality codes be modified to allow for the introduction of the possibility of consultation on such matters with officials of the professional’s certifying institute. Perhaps through such confidential dialogue, a means could be found to better judge what needs to be kept confidential, when and how disclosure ought to be made, and how the professional’s and the public’s interests can be protected. For an auditor, the situation is different. When an auditor is discharged, or replaced, the incoming auditor has the right to ask the outgoing auditor (and the client) what the circumstances were that led to the dismissal or resignation. In some jurisdictions, the removed auditor even has the right to address the shareholders at their annual meeting, or by mail, at the expense of the corporation involved.

CFE’s and other assurance professionals of all types are sophisticated enough to know that our professional codes don’t cover every ethical challenge and that investigations and engagements involving potential or suspected insider trading and conflicts of interest are no exception.  We must all, therefore, continue to develop judgement, values and character traits that embrace the public expectations inherent in emerging stakeholder oriented accountability and governance frameworks.

The Flavor of the Month

revolving-doorsUnsurprisingly, given issues raised by the press during the recent presidential election about cabinet candidates and the rapidly revolving door between the private sector and government, conflict of interest is again the fraud flavor of the month among the pundits.  To keep the matter in perspective, these same concerns about appointments are raised to a greater or lesser degree following every presidential election.

The ACFE tells us that a conflict of interest occurs when an employee, manager, or executive has an undisclosed economic or personal interest in a transaction that adversely affects the company, or, in the case of government, his or her office.  As with other corruption cases, conflict schemes involve the exertion of an employee’s influence to the detriment of his or her employing organization.

The clear majority of conflict cases occur because the fraudster has an undisclosed economic interest in a transaction. But the fraudster’s hidden interest is not necessarily economic. In some scenarios, an employee acts in a manner detrimental to his organization to provide a benefit to a friend or relative, even though the fraudster receives no financial benefit from the transaction herself.  A manager might split a large repair project into several smaller projects to avoid bidding requirements. This allows the manager to award the contracts to his brother-in-law. Though there was no indication that the manager received any financial gain from this scheme, his actions nevertheless amount to conflict of interest.

It’s important to emphasize that to be classified as a conflict of interest scheme, the employee’s interest in the transaction must be undisclosed. This is a crucial important point and one that’s often overlooked.  The crux of a conflict case is that the fraudster takes advantage of his employer; the victim company is unaware that its employee has divided loyalties. If an employer knows of the employee’s interest in a business deal or negotiation, there can be no a conflict of interest, no matter how favorable the arrangement is for the employee.

If an employee approves payment on a fraudulent invoice submitted by a vendor in return for a kickback, its bribery. If, on the other hand, an employee approves payment on invoices submitted by his own company (and if his ownership is undisclosed), this is a conflict of interest. The distinction between the two schemes is obvious. In the bribery case the fraudster approves the invoice in return for a kickback, while in a conflicts case he approves the invoice because of his own hidden interest in the vendor. Aside from the employee’s motive for committing the crime, the mechanics of the two transactions are practically identical. The same duality can be found in bid rigging cases, where an employee influences the selection of a company in which she has a hidden interest instead of influencing the selection of a vendor who has bribed her.

The concern voiced in the press and other media is legitimate and justified because there are vast numbers of ways in which an employee (or high level government appointee) can use his or her influence to benefit an organization in which s/he has a hidden or even a disclosed interest.

Purchase schemes and sales schemes are the two most common categories involving conflict of interest. Most conflicts of interest arise when a victim company unwittingly buys something at a high price from a company in which one of its employees has a hidden interest, or unwittingly sells something at a low price to a company in which one of its employees has a hidden interest. Most other conflicts involve employees stealing clients or diverting funds from their employer.

The ACFE says its research indicates that most conflict schemes are over billing schemes.  While it is true that any time an employee assists in the overbilling of his company there is probably some conflict of interest (the employee causes harm to his employer because of a hidden financial interest in the transaction), this does not necessarily mean that every false billing will be categorized as a conflict scheme. For the scheme to be classified as a conflict of interest, the employee (or a friend or relative of the employee) must have an ownership or employment interest in the vendor that submits the invoice. This distinction is easy to understand if we look at the nature of the fraud. Why does the fraudster overbill his employer? If she engages in the scheme only for the cash, the scheme is a fraudulent disbursement billing scheme. If, on the other hand, she seeks to better the financial condition of her business at the expense of her employer, this is a conflict of interest. In other words, the fraudster’s interests lie with a company other than her employer. When an employee falsifies the invoices of a third-party vendor to whom he has no relation, this is not a conflict of interest scheme because the employee has no interest in that vendor. The sole purpose of the scheme is to generate a fraudulent disbursement.

A short rule of thumb can be used to distinguish between over-billing schemes that are classified as asset misappropriations and those that are conflicts of interest: if the bill originates from a real company in which the fraudster has an economic or personal interest, and if the fraudster’s interest in the company is undisclosed to the victim company, then the scheme is a conflict of interest.

Not all conflict schemes occur in the traditional vendor-buyer relationship. Some involve employees negotiating for the purchase of some unique, typically large asset such as land or a building in which the employee had an undisclosed interest. It is in the process of these negotiations that the fraudster violates his duty of loyalty to his employer. Because he stands to profit from the sale of the asset, the employee does not negotiate in good faith to his employer; he does not attempt to get the best price possible. The fraudster will reap a greater financial benefit if the purchase price is high. In a turnaround sale or flip an employee knows his employer is seeking to purchase a certain asset and takes advantage of the situation by purchasing the asset himself (usually in the name of an accomplice or shell company). The fraudster then turns around and resells the item to his employer at an inflated price. A write off of sales scheme involves tampering with the books of the victim company to decrease or write off the amount owed by an employee’s business. For instance, after an employee’s company purchases goods or services from the victim company, credit memos may be issued against the sale, causing it to be written off to contra accounts such as Discounts and Allowances. Many reversing entries to sales may thus be a sign that fraud is occurring in an organization. Finally, some employees divert the funds and other resources of their employers to the development of their own business. While these schemes are clearly corruption schemes, the funds are diverted using a fraudulent disbursement. The money could be drained from the victim company through a check tampering scheme, a billing scheme, a payroll scheme, or an expense reimbursement scheme.

The bottom line is that every management has an obligation to disclose to the shareholder’s significant fraud committed by officers, executives, and others in positions of trust. Management does not have the responsibility of disclosing uncharged criminal conduct of its officers and executives. However, when officers, executives, or other persons in trusted positions become subjects of a criminal indictment, disclosure is required. The inadequate disclosure of conflicts of interests is among the most serious of frauds. Inadequate disclosure of related-party transactions is not limited to any specific industry; it transcends all business types and relationships.

On the detection side, CFE’s continue to point out some of the more tried and true  methods that can be used including tips and complaints, comparisons of vendor addresses with employee addresses, review of vendor ownership files, review of exit interviews, comparisons of vendor addresses to addresses of subsequent employers, and interviews with purchasing personnel for favorable treatment of one or more vendors.

Tone Deaf

tone-deafThe sensational bribery and corruption cases all over the news recently mean that tone at the top as a concept is yet again in the eye of the financial press.   Journalists of every stripe and persuasion opine on its importance as a vital control but always seem to fall short on the specifics of just how the notion can be practically applied and its strength evaluated once implemented.  One of the problems is that there are so many facile definitions of the concept in popular use.  The one I like the most is one of the simplest declaring it to be the message, the attitude and the ethical culture the board of directors and upper management disseminate throughout the organization. It’s best described as the consistency among statements, assertions and explanations of the management and its actions. In summary, tone at the top is seen by some as a part of and by others as equal to the internal control environment.

The rub comes in because tone at the top is not only far more complicated than the above definition would lead a casual reader of trade press articles to believe, but also because its invisible to the standard tests of an outside auditor or fraud examiner. So a baseline would be a valuable addition not only for fraud examiners and financial auditors, but also for all types of assurance professionals.

To determine a baseline, one first needs to define the different aspects of the target concept. Thus, a baseline might provide reviewers with a starting point to begin improving their analyses of tone at the top. ACFE studies of hundreds of companies tell us that an enriched tone at the top can not only prevent fraud through its implementation of a well-functioning internal control system, but can also have a positive impact on the financial results of an organization. Organizations with an effective corporate governance policy just perform better than those that don’t. In my own practice as an auditor and fraud examiner, I’ve found COSO’s Enterprise Risk Management (ERM) a useful framework to use in the actual practice of evaluating the effectiveness of internal controls (including tone at the top) during fraud risk assessments.

Tone at the top is based on two schools of thought in management literature: the corporate governance school and the management control systems (MCS) school. These schools of thought share three fundamental theories: the agency theory, the transaction cost economics theory and the stakeholder theory. The agency theory views an organization as a nexus of contracts. Separation of ownership and control is essential for this theory.  The agent (the manager) is in control of the organization; however, he or she does not own the organization; the organization is owned by the principal (stakeholders).  Measures (i.e., corporate governance) need to be taken to ensure that the agent will strive to achieve the goals of the principal.

Transaction cost economics (TCE) is based on the concepts of bounded rationality and of homo economicus: a person chooses the best option based on the available information.  TCF aims to explain how firms are formed.  Firms are created to minimize transaction costs.  The domain of TCE has proven useful to explain management control structures.  The performance evaluation needs to be behavioral based, with non-financial subjective measures.  Output controls are low with TCE.  Individual contributions to the organization (individual performance) are analyzed as the outcomes of contracts between the employer and the employee.

The stakeholder theory is based on the belief that besides shareholders, there are others with interest in the organization.  Corporate governance should not only solve conflicts between management and shareholders but also between the organization and other stakeholders.  Tone at the top represents a form of cultural control to the MCS school.  Cultural controls stimulate employees to monitor and stimulate each other’s behavior.  Cultural controls rely on group pressure; if a person deviates from the group’s values, the group will put the person under pressure to convert him or her back to the dominant values.  Cultural controls are usually translated in corporate governance codes.  Corporate governance codes are mainly formulated to prevent/minimize fraudulent activities in organizations by means of internal control.  Five methods of cultural controls, namely code of conduct, group rewards, transfers, physical and social controls, and tone at the top have been identified.

Tone at the top forms an important part of corporate governance codes.  Management behavior should coincide with the culture it tries to form; managers fulfill an example function. An important factor is implementing and operating a whistleblower policy; if staff at any level observes fraudulent activities they can report them and be protected against possible retaliation.

Each of our above theories concludes that an organization needs to have a corporate governance code to minimize transaction cost, manage stakeholder interest and, thereby, increase shareholder value.  However, recent well publicized corruption cases have led to calls in the popular press for a more formal approach.  So, what might such a formal, COSO based, approach look like?

First, management and the CEO need to demonstrate inspiring leadership, set the right ethical example and focus on people skills. They also need to display integrity.  Their risk awareness, actions and messages need to coincide with the dominant culture.  It is also important for managements to formally commit to competence.

As to culture, an independent and active risk culture is necessary for tone at the top to be successful.  Also, employees need to be empowered to make the right decisions.  The reward systems and the culture need to reward desired behavior and be compliant with the norms.  In the event of something going wrong despite these cultural aspects, there needs to be an effective policy present to protect whistleblowers.

Finally, the risk appetite should be linked to the strategy.  The supervisory board needs to be independent, active and involved.  Responsibilities need to be defined, and management needs to receive adequate information.

All three of the above aspects are an integral part of what the experts currently define as tone at the top.  According to the ACFE, tone at the top can assist in averting fraud throughout every level of an organization. It’s, therefore, necessary to include its assessment in the scope of the fraud examiners fraud risk assessment and to formally schedule its periodic re-evaluation.

The Joker in the Pack

joker

Register Today for Investigating on the InternetMay 18-19 2016 RVACFES Seminar!

Suddenly everyone in the news, even presidential candidates, seems to be accusing someone else of a conflict of interest.  It may be that an exact definition would be helpful in clearing the air and clarifying matters a little so as to identify the real joker in the corporate pack.  From a fraud examiner’s point of view, just what exactly constitutes a conflict of interest?  According to the ACFE a conflict of interest occurs when an employee, manager, or executive has an undisclosed economic or personal interest in a transaction that adversely affects the company. Unaware that its employee has divided loyalties, the company is taken advantage of by the fraudster. As with other corruption cases, in a conflict of interest scheme an employee exerts his influence to the company’s detriment. In many cases, the fraudster does not benefit economically; instead, he uses his influence for the benefit of a friend or relative.

Motive is the difference between a bribery scheme and a conflict of interest scheme. For instance, if an employee approves payment on a fraudulent invoice submitted by a vendor in return for a kickback, this is bribery. On the other hand, if an employee approves payment on invoices submitted by his own company – a real company, not a shell company – this is a conflict of interest. In the bribery case, the perpetrator receives a kickback. In the conflict of interest case, the perpetrator has a hidden interest in the vendor. Similarly, in a bid-rigging case, an employee influences the selection of a company for which he has a hidden interest, rather than influencing selection of a vendor who has bribed him.

However, many conflict of interest schemes do not mirror bribery or bid-rigging schemes. An employee can use her influence to benefit a company in which she has a hidden interest. Any way in which a fraudster exerts his influence to divert business to his hidden interest company is considered to be a conflict of interest. In a purchasing conflict of interest scheme, an employee purchases goods or services from a company in which he has a hidden interest, resulting in purchases that are typically either overbilled or unnecessary. Employees in purchasing who have access to bidding information determine the bid amounts from other vendors, then pass this inside information to their hidden interest company so it will be better equipped to win the contract. Perpetrators also use bid waivers to avoid a competitive bid process in order to award a contract to their hidden interest company. Or, a fraudster could ignore his employer’s purchasing rotation and direct an inordinate number of purchases or contracts to his hidden interest company. Some fraudsters engage in what is known as a turnaround sale or flip whereby an employee personally purchases goods he or she knows the employer needs, and then sells them to the employer at an inflated price.

Two types of conflict schemes are associated with the victim company’s sales. The first, and most harmful scheme, involves under-billing a vendor in which the perpetrator has a hidden interest. The victim company ends up selling its goods or services below fair market value, which results in a diminished profit margin or loss on the sale, depending upon the size of the discount. The other type of sales scheme involves tampering with the books of the victim company to decrease or write off the amount owed by the employee’s business. For instance, after an employee’s company purchases goods or services from the victim company, credit memos may be issued against the sale, causing it to be written off to contra accounts such as discounts and allowances. In other cases, the perpetrator might not write off the sale but simply delay billing. This delaying tactic is sometimes done as a “favor” to a friendly client, and not considered an outright attempt to avoid paying the bill. The victim company eventually gets paid, but loses the use of the money and the interest that might have been earned on the payment.

In a client diversion scheme, an employee starts his own business and competes directly with his employer. While still employed by the victim company, the employee diverts clients to his own business. In a resource diversion scheme, an employer’s funds and other resources are diverted to the development of an employee’s personal business. A fraudster obtains the resources using a check tampering, billing, payroll, expense reimbursement, or one of the other asset misappropriation schemes discussed so often in this blog. With the exception of the fraudster’s motives, conflict of interest schemes are similar to other asset misappropriation frauds; they are concealed and converted in the same way. In other words, if the fraudster uses a check tampering fraud to commit a conflict of interest crime, then the employee would conceal and convert using the same techniques employed in check tampering frauds. The fraudster can also convert the misuse of influence into personal gain by profiting from the growth or earnings of a hidden interest company.

So what are the red flags? Many of the red flags associated with other fraud schemes also point to a conflict of interest scheme. For instance, while a particular red flag might suggest an employee is committing a fraudulent disbursement scheme, a conflict of interest problem might exist as well. In addition, certain red flags pertain directly to conflict of interest schemes. The following point to some of the warning signs that an employee could have a conflict of interest; the absence of clear company policies regarding an employee’s disclosure of outside interests and the commitment expected of the employee to act in the company’s best interests. Likewise, complaints, especially if they are frequent or in sales and purchasing. If a particular vendor is being favored, then competing vendors might file complaints. In addition, employee complaints about the substandard service of a favored vendor may lead to the discovery of a conflict of interest. And finally, a large number of reversals to sales entries.

The ACFE recommends that CFE’s consider proposing the following techniques and procedures to our clients to help prevent and detect conflict of interest schemes …

–Create company policies to directly address conflict of interest issues. Outline the responsibilities of employees to disclose all outside interests that might conflict with the interests of the company. Make sure that employees and vendors are aware of the company’s policies concerning conflicts of interests. Require employees to complete an annual disclosure statement; this may reveal potential conflicts of interest.

–Provide vendors with a direct line to complain about unfair practices, and keep a descriptive log of vendor complaints. Review the log regularly to identify patterns that might point to a fraud scheme. Also, devise a way for employees to discreetly let the company know of suspicious activities.

–Compare vendor addresses with employee addresses, and look for vendors whose addresses are listed as post office boxes. This is the same investigative technique used to locate bogus vendors.

–Review vendor ownership files. When a vendor is chosen, a complete file of vendor ownership should be maintained. If the vendor is required to update the file annually, then changes in ownership also will be disclosed. A comparison of vendor ownership and employee files may reveal conflicts of interest.

–When an employee leaves the company, compare the address of his new employer to vendor addresses. If there is a match, a possible conflict of interest may have existed.

–Interview purchasing personnel. Employees are generally the first to observe that a vendor is receiving favorable treatment. Ask employees if particular vendors are receiving favorable treatment; this may uncover conflicts of interest that would otherwise go unnoticed.