How Are You Preventing Theft In Business And At Work?

I picked up the Saturday edition of the Albany Times Union at about lunchtime that day. I forgot about my soup for a moment as I read the story of the school CFO embezzling over $200,000 from his budget-strapped school, who had also been fired and convicted of a felony for embezzling about $54,000 from his last employer, one of the largest banks in the Albany, NY area, just 8 months before the CFO was hired by the school.

Timeline of the case as outlined by the Times Union article:

October 2009: CFO arrested on a larceny charge from the bank

June 2010: CFO hired as finance director by the school

January 2011: CFO pleads guilty to grand larceny charge by his former employer, the bank

August 2011: CFO named chief operating officer of the school’s foundation

March 2012: State Education Department denies employment clearance for CFO

January 2013: CFO charged with stealing $202,837 from school.

A few more sad facts from the article:

  • The executive director of the foundation said school officials were not aware of the CFO’s criminal history when he was hired in June 2010.
  • The CFO described his separation from the bank as “tense” but did not disclose he had been arrested for embezzlement eight months before he was hired by the school.
  • “I knew that it had not been a smooth separation, but obviously I had no idea that it involved criminal activity on his part,” the executive director said.
  • A state Education Department spokesman said the agency sent written notice of the CFO’s criminal history to the school in March 2012, denying the school’s request to clear the CFO for employment, repeating a similar background check in December 2011.
  • The school never received the Education Department’s letter in March 2012 denying the CFO’s employment clearance. The school suggested that he CFO may have intercepted the documents, which are not in his personnel file.

A cautionary tale for any organization, public or private.  A few poignant yet basic tips follow, in the spirit of preventing similar losses in your organization:

  • When a candidate for any position in your organization describes their separation from their last employer as “tense,” it’s a red flag not to be ignored. If the candidate will not provide proper reference information to confirm or deny that red flag, consider other candidates.
  • Conduct a post-offer, pre-hire criminal and credit background check on those positions responsible for financial and asset controllership in your organization, e.g. the Chief Financial Officer, the Head of HR, the Chief Operating Officer, etc. Even better:  those candidates who proactively give you a heads-up about concerns on their background checks before you request a background check.
  • Consider an annual criminal and credit background check for all employees in controllership roles for your organization to minimize exposure all around.  It’s also an incentive for lawful behavior.  Honest, innocent employees in these roles will understand how this practice protects everyone involved.
  • Does your employment application have language stating that any false or purposely withheld employment-related information will be immediate grounds for termination? (And if you don’t yet have an employment application:  another tidbit to include when you do have an employment application.)
  • Ensure you have “the rule of two,” a.k.a. one-over-one approvals for any disbursement or movement of assets to or from your organization.  No one should have sole authority or access, even the CEO / owner, to keep everyone’s reputation clear.
  • Speaking of access:  keep the circle very small with regard to access to personnel files.  Only the head of HR and a few key HR direct reports should have access to personnel files, which should be kept under lock and key always.  The CEO / owner should keep the head of HR’s personnel file.  No one should have access to their own personnel file without in-person supervision.
  • The head of HR should not report to the CFO; they should report as peers to the owner / CEO to ensure one-over-one controllership of each function.  I suspect that in the case of the school, their CFO oversaw HR, which allowed him access to his personnel file, his background check results and padding his own paycheck.  Again, that’s too much unbridled access and power.

These are just a few starter tips for your organization.  Consider engaging a loss prevention subject-matter expert to audit your potential gaps and recommend the appropriate remediations. It’s certainly cheaper to address your potential loss prevention gaps on the front end than a $250,000 embezzlement hit to your bottom line (and reputation) in business and at work.