Health risks stemming from the Covid-19 pandemic make headlines every day. The pandemic has resulted in shuttered businesses as people shelter-in-place to avoid contracting or spreading the virus. Unemployment is expected to reach record levels over the next few months and the death rate is expected to climb.

In addition to health threats and loss of jobs, you can expect to see a sharp uptick in the number of embezzlement and employee theft cases discovered in the coming months. Why? Because business owners take a closer look at their books when revenue is down, and that is when they discover that a trusted employee has helped herself to their assets.

In addition to discovering historical losses and thefts, businesses that remain open during the pandemic are at greater risk of employee theft. Employee morale is down and employees are under greater financial pressure when family members lose jobs and benefits, retirement funds shrink, home values decline, and gas and food prices rise or become scarce.

There are too few employees involved in the accounting process in small businesses to properly segregate duties to prevent theft, even when times are good. Layoffs tend to leave gaps in control procedures and systems in both large and small entities. Businesses that remain open focus on getting product out the door, restocking shelves, taking care of patients, and generally getting the work done, which means less attention is paid to how the accounting work gets done. This creates opportunities for aspiring embezzlers.

Recent media coverage exemplifies headlines we will see in coming months: Six employees from a Mississippi welfare agency were charged with embezzling millions to pay personal expenses and drug rehab costs for a WWE wrestler.[1]  The head of a Louisiana charity pled guilty to stealing more than $550,000 for his personal use.[2] An employee of an Idaho hospital system pled guilty to stealing $1.5 million from the system’s Festival of Trees fundraiser.[3]

An Anchorage woman was sentenced for stealing over $640,000 from a medical practice. The perpetrator owned an independent bookkeeping service that worked with the medical practice for almost 20 years. She withdrew funds from the practice’s profit-sharing plan despite not being an employee of the practice, paid her personal credit cards as well as those of her husband and daughter, and paid for Internet, cell phone, car insurance and other expenses for her family and her business.[4]

This case represents key elements typical of embezzlement:

  • The alleged perpetrator was a trusted, long term contractor/employee. She had provided services to the medical practice for almost 20 years and had broad authority over financial records.
  • Fraud schemes go on for a long time. Her fraud was traced back 12 years. Median duration of fraud schemes as reported by the Association of Certified Fraud Examiners is 16 months.[5]

A risk management rule of thumb is that 10% of employees will never steal, 10% will always steal and the remaining 80% will steal under the right circumstances. What circumstances?

Dr. Donald R. Cressy’s Fraud Triangle theory suggests trusted employees steal when they (1) have a perceived, non-sharable need or pressure for money, (2) are able to rationalize the act (e.g., “just borrowing” or “I’m underpaid”), and (3) have the opportunity to secretly resolve their financial dilemma.[6]

During economic downturns, there is more pressure and opportunity and it’s easier to rationalize, so it’s clear how and why a turbulent economy and rampant uncertainty leave businesses vulnerable to employee theft.

In summary 80% of your employees will commit fraud if they are under financial pressure, find a way to rationalize it and see an opportunity to steal with little risk of getting caught. Which one of your employees is not under financial pressure during a recession? Many fraudsters tell themselves they will just borrow money, but they stop short of developing a workable plan to actually pay it back.

Rationalization is easier in tough economic times. Opportunity is a given in a workplace where few people are involved in the accounting process and/or oversight is lax. Many business owners and managers do not realize how easy it is for enterprising employees with little oversight to skim cash, convert checks and otherwise shift money to themselves. And they are often first-time offenders, so reference checks and background screening, though valuable, are not reliable risk management tools in and of themselves.

Embezzlement schemes often come to light by accident or by tip: the bookkeeper gets sick and someone else takes a phone call that leads to evidence of fraud, an auto dealer mentions to a local physician that his office manager just paid cash for a new car, a long-term donor expresses surprise that she was asked to donate to the hospital’s foundation when she recently did so.

The Association of Certified Fraud Examiners (ACFE) estimates that 5% of revenue is lost to occupational fraud in the U.S. each year. The median loss in the 2018 study was $108,000, but the loss was almost twice as high for smaller businesses, attributed in part to less stringent internal controls.

All businesses can and should conduct a cost-benefit analysis of risk: identify vulnerable areas and take steps to improve internal controls to prevent, detect and deter employee theft. You can never completely prevent fraud, but you can and should mitigate the risk.

  • Check the “tone at the top”. Do you have a code of conduct based on your entity’s core values identifying how employees should seek additional advice when faced with uncertain ethical decisions and how to communicate concerns about known or potential wrongdoing? Is the code of conduct presented to and discussed with employees when hired and at least annually thereafter? Do business owners and senior managers exemplify the entity’s core values and code of conduct? If not, your organization could join HealthSouth and Wells Fargo as a poster child for how not to set the tone at the top.
  • Many fraud schemes are caught by tip, so make sure your employees know how to report suspected abuses. If you don’t have an anonymous hotline, let employees know who to contact and how, and assure them you will maintain confidentiality to the degree possible. Educate employees that fraud hurts everyone and can lead to lower pay rates, job cuts and loss of benefits to all employees if it goes unreported.
  • Perform a risk assessment to determine how and where your entity is vulnerable. Risk assessments should be done annually or anytime an entity undergoes a change that can affect internal controls, such as sick leave of a key person, adding employees, downsizing, significant growth and the like. For a small entity, if one person receives mail, prepares the deposit, posts receipts to the general ledger and reconciles the bank statement, there is a significant risk of skimming and cash larceny schemes. It isn’t necessary to hire another person in order to better segregate duties; routine oversight done properly can reduce your risk significantly. If you don’t know how to provide oversight or don’t have time to improve controls and monitor your employees, get help! Some local CPA firms and consultants specialize in fraud deterrence.
  • Provide oversight frequently and thoroughly. Random or surprise audits are one of the best deterrents to employee theft. Employees under financial pressure will take advantage of an opportunity to steal if they believe there is little risk of being discovered. Many frauds start small but grow dramatically over time; perpetrators get greedy when there is easy cash on the table. If employees in financial straits know someone is watching the books, bank reconciliations and supporting documentation of transactions, they will be far less likely to turn to theft to resolve their financial problems.
  • Fraud perpetrators are typically first-time offenders. Reference and background checks are excellent practices but don’t necessarily mitigate the risk of employee theft. Perform credit checks on employees in your accounting department, where most fraud schemes originate, and for other key positions such as top accounting staff, foundation employees, administrators, office managers. Do so at hire and periodically thereafter and follow the advice of your attorney.
  • Segregate duties to the degree possible so no one person controls all aspects of a transaction. Small entities with one or two people performing accounting should develop compensating controls such as surprise or random audits and regular oversight. For example, an owner or board member should receive bank statements and cancelled checks directly from the bank and carefully review signatures and endorsements on the cancelled checks and transfers on the bank statement.
  • Create a perception of detection by conducting random audits, monitoring and asking questions. Employees need to know their work is being scrutinized so gaps in internal controls will not be interpreted as an opportunity to steal. If you do not have an internal audit department, ask a local CPA or consultant to conduct some surprise testing of your controls and make sure employees know this will be done routinely.
  • Beware the employee who refuses to share duties; this is a behavioral red flag for fraud. Require employees to take vacations, especially in purchasing and accounting departments, and make sure someone else performs the job duties of the person on vacation. Doing so mitigates the risk of fraud and has the added benefit of assuring employees are cross trained for key duties.
  • External audits are not an internal control! In the ACFE study, 69% of victim organizations had an external audit during the time the fraud occurred.[7]

Enterprising employees can easily skim cash, convert checks and otherwise shift money to themselves. Protect your organization during tough economic times and you will enjoy ongoing benefits when the economy recovers.


Denise McClure, CPA, CFE, President, Averti Solutions, LLC, specializing in litigation support, investigation, and fraud risk management. Contact her at Denise@AvertiSolutions.com or 208.989.2245.


[1] Former Mississippi Welfare Director Charged with Embezzling Millions, NY Times February 5, 2020
[2] Head of Charity Pleads Guilty in Embezzlement Case, US News & World Report, June 20, 2019
[3] Former Employee Admits to Stealing Nearly $1.5 Million from Saint Alphonsus, KTVB7 November 14, 2019
[4] https://www.ktva.com/story/40239807/anchorage-woman-gets-4-years-in-dollar640k-embezzlement-case
[5] 2018 Report to the Nations on Occupational Fraud & Abuse, Association of Certified Fraud Examiners, www.acfe.com.
[6] Donald R. Cressy theory as reported in Corporate Fraud Handbook, 2nd edition, Joseph T. Wells, 2007, John Wiley & Sons.
[7] 2018 Report to the Nations on Occupational Fraud & Abuse, Association of Certified Fraud Examiners, www.acfe.com.