Research Article: 2018 Vol: 22 Issue: 2
Liz Mulig, University of Dallas
Management Oversight, Fraud, Privately Held Mid-Sized Companies, Family Owned Mid-Sized Companies.
The Scene of the Crime
Collin Street Bakery (CSB) was founded by entrepreneurs Gus Weidmann and Tom McElwee in 1896. In business for over 115 years, the company is privately held and is family owned and operated. Famous for their DeLuxe Fruitcake, the bakery’s historic production plant location, which is still an operating bakery and a store, is located in downtown Corsicana, Texas. They also have four retail stores with restaurants along Texas interstates. These retail stores were added to the historic location in the 10 years from approximately 2003-2013 (Collin Street Bakery, n.d.b).
In addition to the five stores, CSB was a founding (and current) partner of Navarro Pecan Company, the world’s largest pecan shelling facility and they also own a working organic pineapple plantation in Costa Rica, said to be the world largest of its kind (Collin Street Bakery, n.d.a).
Their products, predominately the fruitcake for which they are famous, are shipped to 196 countries and estimates indicate $50 million or more in annual revenue (Manta, n.d.; Incfaq, n.d.).
From 2005 to 2013, the controller of CSB perpetrated fraud against the company. Another employee discovered and reported the fraud in 2013. This study explores the nature of the acts carried out by the controller and the management shortcomings that allowed this fraud to be perpetrated, without detection, over an eight-year period.
The Fraud Triangle
Fraud is deception intended to result in gain to the person or persons perpetrating the fraud. This gain can be and often is, financial in nature. Donald Cressey, a famous criminologist, postulated in a November 1951 Journal of Accountancy article that for embezzlement to occur, “there must be: 1) A non-sharable problem, 2) An opportunity for trust violation and 3) A set of rationalizations that define the behaviour as appropriate in a given situation”. He suggested that none of these elements alone would be sufficient to result in embezzlement; instead, all three elements must be present.
Edwin Sutherland, an American sociologist best known for defining white-collar crime (Sutherland, 1940) mentored Cressey as he was working on his PhD in criminology, where Cressey researched embezzlement behaviour. He interviewed inmates serving time for white-collar offenses in the Illinois State Penitentiary and noted common characteristics among them. He hypothesized three criteria for the criminal violation of trust that these individuals exhibited. (1) A non-sharable financial problem, (2) knowledge of how some specific organization worked and the opportunity to violate a position of trust and (3) the ability to adjust their perception of themselves so that they don’t see themselves as exhibiting criminal behaviour (Cressey, 1950 & 1953). He hypothesized three criteria for criminal violations of trust:
1. Perceived Pressure;
2. Perceived Opportunity;
3. Rationalization.
Perceived pressure, whatever it is, causes the motive for the crime. The fraudsters don’t want to share the problem because there would be social stigma attached to having such a problem. They also may be too proud to ask for help (Dorminey et al., 2012).
Perceived opportunity is the belief that there are not good controls in place and the chance of being caught is slim. So, the person believes they can commit the fraud and probably not get caught.
Cressey noted that they fraudsters are able to rationalize their actions and justify them in their minds, by thinking of their situation as special and not that they are violating a trust (Cressey, 1950 & 1953). They want to remain in their moral comfort zone, so they reconcile in their minds, before even their first fraudulent act, the inconsistency between what is right and what they are about to do (Ramamoorti, 2008). Once they rationalize this to themselves, then they can proceed without worrying about being out of their comfort zone.
Further research, funded by KPMG in 1979, studied fraud and how it could be detected. This study agreed with Cressey on the forces of fraud being situational but concluded that they didn’t need to be non-sharable but were instead “immediate pressures that individuals experience within their environments” (Albrecht & Albrecht, 1982; Albrecht, 2014).
Albrecht (2014) labelled the three forces that combine to produce a fraudulent act as:
1. Situational pressures
2. Opportunities to commit fraud
3. Personal integrity (character)
Albrecht, like Cressey, further posited that the same three elements are always present with any type compromise, whether it is fraud or some other type compromise: Perceived Pressure, Perceived Opportunity and Rationalization. He called this “The Compromise Triangle”. Most of the extensive financial literature on the topic simply refers to it as “the Fraud Triangle” and uses pressure, rationalization and opportunity as the defining components.
Albrecht’s research on fraudster motivations let to the development of his fraud scale. According to Albrecht, the following are the top characteristics of organizations that are victimized by fraud:
1. Placing too much trust in key employees;
2. Lack of proper procedures for authorization of transactions;
3. Inadequate disclosures of personal investments and incomes;
4. No separation of authorization of transactions from the custody of related assets; and
5. Lack of independent checks on performance (Kranacher et al., 2011).
Houdek (2017) discusses the application of the fraud triangle to the behaviour of professionals in many fields. He puts forth that evidence supports that, even in fields where there are generally more altruistic persons, the fraud triangle is a good predictor of unethical behaviour.
The fraud triangle considers that individuals are acting alone, not in concert with others. Dorminey et al. (2010) assert that the fraud triangle is therefore not a good assessment tool for fraud that is perpetrated through collusion and, according to the ACFE (2016), the more fraudsters involved in a scheme, the higher the losses usually are.
The fraud triangle has been the subject of much research since the concept was first introduced by Edwin Sutherland (1939). The findings of these research efforts form the basis for the fraud triangle being an essential part of SAS No. 99 (AICPA, 2002) which states that three conditions generally are present when fraud occurs. The conditions stated are that management (or employees) have an incentive or a pressure that gives them reason to commit fraud; they are in a position (whether through lack of controls or otherwise) that provides the opportunity to commit fraud; and they are able to rationalize committing the fraud.
Management Oversight in Accounting
More occupational frauds originate in accounting than any other business unit (ACFE, 2016). In order to proactively guard against the perpetration of fraud, management should have controls in place. These internal control procedures are imperative for preventing and detecting fraud. Specifically, for effective management oversight, the following three types of controls should be employed:
1. Preventive
2. Detective
3. Corrective
Preventive controls are established to assure that a certain type activity never takes place. These type controls include having multiple signatures required on large checks and proper separation of duties. With diligent adherence to preventive controls, wrongdoing can be recognized and stopped by employees whose input is required in the process. Numerous studies have shown that the failure to establish a proper segregation of duties has enabled fraud to be committed (Buckhoff, 2002; MacArthur et al., 2004).
In a system of well implemented controls, there are detective methods in place to catch those items which get past the preventive controls. Detective controls include regular bank reconciliations by someone outside the accounts payable area. Audits, both surprise and scheduled in nature, are also detective controls.
Small to medium sized companies may lack personnel to have a properly implemented effective segregation of duties. However, management can cover for this through oversight and review. Proper management oversight would include reviewing transaction reports, checking reconciliations of general ledger and subsidiary accounts and bank accounts and taking periodic counts of inventory and other assets (Hardesty, 2008).
One detective control which is very inexpensive to implement is a system for reporting by whistle-blowers. Boatright (2000) defines whistleblowing as "the voluntary release of non-public information, as a moral protest, by a member or former member of an organization outside the normal channels of communication to an appropriate audience about illegal and/or immoral conduct in the organization or conduct in the organization that is opposed in some significant way to the public interest". Rufus (2004) notes that companies should have open cultures which encourage whistleblowing for employees who have reasonable concerns and that a confidential hotline can be a valuable outlet for these employees.
The Report to the Nations on Occupational Fraud and Abuse, a study by the Association of Certified Fraud Examiners (ACFE) has shown consistently that whistle-blower reports are a valuable source for discovering workplace fraud. The 2006 report stated that almost half of fraud cases that involved executives and owners were brought to light by these type tips. The same trend, of initial detection of fraud schemes being mainly through tips, continued in the more recent ACFE reports in 2012, 2014 and 2016. In 2016 report, tips were again the most common detection method (by a large margin). In fact, tips accounted for 39.1% of the initial detections.
In a normal, well thought out system of controls, corrective controls are in place to address any items which make it through the preventive controls and are discovered by the detective control process.
Are Private, Family Run Companies More Susceptible to Fraud?
Public companies are mandated to have strong systems of internal controls. These controls are required by both the Foreign Corrupt Practices Act of 1977, as amended (the FCPA) and the Sarbanes Oxley Act (2002). To help insure that the internal controls are adhered to, many medium-to large public companies employ internal auditors. They also are required to have external auditors issue opinions on their financial statements, which is another form of control.
Private, family run companies, though, do not have the same requirements placed on them for a system of internal controls. They are also not subject to review of their controls by any governing body. As a result, they are often found to be lacking in these very important management oversight functions. Unfortunately, the lack of management oversight in the accounting area of these non-public companies, especially small- to mid-sized ones, often leads to fraud-related losses. In fact, disproportionately large losses are often suffered by these small-to medium sized companies, due to several common factors (Wells, 2004; Ochs, 2007). Companies in this size range often think that fraud simply will not happen to them. There also is a much higher level of trust among employees at smaller businesses, where employees often know each other personally, perhaps even socializing outside of work, so they are not as diligent in thinking about the possibility of fraud occurring.
According to the ACFE 2016 Report to the Nations, medium sized businesses with 100-999 employees had the highest median loss to fraud. Small organizations suffered median losses in the same amount as large organizations, amounts which are likely to impact a smaller organization in a much greater fashion.
Small-to mid-sized private companies frequently do not proactively look for wrongdoing. They often have no internal audit staff, do not hire external auditors and do not have enough segregation of duties. In addition, only about 25.7% of small companies have any kind of whistle-blower hotline (ACFE, 2016). With no little or no prevention efforts, fraud occurs and, with little or no detection efforts, the fraud goes undetected.
The accounting fraud in this study occurred in the mid-sized, family owned and operated, privately held, Collin Street Bakery (CSB), home of the DeLuxe Fruitcake. The study examines the management shortcomings that allowed the fraud to be perpetrated over an eight-year period without detection. How the fraud was carried out and how the fraudster was able to continue to perpetrate the fraud for this extended period, amassing a total amount of over $16 million. The author also addresses how and why management oversight failed in this particular situation.
The Fraud
From 2005-2013, the controller of CSB, Sandy Jenkins, carried out fraud against his employer. The fraud was perpetrated through the Accounts Payable system. Over the eight-year timespan, 888 fraudulent checks were issued, with the funds going to the controller himself or to pay his personal accounts (Former Executive at Collin Street Bakery, 2014).
Sandy Jenkins was employed as controller of CSB from 1998 until 2013, when his fraudulent activities were discovered. He was 64 years of age at the time of discovery and his annual salary was $50,000. Mr. Jenkins was in charge of accounts payable at the company, where many sizable payments were made. Large payments included those for nuts used in the company’s products, for postage fees for the large number of DeLuxe fruitcakes shipped all over the world each year and also for promotional material mailings (Shlachter, 2014).
In the beginning, Mr. Jenkins perpetrated fraud by using the company’s petty cash for his own expenses. He took at least $114,000 before starting is check-writing embezzlement scheme. Later, though, he began a scheme that would net much more money for him, via the CSB accounts payable system. The fraud resulted in losses to the bakery of about $16,649,786 (Former Executive at Collin Street Bakery, 2014).
The basic steps that Jenkins used to secure the funds in his own name were as follows. He first wrote checks to vendors and recorded them in the accounting records with no invoice numbers, using the aforementioned nut and postal vendor accounts. He would then void the checks, but not the accounting and would write checks in the same amounts to himself or to his credit card company (How Sandy Jenkins Embezzled, 2016).
Over the course of the eight years, with Mr. Jenkins newfound “income,” he and his wife Kay lived a very lavish lifestyle. The FBI estimated that they spent close to $250,000 per month and his American Express Black card payment was $100,000 per month (Jacobs, 2013b). They bought cars, clothes, a grand piano, two homes, wine, watches and jewellery. Their personal shopper at Neiman Marcus call them Fruitcake (for Mr. Jenkins) and Cupcake (for his wife Kay.) She said they bought so much that she ran out of things to sell to them (Vine, 2016).
The embezzlement scheme carried out by Jenkins against his employer exhibits all three elements of the classic fraud (compromise) triangle:
1. Mr. Jenkins had the perceived pressure of supporting a lavish lifestyle.
2. He had the perceived opportunity to commit the fraud, as he was in charge of accounts payable and there was no management oversight.
3. The rationalization element no doubt existed as well. He was the controller of an extremely successful company, in charge of very large cash accounts and had worked his way up to making a salary of only $50,000 annually.
The Fall of the Fraudster
For eight years, Mr. Jenkins continued to perpetrate accounts payable fraud against his employer. To explain some of his lavish habits, he claimed to have a cousin who loaned him a private jet and cars. He fended off questions from management about high shipping costs, saying he would look into it and then reporting that all looked to be in order. Management accepted Jenkins’s explanations without any further investigation on their part. They did not understand why profits were not higher, but they assumed it was due to the costs of the new brick and mortar storefront locations, mismanagement or inventory theft (Vine, 2016). Hayden Crawford, a bakery partner and its marketing chief, said the embezzlement was just enough to skim profits but not “deep enough to hurt the business and raise immediate red flags” (Shlachter, 2014).
In 2013, a former bank teller who had come to work for CSB noticed that something was amiss. She saw a voided check to Capital One, with whom the company had no accounts. She asked Jenkins about it and he brushed her off, saying he would correct the error. She decided to investigate further (How Sandy Jenkins Embezzled, 2016). When she discovered other discrepancies as well, she went to senior management with her findings and told them that she feared for her life (Jacobs, 2013a).
After the clerk approached management, Jenkins was questioned and fired. The FBI was called in since mail fraud and money laundering, both crimes that Jenkins was charged with, are federal offenses. The FBI then claimed the assets of Jenkins and his wife, Kay. However, the couple ran with items they could carry, asking first a daughter to hold them (she refused) and then tossing them into a lake (Vine, 2016).
Some of the specific assets seized by the FBI, showing proof of the lavish lifestyle Jenkins supported with his ill-gotten gains, included:
1. The couple's mansion in Corsicana, Texas and a villa in Santa Fe, New Mexico.
2. 596-bottle wine collection.
3. $2,500 Waterford Crystal 12 Days of Christmas ice bucket.
4. $10,000 Sex in the City 2 ring with a five-carat black diamond.
5. Louis Vuitton luggage, Hermes handbag and other designer purses.
6. $60,000 Steinway piano.
7. Four fur coats including a $15,000 mink fur coat and a reversible mink and leather bomber jacket.
8. Luxury cars including a BMW X53, a Lexus, a Mercedes-Benz CL500 and a GMS Yukon XL Denali.
9. Watches (numbering 108), including a men’s Patek Philippe 18 carat rose gold 40mm Aquanaut watch.
10. A collection of Van Cleef & Arpels jewellery and more than 80 bracelets and necklaces and 53 rings (Shlachter, 2014).
A Grand Jury indictment charged Sandy Jenkins with 10 counts of mail fraud and three counts of money laundering. He and his wife Kay Jenkins were also each charged with one count of conspiracy to commit money laundering; six counts of money laundering and aiding and abetting; and two counts of making a false statement to a financial institution. The false statement to the financial institution was in connection with the monthly income amount that they submitted while they were getting a mortgage to buy the residence in Santa Fe (Grand Jury Indicts Wife, 2014).
Why was this Individual able to Perpetrate the Fraud for so Long?
Despite concerns about costs and about profit being lower than expected, upper management did not review accounts payable checks, nor were audits performed. In fact, according to the FBI, the bakery’s books had not been audited in the entire time Jenkins had worked for the company (Shlachter, 2014).
For eight years, Sandy Jenkins successfully lived lavishly off funds received fraudulently from his employer, quite simply because there were no controls implemented by the management of the company. Management oversight of the accounts payable function was basically non-existent. After the fraud was discovered, management said that they ran their business on trust (Jacobs, 2013a).
In order to proactively guard against the perpetration of fraud, a company should have preventive, detective and corrective controls. CSB had none of these.
Preventive controls, if established and adhered to, would likely have assured that the petty case and accounts payable fraudulent activities at CSB would never have taken place. In this situation, preventive controls would have included proper separation of duties and multiple signatures required on large checks. Had these controls been in place, employees whose input was required in the process and upper management, who would have had to review the checks, would have had a mechanism to help them prevent the fraud from ever occurring. CSB management, though, did not have preventive controls in place.
In a system of well implemented controls, there are also detective methods set up to catch those items which get past the preventive controls. Had CSB established detective controls, such as regular bank reconciliations by someone outside the accounts payable area and audits, both surprise and scheduled in nature, the fraud could have been detected much earlier, if it somehow made it past the preventive controls. CSB management, though, did not have detective controls in place.
In well planned, effective system of controls, corrective controls are in place to address any items which make it through the preventive controls and are discovered by the detective control process. However, since CSB management had neither preventive nor detective controls, no changes or corrections were made to the processes. This enabled Jenkins to continue his fraudulent activities for eight years, amassing a total embezzlement amount of over $16 million.
Sentencing
In May 2014, Jenkins pled guilty to one count of mail fraud, one count of conspiracy to commit money laundering and one count of making a false statement to a financial institution. A year later, in May 2015, Kay pled guilty to one count of conspiracy to commit money laundering. In September 2015, both Jenkins and his wife received their sentences. Jenkins was sentenced to serve a total of 120 months in federal prison. Mrs. Jenkins was sentenced to five years’ probation. She was further ordered to complete 100 hours of community service and to submit a formal apology in writing to the Bakery. The government recovered approximately $4 million in property and cash for the bakery and ordered the Jenkins to pay the bakery restitution of approximately $12.7 million (“Former Collin Street Bakery Executive,” 2015).
What should CSB Management have done Differently in the Past and What Should they do in the Future?
CSB management should have had effective controls in place in the past. Proper preventative, detective and correct controls would have cost much less money than the $16 million that was fraudulently taken from the company. Post discovery of the fraudulent activities, management should realize that the oversight function is extremely important.
Management should take steps to assure that there is proper segregation of duties. All large checks should require management oversight in the form of a review and additional signature(s). Accounts payable personal should be competent, well trained employees who are versed in recognizing signs of fraud and how to report what they observe.
The company needs to actively show that they have processes in place to prevent and detect fraud. They must make it clear to all employees that fraud is not acceptable and will not be tolerated at their company (DeFlaminis, 2014).
The company should also have a whistle-blower mechanism, such as a hotline, where employees can anonymously report suspected wrongdoing. Bank accounts should be reconciled on a regular basis, by someone outside the accounts payable area and management should oversee this function by reviewing and signing off on the reconciliations. These reconciliations are often performed by internal auditors who do not report to the same top management as the accounting department. If the company does not have an internal auditor, this function can be performed by someone else in the company who is independent of the accounting function or the reconciliations can be outsourced to a company that offers internal audit type services. Also, external auditors should be retained to perform regular audits. These audits should verify the appropriateness of the implemented controls and include tests that will check for any activities that do not follow the established control procedures.
Fraud is widespread and anyone can commit it. Because of this, CSB should try to eliminate one of the legs of the fraud triangle. Controls, audits, reconciliations and a whistle-blower hotline are all items that will give the perception that the opportunity to commit fraud is no longer there, thus eliminating that leg. With that leg of the triangle gone, fraud is much less likely to be committed. Research has shown that would be fraudsters will not take the chance of committing a crime if they believe someone is looking and will catch them. This is true even if adequate controls to detect their fraudulent activities are actually not in place, because the perpetrators will believe that they are in fact in effect (Peterson and Zikmund, 2004).
Analysis of the Results
This case is a prime example of the necessity of management oversight of the accounting function. The fraud originated in the accounting department and, with no management oversight, went unnoticed for over eight years.
The study details how the fraud was carried out and how it was discovered. The fraudster oversaw the accounts payable function at the company. He first had the accounts payable department write checks to vendors and record them, showing no invoice numbers. Next, he would void those checks, with no accounting for the voids and then write checks to himself or his credit card company for the same amounts. There were no internal controls in place to prevent, nor internal or external audits in place to detect, this fraudulent activity.
The fraud was on-going for over eight years when a new accounts payable clerk was hired. She had previous banking experience and thus some familiarity with proper internal controls. She noticed suspicious payments (pertaining to the fraudster’s scheme) and she brought her findings to the attention of her supervisor. Unfortunately, the supervisor was also the person committing the fraud. He denied fraudulent activity and she then took her concerns to upper management.
Management’s response (to how the fraudulent activities were able to be perpetrated for so long) was that they trusted their employees. The reasons the fraudster was successful in stealing such a large sum from the company were the exact ones which make up Albrecht’s fraud scale. The company placed too much trust in a key employee; there was a lack of proper procedures for authorization of transactions; there were inadequate disclosures of personal investments and incomes; there was no separation of authorization of transactions from the custody of related assets; and there was a lack of independent checks on performance (Kranacher et al., 2011). This led to a fraud total in excess of $16 million. According to the ACFE (2016), the more fraudsters involved in a scheme, the higher the losses usually are. Due to the almost total lack of preventive and detective controls at CSB, the single employee in this case was able to perpetrate a fraud as large as that normally seen with mutual persons involved in collusion.
After the FBI investigation and trial, the fraudster was sentenced to 10 years in prison and his wife was sentenced to 5 years on probation, community service and an apology in writing to the bakery. The government recovered $4 million for the bakery and the Jenkins was ordered to repay approximately $16.7 million. It remains to be seen whether the bakery will actually receive any of the restitution ordered by the courts.
Additional research in this area is recommended. Suggestions include analysing other frauds originating in accounting departments. Replicating the study by examining the circumstances under which the frauds were perpetrated could be valuable for educating executives on the necessity of strong internal controls and management oversight of their accounting functions.
A large-scale accounting fraud in a mid-sized family owned and operated, privately held, company was the basis for this study. The author examined the management shortcomings that allowed this fraud to be perpetrated over an eight-year period without detection.
There was mismanagement in the form of misplaced trust and a lack of internal controls. There were no anti-fraud controls in place and, when questions were raised, they were addressed by the very person who was perpetrating the fraud. There was zero management oversight with respect to the accounting function. Since more occupational frauds originate in accounting than any other department of a company, this was a particularly serious oversight.
Management knew something was “off” with the financial numbers but thought there was mismanagement or unknown issues with respect to the new brick and mortar stores or maybe inventory theft. However, no audits were performed in the entire time that the fraud perpetrator was employed by the company.
This fraud is a classic example, with all fraud (compromise) triangle elements apparent: Perceived Pressure (motivation), Perceived Opportunity and Rationalization. The fraudster was motivated to live a very lavish lifestyle, knew that there were no controls and virtually no management oversight and he was able to rationalize to himself what he was doing.
The author posits that family owned; privately held businesses should maintain a system of internal controls, as large, publicly traded companies are required to do and that they should schedule regular audits by independent accounting firms. The fraud scheme discussed in this case study is a prime example of the necessity of family owned private company maintaining management oversight of their accounting functions through the enforcement of strong internal controls. The ultimate cost of fraud perpetrated at a mid-sized company can, as in this situation, be much more than would be the cost of implementing and maintaining controls.
Management oversight and insistence on adherence to controls is imperative if a company wishes to protect themselves against fraudulent activities. The tone at the top sets the tone for the rest of a company’s attitude with respect to dedication in protecting the company’s assets against fraudsters.