The recent Hollywood Reporter column “Sorry, I Stole from my Clients,” by a former partner of a business management firm convicted of embezzling over $7 million from his clients, should serve as a wake-up call to entertainment industry professionals on the mounting risk of fraud.
I reflect back to previous life as a Chief Audit Executive, where I was responsible for developing and maintaining a company-wide anti-fraud program. While the program was developed for a large and diverse organization, the key elements of the anti-fraud program can be applied to any organization, including business management firms, law firms, or other professional firms. The purpose of sharing these elements is to provide a blueprint designed to minimize the risk of fraud in an organization, regardless of size. While preventing fraud is frankly an impossible goal, minimizing the frequency and impact of fraud is possible!
The four elements of an anti-fraud program include: Culture; Policies and Procedures; Training; and Compliance Monitoring.
Culture: The executive committee or managing partner of the firm has to demonstrate a strong “tone at the top,” whereby he or she communicates (and leads by example) the importance of following the firm’s policies and procedures, code of conduct, and general ethical behavior. Also, he or she should nurture a culture of openness, which will empower employees to express a different view, without the fear of retaliation. Why is this important? Because the two most frequent ways to discover fraud are via employee tips or simply by accident (or an error by the fraudster).
Policies and Procedures: At a minimum, a firm should establish a process through which its employees can share their grievances or concerns outside their direct supervisors, including fraud red flags. Other actions to consider include a) developing a code of conduct (signed by each employee when hired); b) establishing and maintaining effective employee background checks; and c) including compliance with the policies and procedures of the firm as part of the employee evaluation. With smaller organizations, it may be difficult to implement segregation of duties; however, it is critical that controls are implemented over cash receipts and disbursements.
Training: Employee awareness should be developed through training on the firm’s policies and procedures, including a mechanism to share any concerns with the firm’s leadership without fear of retaliation. If employees know what to do if they detect “something that doesn’t seem right,” then you’ve succeeded in training.
Compliance Monitoring: With the help of outside experts and consultants, each firm should perform a periodic fraud risk assessment, with the goal of identifying the key fraud risks as well as the key controls to minimize such risks. If any key fraud risk does not have sufficient controls in place, other controls should be added. The above can be performed as part of an overall internal control review of the key processes of the firm.