Skip to content

Frequently Asked Questions

All You Ever Wanted to Know About Insurance

Risk Management: Loss Control


Employee Dishonesty - Controls & Policies


Employee Dishonesty is a crime. Did you know that according to the U.S. Chamber of Commerce, employees steal an estimated $30 billion to $100 billion per year from their employers? An employee can fraudulently manipulate data in many ways. For example, a single change in a computer program can report unusually high inventory shortages as breakage losses. The materials reported as broken can then be stolen without the theft being noticed. A computer payroll system can also present a way to commit fraud. For example, fictitious paychecks can be printed, or extra wages and overtimes can be programmed to be paid to designated persons.

The most frequent employee theft is check forgery committed by the one trusted person assigned to handle all the finances of a small business or organization. This person may commit fraud by:

  • Having check signature authority
  • Getting blank checks signed by the owner or company officer
  • Forging the signature on checks
  • Alters the check after the owner/company officer has signed it

Steps to Combat Dishonesty

An organization suffers employee dishonesty losses because criminals find opportunities to commit crimes. Risk control measure to prevent losses should focus on deterrence and detection and include the following:

  • Institute sound personnel policies
  • Institute physical controls
  • Institute computer controls
  • Institute procedural controls
  • Institute managerial controls
  • Investigate and prosecute crimes

Personnel Controls and Policies
Perform background checks before employees are hired.

Managerial Controls

  • Establish a climate or atmosphere within an organization that deters crime or assists in its detection.
  • Emphasize that dishonesty will not be tolerated and all criminals will be vigorously prosecuted.
  • Educate employees about the organization’s crime loss exposures, the risk control measures that have been implemented, and the ways employees can reduce dishonesty losses.
  • Projecting a tough attitude toward crime to employees can help an organization avoid becoming a target for criminals.

Procedural Controls

  • Divide financial responsibilities and functions so that no one employee controls all aspects of a transaction.
  • The business owner/organization officer or the outside accountant should get the unopened bank statements and canceled checks each month and independently review the payees, amounts, signatures, and endorsements on each check.
  • Take precautions in preparing payroll: have more than one person prepare it, have several different people prepare it, or oversee it yourself.
  • Require checks to be countersigned by two responsible officials for amounts over $500.00.
  • Limit the endorsement of checks, by anyone other than the owner / officer, to deposits for credit only.
  • Delegate the responsibility for receiving checks and cash to someone other than the person who records incoming funds.
  • Mail statements to outside accounts (if applicable) directly at least monthly.
  • Examine payroll records periodically to prevent padding.
  • Make sure employees responsible for ordering goods and supplies are not the same ones responsible for receiving them or paying for them.
  • Do not give the person who has the authority to write off bad debts the authority to make a credit sale or loan.
  • Consider rotating employees who jobs involve substantial opportunity for employee theft.
  • Conduct regular, unannounced audits by both internal and external auditors.
  • Vacations for personnel with high-fidelity risk taken annually to allow reassigned personnel to review activities and allow ample time to discover any discrepancies. A minimum of 10 consecutive working days is recommended.
  • Key control program should be implemented. Maintain records of employees who have keys with duplicates prevented by controlling the master. Locks should be changed when an employee leaves employment if there is any chance key controls have been compromised.

Computer Controls

  • Restrict access to computer files so only authorized personnel have access to sensitive information and programs.
  • Restrict the ability to change master files to personnel other than those who handle day to day operations. If someone else does payroll, make sure you have access to payroll data on the computer and that no one changes the passwords or access requirements for that data.
  • Document master date change by requiring authorized signatures, limiting access to serially numbered forms, and retaining the authorization document until the updating is verified.
  • Require limits to be stated on the face of computer generated checks issued by the organization to ensure that a large disbursement cannot be made without executive approval. For example, a check might carry the message “Not Valid For More Than $200” or “No Paycheck Exceeds $2,500.”
  • Cross check totals/serial numbers to ensure all required transactions have been performed but unauthorized transactions have not.
  • Maintain time and error logs to record the time it takes to perform computer operations. If an unusual amount of time was taken on a typical operation, and there is no good explanation for the time on an error log, this could indicate the possible unauthorized computer use.

Detecting Dishonesty

Embezzlement, forgery and counterfeiting succeed only if the victims do not recognize that a crime has been committed. Following an audit trail of receipts, computer records and other documents, a dishonest employee may be traced.

Contract with a third party for a confidential toll-free access 24/7/365 availability hotline. The service should have multilingual reporting capacity. According to the Association of Certified Fraud Examiners 2002 Report to the Nation, “found that companies with fraud hotlines cut their losses by about 50% per scheme, because activity was detected earlier through tips.”

If you do suspect an employee of dishonesty, don’t accuse or confront the person without proof. If you have reasonable suspicion your lawyer may suggest that you do the following:

  • Ask the employee to explain.
  • Ask the employee to take a polygraph test.
  • Be ready to assist law enforcement by compiling detailed reports of the crime.

Here's a list of examples you should definitely NOT do:

  • Do not detain or restrain an employee. False imprisonment is against the law, and charges can be brought against you if you force an employee to remain somewhere (e.g., your office) and there was no reasonable basis for the action. Depending on the situation and the employee you're dealing with, there may also be an element of personal danger involved in trying to detain someone. Contact the authorities or your attorney for specific advice if this situation comes up.
  • Do not defame the employee.
  • Do not threaten to prosecute if you are not sure that you are going to bring charges.

It is recommended that just like any other crime, employee dishonesty should be prosecuted as a Loss Reduction measure as part of your Risk Management Program. Persons planning to commit crimes generally do not anticipate that they will be caught. They may perceive that your organization is an easy target if they believe they will not be detected and prosecuted. Changing a criminal’s perception of the organization may deter or prevent the crime from occurring.

Additional resources include:

« Back to Risk Management - Loss Control