WHY YOUR COMPANY’S EMPLOYEE BENEFIT PLAN MAY NOT BE SAFE FROM FRAUD… AND WHAT TO DO ABOUT IT
By: Michael DeHaven, CPA, Rainer & Co.
Philadelphia Business Journal
As each year passes, it seems the perpetrators of fraud find new and creative ways to unsuspectingly take from others. The common theme of many of these cases is that an extension of trust was placed in an individual who took advantage of that trust for personal gain. A particularly vulnerable target for fraud is within company retirement plans. Consider these true examples from the American Institute of CPAs:
- A human resources employee diverted both payroll taxes and plan contributions into his personal account for six months, then left the country. This employee also had responsibility for reconciling payroll bank accounts.
- A third-party administrator set up fake businesses, then approved and paid bogus invoices from plan funds. There was no oversight of expense payments from plan assets.
- A pensioner’s benefit checks were fraudulently endorsed and cashed by a relative for several months after the pensioner had died.
- A plan administrator overrode the system to redirect all investment earnings for “Fund X” into his account balance.
- A plan trustee created a fictitious employee in the census data who received an allocation of the employer contributions; the trustee then took out loans against the account balance.
While these scenarios may sound like sensational headlines and movie plots, the real-life turmoil can wreak havoc for a business and the trustees of the retirement plan. In all fraud cases, the plan trustees are liable for replacing the stolen funds to the plan. Additionally, the IRS imposes penalties between 15-100 percent of the amount stolen. So without adequate insurance coverage for employee theft, the financial impact can be overwhelming.
How to Diminish the Risk of Fraud
Even though the fraud examples seem unrelated, all five cases share the common theme of having had poor internal controls in place. Without them, deception can occur undetected, often for months or even longer. It’s imperative for the leadership team to establish and implement control and oversight procedures for every plan. And while it may sound obvious, it’s important to confirm that oversight activities are performed consistently. The plan will only work if it’s adhered to.
Focus should be placed on three key areas:
1. Segregate duties. This is an often-overlooked internal control, where an employee who has physical access to cash should not have access to the accounting system. Many smaller organizations have difficulty implementing this control because of limited resources. Some businesses feel that a long-time employee can be trusted to transfer funds and record the transactions in the company’s books. And in countless cases, they are shocked to discover that this trusted employee has robbed them blind.
2. Management oversight. Trustees are tasked with consistent and exhaustive monitoring of the plan’s financial statements and internal controls. Trustee meetings should be held monthly if possible, or at least quarterly to review the financial performance of the plan assets, internal controls, plan administration, and to ask questions about irregularities in the plan’s financial statements. For example, if plan expenses are higher than the prior period and are inconsistent with expectations, ask for the details.
3. Check references . Another simple, but very important, procedure is to perform criminal and credit checks on job candidates for employees who will have access to funds or will be entrusted with your accounting records. While a good candidate with a poor credit rating shouldn’t be overlooked, keep in mind that an honest individual who has a poor credit history may be more susceptible to fraud to pay outstanding bills. Past behavior is a good barometer of future behavior. If someone has a history of stealing, they may be good at justifying the reasons for committing fraud, and could do so again at your company. Good references won’t eliminate your risk, but properly vetting the candidate can significantly reduce it.
Get the Ball Rolling
To ensure your organization is set up to prevent and detect fraud, periodically invite key employees from HR, payroll and finance to your benefit plan oversight meetings, and discuss topics such as: timeliness of depositing employee contributions, eligibility of recently hired employees before employer matches are made, vesting calculations before distributions are made, and review of supporting documentation before distributions are made. Delegation of these tasks is acceptable, but it’s essential to follow through to assure that the tasks are being performed.
Taking action to ensure your plan’s internal controls are working properly will likely prevent fraud from occurring and avoid its devastating effects on your organization. Not only will you protect your plan, you will protect your employees, trustees and your company’s reputation.
MIchael DeHaven, CPA, is a shareholder and chair of the Employee Benefit Plan Audit Division of the Chester County firm Rainer & Co.