In Bernie Madoff’s scheme, the fraud occurred for more than 20 years to the tune of $17.5 billion. A formal report was originally filed with the Security and Exchange Commission (SEC) (along with an outline of how his Ponzi scheme worked) in 2000—but the fraud wasn’t even investigated by the SEC until 2006 and wasn’t identified until 2008! Madoff was a highly esteemed member of the investment, business and charitable communities; initially, the SEC and regulatory authorities were hesitant to offend him by even questioning his operations. He was absolutely afforded the benefit of the doubt.
According to the 2016 Report to the Nations, the Association of Certified Fraud Examiners (ACFE) states that the median duration of a fraud until detection is 18 months, while 32% of schemes last at least two years before ever being discovered.
On one case, I was contacted by a business owner who was afraid that her office manager (and longtime friend) had been stealing from her business, but wasn’t sure how much or for how long. She had noticed some discrepancies with the cash receipts and accounts receivables, which came up while the office manager was out for surgery. The client requested I examine the financial records back until I could identify when the stealing began. Unfortunately, it began five years earlier, during a downturn in the economy, so, early on, when the owners asked the office manager why cash flow was so tight, she was able to explain it away as being part of the recession—and that became their ‘new normal.’
When I interviewed her fellow employees, the common thread was that the office manager was very controlling of her “turf” and she was also a “bully.” Although it was her common reputation in the office, no one ever talked to the owners because they thought that they would side with their friend, the office manager, anyway. That perception only contributed to the length of time she was able to get away with it. The office manager had rescheduled the surgery multiple times until she couldn’t reschedule it any more. She feared her fraud would finally be discovered while she was out. She was right.
The take-away is that owners, officers and trustees need to practice due diligence in reviewing an organization’s financial records, specifically the implementation and monitoring of internal controls. This includes segregation of duties, safeguarding of assets, and a “tone at the top” that leads by example and sends a zero-tolerance message when it comes to fraud.
Author: Richard C. Gordon, CPA/ABV/CFF, CFE, CGMA, Director of Forensic and Valuation Services