Trust Risks the Bottom Line: How Business Owners Can Prevent And Mitigate Fraud With Steve Nicokiris
Fraud isn’t just a big company problem — it’s often more damaging, more frequent, and harder to detect in small and mid-size businesses.
In this episode of Open For Business, featuring our guest, accountant and advisor to mid-sized businesses Steve Nicokiris, we unpack the hidden realities of fraud that many business owners overlook. From employee theft and manipulation of financial records to vendor collusion and cultural blind spots, fraud typically operates quietly, often in high trust cultures — with devastating financial and emotional consequences for the business owner.
Drawing on real-world insights, we explore:
- Why fraud is often called the “silent killer” of mid-sized companies
- How smaller enterprises are disproportionately targeted — and why
- The critical role of internal controls (and what happens when they’re missing)
- Why trusted, long-tenured employees can pose unexpected risk
- How workplace culture and leadership style influence fraud exposure
- The surprising ways fraud is discovered — and why it often isn’t
- Practical, actionable steps business owners can take to reduce immediate risk
We also discuss how remote work, lack of owner oversight, and operational gaps have accelerated fraud risks in recent years — and why many cases never reach law enforcement.
Whether you’re a founder, managing partner, or financial leader, this episode offers a clear-eyed look at one of the most under-discussed threats to business stability — and how to protect what you’ve built.
—
Trust Risks the Bottom Line: How Business Owners Can Prevent And Mitigate Fraud With Steve Nicokiris
Stuart, how are you?
Norm, I’m doing well. How are you?
I’m excellent. Nice day outside. A good day to have a show.
It’s a good day to talk about fraud. It’s one of my favorite topics.
Fraud is a good topic to talk about any day.
Not one of my favorite topics in general, but a good topic to talk about.
It’s a topic that no one loves talking about, but it’s something that business owners need to understand, be aware of, and not be naive to think that it doesn’t happen. Either they have relatives or friends in the business, or nobody would ever stab them in the back.
It’s also very easy to stick your head in the sand, but you know what happens when you stick your head in the sand. Something else is sticking up, and you can get kicked right in that.
Good point.
We have a guy named Steve Nicokiris. I’m going to extemporaneously, based upon this piece of paper that’s sitting right in front of me, describe what Steve does and who he is. For those of you tuning in, Steve is a Shareholder and is a Managing Director at CBIZ Advisors and CBIZ CPAs, which is a very large accounting firm.
Steve, not shockingly, provides accounting services. He also provides audit, due diligence, and business advisory services to the middle market. Some of the types of industries that he services are consumer products, apparel, retail, real estate, publishing, professional services, and so on and so forth. With that said, what Steve has done over the years is develop a deep expertise and probably an appreciation for fraud detection and prevention.
We invited Steve to join us because we want him to share some of, first of all, the truly staggering data relating to fraud in middle market businesses and how it is acting to effectively devastate several businesses. That’s sad because people work hard for their money. To the extent that people are committing fraud, it is devastating to those businesses.
We want to learn from Steve how you detect fraud, what fraud is, and what you can do to prevent it. The goal is for all of you business owners to read this broadcast and then not be able to fall asleep tonight worrying about whether or not the person you trust most is defrauding you.
The person ripping you off the most.
We’re pleased to have Steve with us here. We anticipate a lively conversation.
This is going to be a real eye-opener for business owners, particularly when Steve talks about the data or the actual numbers involved.
I’m excited to learn all about fraud.
‐‐‐
Steve, welcome to the show. We’re glad to have you.
My pleasure. I’m looking forward to speaking to you guys.
Steve Nicokiris’ Background And Expertise In Fraud Detection
Give us a bit about your background, and then tell us how you got involved in the fraud detection area.
I started my career at PWC. I spent seven years at PWC. I was doing audit work. After seven years, I decided it was time to leave. I went to work for a very small firm called Mahoney Cohen. It was small. It was unusual for people to go from Price Waterhouse to Mahoney Cohen. It wasn’t common for people to do that back then. That was many years ago.
When I got to Mahoney Cohen, I was in the world of small and middle market businesses. That’s where the fun began. I learned early on that you need to be a business advisor, consultative with your clients. That’s where all the value comes in. Luckily, I had a couple of mentors and was working with a lot of mid-sized family-owned businesses. During those years, unfortunately, I’ve seen a lot of bad things happen to good companies, fraud being the most prevalent.
I was learning and listening to what these people were going through. I was trying to help them, understanding and realizing how susceptible they were. That was the biggest takeaway I got. These people are walking fraud machines. What I’d like to say is fraud is the silent killer to mid-size and small businesses, and they don’t know it. These fraudsters are assassins. They are silent assassins sucking out the blood of our clients slowly and methodically, and are, unfortunately, putting a lot of them out of business.
Defining Occupational Fraud And Staggering Statistics
Steve, I want to dumb this down so even I understand it. For purposes of our show, how should our readers define fraud? What is fraud?
There are a lot of different types of fraud, but the fraud I’m talking about is called occupational fraud. It’s fraud incurred by employees of companies by stealing assets, screwing up the books, and playing games with numbers. It’s fraud that is stealing from its employees and stealing from companies. That’s what I want to talk about.
Occupational fraud is fraud committed by employees against a company, such as stealing assets, manipulating financial records, or “playing games” with the numbers. It involves employees stealing from their employers and misusing company resources.
You talked about, at one point when we spoke, the numbers that are involved in fraud in middle market and lower middle market companies.
It’s staggering. There are many people out there doing studies, but the most prominent study is done by the Association of Certified Fraud Examiners. They put out a study every two years where they analyze fraud around the world. They analyze about 2,000 frauds a year. I like to go even further, but their statistics talk about companies under 1,000 employees, where the average fraud runs between 5% and 10% of revenue for these companies.
About 75% of small businesses are hit by fraud in one way, shape, or form over their life cycles. That’s three times more than larger companies. For example, a large company would be anywhere from more than 1,000 employees. A smaller company is going to get hit by fraud three times more. They’re three times more susceptible to fraud. The fraud that’s being incurred on those companies is more than double the size. They come out with medians and averages, but the median fraud for a small business, according to the study, was about $160,000. That’s the median. The average fraud is about $1 million or $2 million.
Why Smaller Companies Are Highly Susceptible To Fraud
That said, why are smaller companies so susceptible to fraud?
The reason is that they don’t have the controls, bells, and whistles in place. They don’t have a good set of internal controls in order to watch their house. The opportunities are so much more available to fraudsters. A lot of our clients could be doing $10 million, $20 million, $30 million, or $40 million. They have a CFO. They have a controller. Some of the owners are involved in the business, and some are not involved in the business. Absentee owners are a big red flag. It’s a real opportunity for fraudsters.
A lot of our clients, while they’re very good business people, are not very good financial people. They don’t watch that side of the house. These fraudsters are smart. One of the things I also realized is that these fraudsters are smart. These are very bright people who are doing bad things. They are given the opportunity, and they take it, unfortunately. Number one, it’s there. Number two, there are reasons for them to take it. A lot of different red flags come up.
The bottom line is that small businesses are susceptible to fraud because the internal controls are lousy in most small businesses. The tone at the top could be lousy, too. The owners could not be showing the right thing as far as their attitude, the way that they treat their other people, their employees, and their vendors and customers. People see that. If employees see the owners not treating their customers well or their other employees well, they say, “Maybe I could do the same thing with you.”
Small businesses are susceptible to fraud because internal controls are weak in most small businesses.
When we talked about it, you mentioned that the biggest problem, sadly, is that a lot of times in a smaller business, you have relatives and close friends working for you. People who you would think are trustworthy and that you’ve known all your life. These are the people you want to have that are going to have your back. That wasn’t the case that you mentioned to me. You talked about the fact that the opposite is the case.
It’s counterintuitive. In small businesses, the longer and the more trusted the employee, unfortunately, that gives them more opportunities to do bad things. When you look at the statistics about fraud, it doesn’t have to be owners. There are a lot of mid-size and small businesses that have people working for them for 25 or 30 years. They may not be blood, but they are treated as blood. They’re thought of as part of the family. They are given a lot of authority, and they have a lot of ability to do bad things.
Those people, when they’re there, 10 years, 15 years, 20 years, or 30 years, and the opportunity is there, and they take it. That’s when the fraud happens. They aren’t in the $140,000 to $150,000 range. That’s the $800,000 to $2 million range for small companies. I’m talking about companies doing $5 million to $10 million a year, where these kinds of frauds decimate them.
Can you give us some examples? When you go into a business, are you brought in to look for fraud? Are you going in there as an accountant to look at the books, prepare financial statements, and come across the fraud? What’s the usual scenario?
I am not a fraud accountant. I am a middle-market CPA accountant. I work with middle-market companies and the owners of those companies to try to help them run a great business, make money, and save money on taxes. They call me in to do their tax return. I may come in to help them put together budgets. I may do financial statements, audits, reviews, or compilations. I’m not going to say we’re uncover because, honestly, most times, we don’t.
The biggest way fraud gets uncovered is not by being uncovered by accountants or by anybody. It’s by accident and by tips. That’s how frauds get uncovered. A forensic accountant does not come in and find fraud. They’re always called in after the fraud is already found. They’re analyzing what the heck happened and are like, “Let’s try to find out how bad it was.” Uncovering the fraud is very unlikely. It’s easier to catch fraud by accident than it is to have a forensic accountant find out.
What you’re saying is that people have some type of suspicion that something’s going on, wrong, not adding up, not equalizing, or whatever it is. They contact someone who says, “I’m concerned. Something is happening in my business. Somehow, this check, or whatever it might be.” They contact either you or a forensic accountant to say, “I need a deeper dive.”
It doesn’t sound like that. What you’re saying is that most of the time, it’s purely accidental or coincidental that they discover it.
This goes back many years. When I say tips, I mean either a tip hotline, a website, or an app. Companies don’t put that in. Only about 20% of companies even have that. The companies that have that, when they do find out about a fraud, 40% of the time the fraud is found as a result of a tip.
The Role Of Culture, Tone At The Top, And Fraud Awareness Training
Do you see culture, whatever that means, playing into fraud? Do you see it more when there are poor cultures within small and mid-sized businesses as opposed to a very cohesive, well-organized business?
When you talk about culture, there are a couple of different facets of culture. Culture has a huge impact on fraud. I use the term tone at the top. It’s not that it’s a friendly culture and collaborative. That’s all part of it, but I’m talking about fraud. It is being aware of fraud, being conscious of fraud, and doing things so that the culture is that employees know that you’re looking for fraud, that you are looking at the books, that you’re concerned about that, and that you have a policy in place where it’s something that is on your radar. That is the key right there.
Culture plays a critical role in fraud prevention. It starts with awareness and accountability—creating an environment where employees know fraud is taken seriously, where the books are actively reviewed, and where clear policies make it evident that fraud is on leadership’s radar.
A lot of business owners, while they have great cultures in their company, don’t have great cultures when it comes to fraud. They’re not even aware of fraud. They don’t do fraud awareness training for their employees. You talk about all this DEI training that is being done. Every company brings in these consultants to talk about being diverse. How many of you know that I have fraud awareness training?
I didn’t know there was fraud awareness training.
Neither did I.
That’s the answer to that one.
That came up in the last study. What they found was that companies that do fraud awareness training cut that training by itself. It’s a tone at the top concept. That cuts these incidents of fraud by 50%, and it cuts the amount of fraud by over 50%.
I have two questions for you. One, is the reason it’s cut down is that people are aware the company is looking out for that by having this fraud training, so they get a little more concerned about what they might otherwise do with it if it weren’t the case? Two, I don’t know if you can answer this, but for most people who are caught engaging in fraud, what excuses do they use? What do you find to be the most common excuse as to why people do the fraud or commit fraud?
To the first question, as far as awareness, the fact that the company is bringing in people to speak for an hour or so. It’s letting their employees know that fraud can exist in companies. If they see something, they should say something. That is a culture that permeates a company. If somebody knows that, they’re a little bit more likely to, number one, be on the lookout for it. If they’re on the lookout for it, they realize, “There is a way that I could say something.” Maybe they’re afraid for themselves. They could do it anonymously. That could help find the fraud and certainly cut it off before it gets out of hand.
That makes sense.
What is the second part?
There is a case study I’m going to tell you about. There are an unlimited number of excuses and an unlimited number of reasons. The bottom line is, they felt like they deserved it. A lot of times, they feel like they are being taken advantage of. They’re not being heard. They’re not being properly paid. They don’t think that the owners respect them.
The obvious reason is they’re having their own issues. They’re having financial difficulties. There are drug problems. There are family issues. There are credit issues. A lot of companies aren’t aware of these things, but it happens a lot. The other thing is, since the pandemic happened, the incidence of fraud has increased by 25%.
What was that attributable to?
It’s remote work. There’s less oversight. People have more time to think about doing bad things. There are so many things that people could do. They have access to records 24/7. They could create some bad things, uncover records, and create bogus records. They could spend all day doing it, and nobody sees anything. Nobody sees a thing.
The world would be a different place if people used their expertise for good and not evil. It’s incredible to me.
It sounds like a movie line, but it’s true.
The David Kaufman Case Study Of Fraud By A Trusted Employee
Steve, you had mentioned a moment ago that you had prepared a case study. Can you give us a little bit more insight into that, please?
This particular case study is several years old, but it sticks in my gut for a lot of reasons. This was a client of mine. They have been a client for many years. It was a company in the manufacturing and distribution business, doing about $10 million of business and making good money. The owner was a woman who was a very classic owner. She was a designer by trade. She was not a business person. She had limited financial acumen. She hired a controller. I remember his name. His name was David Kaufman. I could picture his face. He was such a bad dude. He would be there for many years.
Talk about red flags. He spoke often about how he did not like the owner of the business. He didn’t like her. He felt like he was being underpaid. He led other people. He said this to other people in the company. It was common knowledge that he said these things. He was with the company for many years, and he took a vacation.
The accounts payable clerk, happened to glance through a monthly bank statement and saw checks written to a couple of the vendors. Some of the checks were computer-generated, and some of them were manual. It was a little surprising. It was to the same vendor. He happened to look at the backs of the checks. They had different endorsements. The endorsements on the back of the checks were not identical. This guy was good. This is pretty advanced thinking. This accounts payable clerk did this.
He called me up, and we met with the owner and him. It certainly didn’t make sense. We didn’t know what to make of it, so we called up the vendor. He said, “We have a couple of different checks. I want to confirm that you got our payments for these checks.” He rattled off the computer-generated checks and said, “Yes,” but for the manual checks, he said, “No, we didn’t get it. We don’t know what you’re talking about. We never got that payment.”
The red flag went up. We knew something was going on. We met with the CFO. The owner called their attorney. The attorney said, “You could have a meeting with the guy. Don’t do it alone. Have a meeting and ask him to explain what it was.” He confessed to the fraud and said, “I sold about $30,000. This is what I did. If I could keep my job, I’ll pay you right back.” We went back, and we did a little bit of forensic work. It wasn’t $30,000. It was about $350,000. It wasn’t only that. In addition to that, that was about 80% of it. That was the biggest part of it.
The other part was that he ended up writing a lot of checks payable to himself as additional bonuses. Those checks were forged. What I wanted to say is that he did not forge the checks to the vendors. What he did was recirculate invoices from the same vendor. What he normally did was he’d put up a batch of payments to the owner, and she would sign them. It could be $15,000 or $20,000 once every other week or once every couple of weeks.
She would have a batch of invoices with checks, and she thumbed through them and signed. She didn’t check what heck she was signing. What he would do was she would sign a legitimate invoice, and then he would take that invoice again, recirculate it, write a manual check, and put it in the batch. She’d sign that. She didn’t know she was signing the same invoice twice.
He did not have check-writing authority. She didn’t give that up, but she didn’t follow through by doing any diligence on the check she was signing.
He didn’t have check-signing authority.
How did she react when you went to her? Obviously, the payables clerk went to her first, but when you discovered the enormity of the fraud, how did she react to that?
She couldn’t believe it. She was very trusted. She trusted him while he hated her. He had full access to everything. He was on the team. He was the number two and number three guy in the company as far as level of trust and what she thought of him. She was devastated.
Was she aware that he was badmouthing her and thought ill of her?
She had no clue.
He had never spoken with her about that.
No one said boo. As we were having these meetings, when I was sitting with her and the accounts payable clerk, it came up. We said, “Were there any signs of this? Is there anything that you could think of?” He said, “I don’t know, but he hates her.”
What happened? Did she give him a promotion and a raise, and all was well and good after that?
He’s the CEO of the company, and he’s stealing $10 million a year.
If he’s that ambitious and that clever, he should be.
Steve, finish the story. After it went from $30,000 to $300,000, what took place?
We met with him again and said, “We see it’s not $30,000.” We came up with $300,000. We went back several years. We didn’t go back to when he first started, but we went back several years. There was a pattern where it started out slowly. There were 1 or 2 checks, and then it went to 4 or 5, and then it went to 10 or 12. It escalated. We saw that escalation as he was getting more brazen with this.
He confessed to everything, and he agreed to pay her back. He said, “I’ll pay you back as long as you keep me or don’t press charges against me.” He didn’t pay it back 100%. He paid it back about $300,000. She had insurance as well. She did not press charges against the guy. She spoke to the authorities, but they were very uninterested. The amounts were not that significant. She decided not to press charges.
What was interesting was that about 2 or 3 months later, I was in my office, and I saw somebody speaking to one of my partners behind closed doors. It was him. He was in my accounting firm, speaking to one of my partners about something. I was freaking out because I couldn’t believe this guy was in my office. I had no idea what he was doing.
I didn’t do anything. I waited for the meeting to end, and I walked to my partner and said, “Excuse me. You were talking to this guy. What were you talking about?” He was interviewing for a CFO position at one of our other clients. I said, “Are you kidding me? Can you show me his resume?” I looked at his resume. Other than his name, everything was bogus. He didn’t have the other employer’s name listed on the resume at all. He had created a whole new resume.
Low-Cost Mitigation Strategies Like Positive Pay And Background Checks
Steve, going back to this case study, a lesson to be learned here. What should have taken place? How could the company have prevented the fraud other than the owner looking at the invoices and recognizing, “I signed one for this same amount last week?” Other than having someone come in and lecture about fraud, what’s a lesson to be learned from this situation or this particular case study that our audience could take away here?
You can never 100% get rid of the opportunity, but you could certainly mitigate it. One would have been for her to be a little more diligent when she was reviewing the batch, to look at the invoices. When an invoice gets paid, something should be done to put anyone on notice that it’s been paid. Stamp it PAID or something. That could have been done.
She could have done something very different. Banks have something called positive pay. Banks have different products. It’s basic. This has been a place for years. Positive pay is a system that a bank offers. It’s a product that they offer to every company, where you could give them names of vendors, addresses, and amounts, and they will only pay vendors based on what you provide to them.
In this example, if it were a vendor named David Kaufman Company. She could have given them a list of, “These are the amounts that I want you to authorize for this check this month. There’s one invoice for $5,200. That invoice, I’m authorizing you to pay.” They will pay for it. If they don’t pay it, then that’s their risk. They blew it. You could submit that list to the bank at all times so that every payment that is being made is only based on an authorized listing that you provided to them. That’s all automated. It’s very easy to automate. It’s something that is basic to do.
I wonder how AI is playing into this. Clearly, the business owner who’s busy. In your case, this business owner who was not checking the underlying work before signing these checks, has other things going on. Have you seen any instances where AI is either assisting fraudsters or, for that matter, resisting fraudsters?
I think both. I want to go back. The other thing I wanted to say, which I didn’t say about this case. The guy was a convicted felon. When my company hired him, they used a recruiter. Whatever the recruiter did, the recruiter did not do proper background checks. He said, “If you had done a proper background check, including a criminal check, you would have found that I had a criminal record.”
He admitted to that?
He did.
That’s unbelievable. You said that she had insurance, also. Let me touch on that before we get to the AI. I’m not familiar with this, but is there fraud insurance that the business owner can pick up?
Yes, but 75% of small business owners are underinsured on their fraud insurance. In your general liability, you have some fraud protection, but there’s special fraud insurance. That’s not even inclusive of cyber. Cyber is a whole separate type of fraud. Occupational fraud insurance is available. For most companies, their basic is $25,000 to $50,000, which is clearly not enough. Most companies do have some level of insurance, but usually the basic, maybe up to $25,000 to $50,000 of insurance. Luckily, he paid back most of it, so she did get back a good chunk of it through insurance. She was made almost whole, which is very lucky.
You had said that that particular client was in manufacturing and distribution, if I remember correctly. Are there, in your opinion, industries that are more susceptible to fraud? Is fraud more prevalent in certain industries?
Yes. Consumer product companies that have inventory are more susceptible to fraud than service companies that don’t. It’s another area of opportunity for people to steal things. Not only could they steal money, but they could steal inventory. That’s a very big opportunity. Companies with high levels of payroll, like staffing companies, are susceptible to fraud. You could be a $20 million to $30 million payroll company, but you could have a thousand W-2s, especially if they’re putting temps all over. You could easily have someone create a bogus employee for $200 to $800 a week that goes under the radar. It gets added to the payroll, and doesn’t get caught.
The Impact Of AI On Increasing Fraud Incidents
Would that be an instance where AI would assist a fraudster in pursuing some sort of a plan, possibly?
We’re seeing it every day with different types of fraud being incurred through email scams and all that. Every company in America has a story about it, or either has been or is being prodded into it. AI is going to have an impact on fraud. The fraudsters are going to be smarter. There are going to be more opportunities and more ways for them to come in and do bad things. I’m confident fraud will continue to increase, especially in small businesses.
What I find so amazing is that we hear all the time on the news the level of loss to companies from theft. You hear that, and you’re amazed by it. People don’t talk about fraud, and the enormity of the impact that fraud has on a business.
For small businesses, it’s a double whammy because large businesses have fraud as well, but they have the wherewithal to absorb it. We said the fraud could be up to 5% to 10% of revenue. If someone steals $1 million from a $10 million company, that’s substantial. That could represent the equity in the company. That could put them out of business. What they’ve found is that’s what happens. The statistics said that in one third of the bankruptcies in small businesses, fraud was a reason for the bankruptcy.
Statistics show that in one-third of small business bankruptcies, fraud is a contributing factor.
That’s very sad, if you think about it. In your experience, what percentage of these fraud transactions end up in some sort of criminal investigation? In your case study, it didn’t go there.
Few. I’d say less than 10%.
Why is that, in your opinion?
Embarrassment. People are embarrassed. Business owners don’t like the idea that they would have to go to their insurance company and go to the police. There’s a whole exercise that you need to go through. The time involved. They don’t want to spend the time to do it. They don’t want to bring it up. It’s so hurtful. They’re trying to move on from it, and they don’t want to bring it up again.
There’s also the law enforcement’s lack of interest, especially if it’s under $1 million. If you call the police to the company, they’ll laugh at you. They’re so busy that they don’t have time to deal with it. White-collar crime is not on their radar. It doesn’t get the attention it deserves. People don’t want to talk about it. That’s the biggest thing.
I was speaking to another business owner. A good friend of mine was in the staffing business. He sold his company for a great, wonderful transaction. It was significant. I was speaking to him about this. He’s a good friend of mine. I was talking about fraud, and he said, “Steve, I want to let you know I got defrauded by my CFO about 8 or 10 years ago. He took over $1.5 million from me. I sued the guy, and I put him in jail.” He did that because it was more substantial.
Talk about the feeling. This guy was on his team. He wasn’t a family member, but he was like family. He couldn’t believe this guy did it. This guy was one of the better businesspeople I know. I was shocked. He said, “Steve, this is a topic that needs discussion.” I’m a Vistage member. He said, Steve, “You’ve got to speak to Vistage and tell them. You’ve got to speak to business owners about this. They don’t know. They don’t care. They’re not doing the right thing. They are susceptible, and they don’t even know it.”
It’s a combination of trust and a sense of entitlement. That’s a bad combination.
If I have 30 clients, I could go to 15 or 20 of them and say, “The opportunity is ripe for anybody to do bad things.” Whether it be $50,000, $100,000, or $200,000.
It’s a case because business owners are so busy running their business. They’re being pulled in 25 different directions. They don’t have time to breathe. This is not something or some area they can focus on. They don’t put the time into it.
Shame on them.
I agree. They do that, but it is what it is, sadly.
That’s why they need you, me, and my competitors to go to these clients and remind them, “Tell me. What is the biggest asset that you own? It’s your business. What do you think your business is worth?” They’re like, “I don’t know. $10 million or $20 million?” We’re like, “What happens if someone comes in and is stealing your business?”
They put you out of business because they steal $1.5 million. That’s gone. Is that important to you? Is it worth it for you to spend a little time to sit down, speak to your lawyer, and speak to your people, like, What are some very basic things I could be doing that don’t take a lot of time that maybe could help mitigate this?
If they say, “I don’t have the time.” Say, “Could you do me a favor? Could you walk into your bookkeeper, get a check for $1.5 million, and give it to me if it doesn’t mean that much to you?”
I relay 1 or 2 stories. I say, “You give me five minutes. I have twenty of these. Do you want me to give you 1 or 2? Let me give you one or two stories. They stole $200,000, $300,000, or $1 million. They did it this way. Payroll. Theft. Collusion with vendors.” The opportunities are limitless. I can’t accept that you tell me you don’t have time. That’s unacceptable.
It’s a sad story.
Actionable Steps: Reviewing Books And Forcing Mandatory Employee Vacation
Business owners have trusted advisors. They have their accountants, attorneys, financial planners, and others. You had mentioned a moment ago to speak to them. What is the business owner supposed to do? Give us a little more concrete information. The business owner who’s reading this is not going to sleep tonight because they’re worried about their friend, Tommy, who was their friend in high school and is their controller, ripping them off. They come to you and say, “Steve, what the heck am I supposed to look for?”
First of all, they have to think about it. If they’re not thinking about it, they shouldn’t be sleeping at night. It takes walking into the office. You walk into the controller or the CFO and say, “Let’s sit down. Show me the bank statement this month. Let’s go through it. Can you show me? Let’s take a look.
Give me the payroll run. I want to see the payroll run. Show me the payroll run for last week. I want to take a look and see all the employees on the payroll. I want to see how much we’re paying everybody. Have you guys taken a vacation? You haven’t taken a vacation in eight years. What’s going on? How come you’re not taking a vacation? I want you to take some time off. I’m going to give you $1,500. Go to Puerto Rico with your family. It’s on me.”
Let me ask you. In the context of fraud awareness, which you mentioned at the outset, I don’t know whether you talked to owners about that or you provide these clinics or these programs. Are there checklists that owners could have that say, “When you’re running a business, these are the things you want to look out for, be alert to, or to do?” As Stuart said, what should you be looking for? What should you be doing to prevent this?
There are. Due to this, a lot of the banks do a lot of basic things. For a lot of people like me, if you go online and Google, you’ll find a whole bunch of stuff that’s out there. It does require a little discussion that a lot of people don’t have. They’re not having it. I’m not happy about it. My competitors don’t talk about it. They’re not talking about it, and I don’t know why. I think they’re ignorant themselves. They don’t want to. It’s very basic.
I was in a Vistage meeting, and I spoke about this a couple of years ago. At the end of the meeting, one of the owners came over to me. He’s whispering. He said, “My bookkeeper stole hundreds of thousands of dollars from me. I’m still reeling from it. I have not recovered fully from this.” He was embarrassed. He didn’t raise his hand during the meeting and say, “This is something that we should all speak about,” and that’s the problem right there. That attitude doesn’t belong behind the scenes. It belongs front and center.
It’s like the silent killer.
It is, and it’s a shame. Stuart and I finished a beautiful transaction a couple of months ago with a wonderful company. In that company, the owner was very financial. The controller was the wife of the husband. If she weren’t the bookkeeper, she could be stealing millions of dollars over the years.
There’s no doubt about that.
$100,000 a year of a $10 million company, whether or not the company is making money or losing money, they’re not going to find it unless they are looking for it.
I’ve been taking some notes. Is it fair to say, number one, the business owner has to be aware? They have to be concerned regardless of how airtight they believe their business is. Number two, they have to speak with their professionals and take guidance from their professionals with respect to this issue. Number three, and I thought that you said this very well. Force your financial people, whether it’s your CFO, your controller, or whomever, to be out of the office for a week, two weeks, or what have you, so that you can do an independent evaluation of the books and records. Is that fair?
Yes. Things happen when you’re out of the office. This guy was out of the office. The bank statement happened to come in. It was luck that it came in when he was not around. It was luck that the guy, the accounts payable clerk, happened to open it up, look, and find something that looked unusual. He was smart enough to do a little bit of extra work. If he didn’t do that, that could have been going on for another 6 months, 1 year, or 2 years, and the numbers could have been ten times bigger than what they were. This is a $10 million company. I’m not talking about a $50 million or $100 million company.
You said at the outset that a lot of times, these things are uncovered by chance.
They are, and that’s the sad part. That’s why putting in a tip system is a no-brainer. It doesn’t cost anything to do. That’s, overwhelming by ten times, the most popular way these things are getting detected.
When you say a tip system, that’s what I was going to ask you. Give us an example of a tip system so people understand what you’re talking about.
Let’s assume the company. In the newsletter, there would be a thing saying, “New policy in place. We have a new system that, if you see something, we need you to say something. If you see a vendor, an employee, or a customer doing anything unusual or suspicious, we’d like you to let us know about it. We’d like you to let us know anonymously.” That could be in the newsletter every month.
They can have a company meeting with their employees. During the company meeting, the owners could say how they realize they love their employees and they love the company, that they know it’s a small company, and that there are no bells and whistles covering everything. If anyone sees anything going on, it would be important for them to let someone know.
They’re like, “Let us know if you see anybody doing anything in the company that you think is hurting you or hurting me. It means something to me. I may even reward you.” They could put out a reward. They’re like, “If you say something, like, ‘We found someone,’ we’ll give you a $1,500, a $5,000 bonus, or 10% of what we find.” It could be anything to give people an incentive to say something.
That’s all great advice. The conversation, besides being informative, was scary as to what goes on in this world and what shouldn’t go on, which is the sad part about it. Business owners don’t focus on this as they run their business. The only tips at the end that you and Stuart talked about are great tips on simple things you can do to prevent this from happening.
It’s pretty obvious as long as you’re aware of it.
I created a top ten list that I like to give to all my clients of things that they should be doing. That includes some of these things and a few more things. These things cost next to nothing. I’m not talking about hiring us to come in and do a forensic order for $25,000 to $30,000. That’s not what I’m saying at all. Another thing I want to say, which is a little fun fact, is that size matters. The smaller you are, the more susceptible you are, and the harder it hurts. You don’t need to be a $200 million or $300 million company to be concerned about this. You shouldn’t be. The smaller company should be much more concerned.
Personal Anecdote: Fraud Committed By The Speaker’s Own Office Manager
Everything you mentioned isn’t complicated. They’re simple tasks or simple things that you can do to prevent this. I love the tip system. “If you see something going on that’s wrong, notify us, whether it’s with a vendor, a contractor, an employee, or anyone. Let us know anonymously.”
We had fraud in our own company. Our office manager committed fraud against our firm several years ago.
You read about it all the time.
He was on vacation, and someone saw a Tiffany gift box sitting on her desk. Someone noticed that. That’s unusual. Why would something from Tiffany be on the office manager’s desk? One of our office supply vendors sent it to her. We did a little bit of checking. We were being overcharged by him by thousands of dollars, and she was taking kickbacks.
Having it sent to the office is brilliant.
That’s another thing I’ll tell you. People are brazen. Sometimes, you’d be amazed. They confess. They say things that you wouldn’t expect. They share what they did. They take pride in what they did and say, “I’m surprised it took you so long.” They realize that they’ve done it, and they’re going to do it again because it’s very unlikely that they’re going to be put in jail for it.
That’s a great word, brazen. When you talk to people doing what you do, they have said it before. I’ve talked to forensic accountants and other forensic investigators. They use that word on a regular basis. It is amazing how people do that. This has been great. It was informative for me. I took notes. I’m sure our readers are going to enjoy this conversation. Thank you.
It is a bit scary, but there’s a lesson to be learned by virtue of the fear factor here. Everybody should be aware of it. That’s very important.
Our job is to inform our clients and give them knowledge. We give them knowledge, good, bad, and indifferent, and let them do with it what they choose. This is an obvious one. It’s in their best interest. They need to know. They’re ignorant. This is something that a lot of business owners don’t think about and don’t want to think about.
‐‐‐
Steve reminds us that when it comes to fraud, business owners have to be vigilant. Business owners must always be on the lookout for telltale signs, whether it’s employees not taking vacation time, employees being too friendly with vendors, or basic oddities that you can’t reconcile in your mind. Sometimes, your gut instincts have to take over. While we always like to think that our business partners, our relatives, and our employees are honest, don’t put your head in the sand.
That’s for sure. Thank you all for joining us on the show. We hope this episode has been informative and enlightening. Feel free to share this show with your friends, and please don’t forget to subscribe. We look forward to spending more time with you on our next episode. Thanks again.
Take care, Stuart. Have a good day, everyone.
Important Links
About Steve Nicokiris
Managing Director, CBIZ Advisors LLC
Shareholder, CBIZ CPAs P.C.
Steven Nicokiris provides “hands on” practical business advisory, consulting, auditing and accounting services to middle-market, privately-held, private equity-owned and family-owned companies. Steven helps clients with tax planning strategies that minimize taxes; making meaningful introductions to enhance business and profitability; and efficiently planning, managing and supervising audit engagements and other special projects for clients.
Steven shares his expertise as a lecturer at various professional organizations and financial institutions on topics related to financial statement analysis, fraud prevention, selling and buying businesses, ESOPs and using benchmarking statistics to monitor business results. In addition, he frequently lectures at colleges and universities on job seeking tips and techniques and the benefits of working in an accounting firm that focuses on the middle-market.<
Steven has provided best-in-class consulting services to commercial lending institutions across the country. His deep knowledge of the middle-market lending community among bank and non-bank lenders helps clients maximize their existing and potential financing arrangements, buy-sell transactions and related structuring opportunities. Steve has been an active Industry Partner member of the New York Staffing Association for many years, a Board Member of the Metro Professional Group, an Advisory Board Member of the Global Chamber, New York Chapter and Vistage Trusted Advisor member in NYC for over 11 years.
Prior to joining CBIZ in 1988, Steven was an audit manager at PricewaterhouseCoopers in NYC.
Expertise
- Accounting & Auditing
- Business Advice & Consulting
- Dispute Resolution . Due Diligence/Quality of Earnings Reports
- Financial Projections & Cash Flow Analysis
- Employee Stock Option Plans (ESOPs)
- Tax Planning Strategies & Tax Structuring
Fraud isn’t just a big company problem — it’s often more damaging, more frequent, and harder to detect in small and mid-size businesses.
In this episode of Open For Business, featuring our guest, accountant and advisor to mid-sized businesses Steve Nicokiris, we unpack the hidden realities of fraud that many business owners overlook. From employee theft and manipulation of financial records to vendor collusion and cultural blind spots, fraud typically operates quietly, often in high trust cultures — with devastating financial and emotional consequences for the business owner.
Drawing on real-world insights, we explore:
- Why fraud is often called the “silent killer” of mid-sized companies
- How smaller enterprises are disproportionately targeted — and why
- The critical role of internal controls (and what happens when they’re missing)
- Why trusted, long-tenured employees can pose unexpected risk
- How workplace culture and leadership style influence fraud exposure
- The surprising ways fraud is discovered — and why it often isn’t
- Practical, actionable steps business owners can take to reduce immediate risk
We also discuss how remote work, lack of owner oversight, and operational gaps have accelerated fraud risks in recent years — and why many cases never reach law enforcement.
Whether you’re a founder, managing partner, or financial leader, this episode offers a clear-eyed look at one of the most under-discussed threats to business stability — and how to protect what you’ve built.
—
Trust Risks the Bottom Line: How Business Owners Can Prevent And Mitigate Fraud With Steve Nicokiris
Stuart, how are you?
Norm, I’m doing well. How are you?
I’m excellent. Nice day outside. A good day to have a show.
It’s a good day to talk about fraud. It’s one of my favorite topics.
Fraud is a good topic to talk about any day.
Not one of my favorite topics in general, but a good topic to talk about.
It’s a topic that no one loves talking about, but it’s something that business owners need to understand, be aware of, and not be naive to think that it doesn’t happen. Either they have relatives or friends in the business, or nobody would ever stab them in the back.
It’s also very easy to stick your head in the sand, but you know what happens when you stick your head in the sand. Something else is sticking up, and you can get kicked right in that.
Good point.
We have a guy named Steve Nicokiris. I’m going to extemporaneously, based upon this piece of paper that’s sitting right in front of me, describe what Steve does and who he is. For those of you tuning in, Steve is a Shareholder and is a Managing Director at CBIZ Advisors and CBIZ CPAs, which is a very large accounting firm.
Steve, not shockingly, provides accounting services. He also provides audit, due diligence, and business advisory services to the middle market. Some of the types of industries that he services are consumer products, apparel, retail, real estate, publishing, professional services, and so on and so forth. With that said, what Steve has done over the years is develop a deep expertise and probably an appreciation for fraud detection and prevention.
We invited Steve to join us because we want him to share some of, first of all, the truly staggering data relating to fraud in middle market businesses and how it is acting to effectively devastate several businesses. That’s sad because people work hard for their money. To the extent that people are committing fraud, it is devastating to those businesses.
We want to learn from Steve how you detect fraud, what fraud is, and what you can do to prevent it. The goal is for all of you business owners to read this broadcast and then not be able to fall asleep tonight worrying about whether or not the person you trust most is defrauding you.
The person ripping you off the most.
We’re pleased to have Steve with us here. We anticipate a lively conversation.
This is going to be a real eye-opener for business owners, particularly when Steve talks about the data or the actual numbers involved.
I’m excited to learn all about fraud.
‐‐‐
Steve, welcome to the show. We’re glad to have you.
My pleasure. I’m looking forward to speaking to you guys.
Steve Nicokiris’ Background And Expertise In Fraud Detection
Give us a bit about your background, and then tell us how you got involved in the fraud detection area.
I started my career at PWC. I spent seven years at PWC. I was doing audit work. After seven years, I decided it was time to leave. I went to work for a very small firm called Mahoney Cohen. It was small. It was unusual for people to go from Price Waterhouse to Mahoney Cohen. It wasn’t common for people to do that back then. That was many years ago.
When I got to Mahoney Cohen, I was in the world of small and middle market businesses. That’s where the fun began. I learned early on that you need to be a business advisor, consultative with your clients. That’s where all the value comes in. Luckily, I had a couple of mentors and was working with a lot of mid-sized family-owned businesses. During those years, unfortunately, I’ve seen a lot of bad things happen to good companies, fraud being the most prevalent.
I was learning and listening to what these people were going through. I was trying to help them, understanding and realizing how susceptible they were. That was the biggest takeaway I got. These people are walking fraud machines. What I’d like to say is fraud is the silent killer to mid-size and small businesses, and they don’t know it. These fraudsters are assassins. They are silent assassins sucking out the blood of our clients slowly and methodically, and are, unfortunately, putting a lot of them out of business.
Defining Occupational Fraud And Staggering Statistics
Steve, I want to dumb this down so even I understand it. For purposes of our show, how should our readers define fraud? What is fraud?
There are a lot of different types of fraud, but the fraud I’m talking about is called occupational fraud. It’s fraud incurred by employees of companies by stealing assets, screwing up the books, and playing games with numbers. It’s fraud that is stealing from its employees and stealing from companies. That’s what I want to talk about.
Occupational fraud is fraud committed by employees against a company, such as stealing assets, manipulating financial records, or “playing games” with the numbers. It involves employees stealing from their employers and misusing company resources.
You talked about, at one point when we spoke, the numbers that are involved in fraud in middle market and lower middle market companies.
It’s staggering. There are many people out there doing studies, but the most prominent study is done by the Association of Certified Fraud Examiners. They put out a study every two years where they analyze fraud around the world. They analyze about 2,000 frauds a year. I like to go even further, but their statistics talk about companies under 1,000 employees, where the average fraud runs between 5% and 10% of revenue for these companies.
About 75% of small businesses are hit by fraud in one way, shape, or form over their life cycles. That’s three times more than larger companies. For example, a large company would be anywhere from more than 1,000 employees. A smaller company is going to get hit by fraud three times more. They’re three times more susceptible to fraud. The fraud that’s being incurred on those companies is more than double the size. They come out with medians and averages, but the median fraud for a small business, according to the study, was about $160,000. That’s the median. The average fraud is about $1 million or $2 million.
Why Smaller Companies Are Highly Susceptible To Fraud
That said, why are smaller companies so susceptible to fraud?
The reason is that they don’t have the controls, bells, and whistles in place. They don’t have a good set of internal controls in order to watch their house. The opportunities are so much more available to fraudsters. A lot of our clients could be doing $10 million, $20 million, $30 million, or $40 million. They have a CFO. They have a controller. Some of the owners are involved in the business, and some are not involved in the business. Absentee owners are a big red flag. It’s a real opportunity for fraudsters.
A lot of our clients, while they’re very good business people, are not very good financial people. They don’t watch that side of the house. These fraudsters are smart. One of the things I also realized is that these fraudsters are smart. These are very bright people who are doing bad things. They are given the opportunity, and they take it, unfortunately. Number one, it’s there. Number two, there are reasons for them to take it. A lot of different red flags come up.
The bottom line is that small businesses are susceptible to fraud because the internal controls are lousy in most small businesses. The tone at the top could be lousy, too. The owners could not be showing the right thing as far as their attitude, the way that they treat their other people, their employees, and their vendors and customers. People see that. If employees see the owners not treating their customers well or their other employees well, they say, “Maybe I could do the same thing with you.”
Small businesses are susceptible to fraud because internal controls are weak in most small businesses.
When we talked about it, you mentioned that the biggest problem, sadly, is that a lot of times in a smaller business, you have relatives and close friends working for you. People who you would think are trustworthy and that you’ve known all your life. These are the people you want to have that are going to have your back. That wasn’t the case that you mentioned to me. You talked about the fact that the opposite is the case.
It’s counterintuitive. In small businesses, the longer and the more trusted the employee, unfortunately, that gives them more opportunities to do bad things. When you look at the statistics about fraud, it doesn’t have to be owners. There are a lot of mid-size and small businesses that have people working for them for 25 or 30 years. They may not be blood, but they are treated as blood. They’re thought of as part of the family. They are given a lot of authority, and they have a lot of ability to do bad things.
Those people, when they’re there, 10 years, 15 years, 20 years, or 30 years, and the opportunity is there, and they take it. That’s when the fraud happens. They aren’t in the $140,000 to $150,000 range. That’s the $800,000 to $2 million range for small companies. I’m talking about companies doing $5 million to $10 million a year, where these kinds of frauds decimate them.
Can you give us some examples? When you go into a business, are you brought in to look for fraud? Are you going in there as an accountant to look at the books, prepare financial statements, and come across the fraud? What’s the usual scenario?
I am not a fraud accountant. I am a middle-market CPA accountant. I work with middle-market companies and the owners of those companies to try to help them run a great business, make money, and save money on taxes. They call me in to do their tax return. I may come in to help them put together budgets. I may do financial statements, audits, reviews, or compilations. I’m not going to say we’re uncover because, honestly, most times, we don’t.
The biggest way fraud gets uncovered is not by being uncovered by accountants or by anybody. It’s by accident and by tips. That’s how frauds get uncovered. A forensic accountant does not come in and find fraud. They’re always called in after the fraud is already found. They’re analyzing what the heck happened and are like, “Let’s try to find out how bad it was.” Uncovering the fraud is very unlikely. It’s easier to catch fraud by accident than it is to have a forensic accountant find out.
What you’re saying is that people have some type of suspicion that something’s going on, wrong, not adding up, not equalizing, or whatever it is. They contact someone who says, “I’m concerned. Something is happening in my business. Somehow, this check, or whatever it might be.” They contact either you or a forensic accountant to say, “I need a deeper dive.”
It doesn’t sound like that. What you’re saying is that most of the time, it’s purely accidental or coincidental that they discover it.
This goes back many years. When I say tips, I mean either a tip hotline, a website, or an app. Companies don’t put that in. Only about 20% of companies even have that. The companies that have that, when they do find out about a fraud, 40% of the time the fraud is found as a result of a tip.
The Role Of Culture, Tone At The Top, And Fraud Awareness Training
Do you see culture, whatever that means, playing into fraud? Do you see it more when there are poor cultures within small and mid-sized businesses as opposed to a very cohesive, well-organized business?
When you talk about culture, there are a couple of different facets of culture. Culture has a huge impact on fraud. I use the term tone at the top. It’s not that it’s a friendly culture and collaborative. That’s all part of it, but I’m talking about fraud. It is being aware of fraud, being conscious of fraud, and doing things so that the culture is that employees know that you’re looking for fraud, that you are looking at the books, that you’re concerned about that, and that you have a policy in place where it’s something that is on your radar. That is the key right there.
Culture plays a critical role in fraud prevention. It starts with awareness and accountability—creating an environment where employees know fraud is taken seriously, where the books are actively reviewed, and where clear policies make it evident that fraud is on leadership’s radar.
A lot of business owners, while they have great cultures in their company, don’t have great cultures when it comes to fraud. They’re not even aware of fraud. They don’t do fraud awareness training for their employees. You talk about all this DEI training that is being done. Every company brings in these consultants to talk about being diverse. How many of you know that I have fraud awareness training?
I didn’t know there was fraud awareness training.
Neither did I.
That’s the answer to that one.
That came up in the last study. What they found was that companies that do fraud awareness training cut that training by itself. It’s a tone at the top concept. That cuts these incidents of fraud by 50%, and it cuts the amount of fraud by over 50%.
I have two questions for you. One, is the reason it’s cut down is that people are aware the company is looking out for that by having this fraud training, so they get a little more concerned about what they might otherwise do with it if it weren’t the case? Two, I don’t know if you can answer this, but for most people who are caught engaging in fraud, what excuses do they use? What do you find to be the most common excuse as to why people do the fraud or commit fraud?
To the first question, as far as awareness, the fact that the company is bringing in people to speak for an hour or so. It’s letting their employees know that fraud can exist in companies. If they see something, they should say something. That is a culture that permeates a company. If somebody knows that, they’re a little bit more likely to, number one, be on the lookout for it. If they’re on the lookout for it, they realize, “There is a way that I could say something.” Maybe they’re afraid for themselves. They could do it anonymously. That could help find the fraud and certainly cut it off before it gets out of hand.
That makes sense.
What is the second part?
There is a case study I’m going to tell you about. There are an unlimited number of excuses and an unlimited number of reasons. The bottom line is, they felt like they deserved it. A lot of times, they feel like they are being taken advantage of. They’re not being heard. They’re not being properly paid. They don’t think that the owners respect them.
The obvious reason is they’re having their own issues. They’re having financial difficulties. There are drug problems. There are family issues. There are credit issues. A lot of companies aren’t aware of these things, but it happens a lot. The other thing is, since the pandemic happened, the incidence of fraud has increased by 25%.
What was that attributable to?
It’s remote work. There’s less oversight. People have more time to think about doing bad things. There are so many things that people could do. They have access to records 24/7. They could create some bad things, uncover records, and create bogus records. They could spend all day doing it, and nobody sees anything. Nobody sees a thing.
The world would be a different place if people used their expertise for good and not evil. It’s incredible to me.
It sounds like a movie line, but it’s true.
The David Kaufman Case Study Of Fraud By A Trusted Employee
Steve, you had mentioned a moment ago that you had prepared a case study. Can you give us a little bit more insight into that, please?
This particular case study is several years old, but it sticks in my gut for a lot of reasons. This was a client of mine. They have been a client for many years. It was a company in the manufacturing and distribution business, doing about $10 million of business and making good money. The owner was a woman who was a very classic owner. She was a designer by trade. She was not a business person. She had limited financial acumen. She hired a controller. I remember his name. His name was David Kaufman. I could picture his face. He was such a bad dude. He would be there for many years.
Talk about red flags. He spoke often about how he did not like the owner of the business. He didn’t like her. He felt like he was being underpaid. He led other people. He said this to other people in the company. It was common knowledge that he said these things. He was with the company for many years, and he took a vacation.
The accounts payable clerk, happened to glance through a monthly bank statement and saw checks written to a couple of the vendors. Some of the checks were computer-generated, and some of them were manual. It was a little surprising. It was to the same vendor. He happened to look at the backs of the checks. They had different endorsements. The endorsements on the back of the checks were not identical. This guy was good. This is pretty advanced thinking. This accounts payable clerk did this.
He called me up, and we met with the owner and him. It certainly didn’t make sense. We didn’t know what to make of it, so we called up the vendor. He said, “We have a couple of different checks. I want to confirm that you got our payments for these checks.” He rattled off the computer-generated checks and said, “Yes,” but for the manual checks, he said, “No, we didn’t get it. We don’t know what you’re talking about. We never got that payment.”
The red flag went up. We knew something was going on. We met with the CFO. The owner called their attorney. The attorney said, “You could have a meeting with the guy. Don’t do it alone. Have a meeting and ask him to explain what it was.” He confessed to the fraud and said, “I sold about $30,000. This is what I did. If I could keep my job, I’ll pay you right back.” We went back, and we did a little bit of forensic work. It wasn’t $30,000. It was about $350,000. It wasn’t only that. In addition to that, that was about 80% of it. That was the biggest part of it.
The other part was that he ended up writing a lot of checks payable to himself as additional bonuses. Those checks were forged. What I wanted to say is that he did not forge the checks to the vendors. What he did was recirculate invoices from the same vendor. What he normally did was he’d put up a batch of payments to the owner, and she would sign them. It could be $15,000 or $20,000 once every other week or once every couple of weeks.
She would have a batch of invoices with checks, and she thumbed through them and signed. She didn’t check what heck she was signing. What he would do was she would sign a legitimate invoice, and then he would take that invoice again, recirculate it, write a manual check, and put it in the batch. She’d sign that. She didn’t know she was signing the same invoice twice.
He did not have check-writing authority. She didn’t give that up, but she didn’t follow through by doing any diligence on the check she was signing.
He didn’t have check-signing authority.
How did she react when you went to her? Obviously, the payables clerk went to her first, but when you discovered the enormity of the fraud, how did she react to that?
She couldn’t believe it. She was very trusted. She trusted him while he hated her. He had full access to everything. He was on the team. He was the number two and number three guy in the company as far as level of trust and what she thought of him. She was devastated.
Was she aware that he was badmouthing her and thought ill of her?
She had no clue.
He had never spoken with her about that.
No one said boo. As we were having these meetings, when I was sitting with her and the accounts payable clerk, it came up. We said, “Were there any signs of this? Is there anything that you could think of?” He said, “I don’t know, but he hates her.”
What happened? Did she give him a promotion and a raise, and all was well and good after that?
He’s the CEO of the company, and he’s stealing $10 million a year.
If he’s that ambitious and that clever, he should be.
Steve, finish the story. After it went from $30,000 to $300,000, what took place?
We met with him again and said, “We see it’s not $30,000.” We came up with $300,000. We went back several years. We didn’t go back to when he first started, but we went back several years. There was a pattern where it started out slowly. There were 1 or 2 checks, and then it went to 4 or 5, and then it went to 10 or 12. It escalated. We saw that escalation as he was getting more brazen with this.
He confessed to everything, and he agreed to pay her back. He said, “I’ll pay you back as long as you keep me or don’t press charges against me.” He didn’t pay it back 100%. He paid it back about $300,000. She had insurance as well. She did not press charges against the guy. She spoke to the authorities, but they were very uninterested. The amounts were not that significant. She decided not to press charges.
What was interesting was that about 2 or 3 months later, I was in my office, and I saw somebody speaking to one of my partners behind closed doors. It was him. He was in my accounting firm, speaking to one of my partners about something. I was freaking out because I couldn’t believe this guy was in my office. I had no idea what he was doing.
I didn’t do anything. I waited for the meeting to end, and I walked to my partner and said, “Excuse me. You were talking to this guy. What were you talking about?” He was interviewing for a CFO position at one of our other clients. I said, “Are you kidding me? Can you show me his resume?” I looked at his resume. Other than his name, everything was bogus. He didn’t have the other employer’s name listed on the resume at all. He had created a whole new resume.
Low-Cost Mitigation Strategies Like Positive Pay And Background Checks
Steve, going back to this case study, a lesson to be learned here. What should have taken place? How could the company have prevented the fraud other than the owner looking at the invoices and recognizing, “I signed one for this same amount last week?” Other than having someone come in and lecture about fraud, what’s a lesson to be learned from this situation or this particular case study that our audience could take away here?
You can never 100% get rid of the opportunity, but you could certainly mitigate it. One would have been for her to be a little more diligent when she was reviewing the batch, to look at the invoices. When an invoice gets paid, something should be done to put anyone on notice that it’s been paid. Stamp it PAID or something. That could have been done.
She could have done something very different. Banks have something called positive pay. Banks have different products. It’s basic. This has been a place for years. Positive pay is a system that a bank offers. It’s a product that they offer to every company, where you could give them names of vendors, addresses, and amounts, and they will only pay vendors based on what you provide to them.
In this example, if it were a vendor named David Kaufman Company. She could have given them a list of, “These are the amounts that I want you to authorize for this check this month. There’s one invoice for $5,200. That invoice, I’m authorizing you to pay.” They will pay for it. If they don’t pay it, then that’s their risk. They blew it. You could submit that list to the bank at all times so that every payment that is being made is only based on an authorized listing that you provided to them. That’s all automated. It’s very easy to automate. It’s something that is basic to do.
I wonder how AI is playing into this. Clearly, the business owner who’s busy. In your case, this business owner who was not checking the underlying work before signing these checks, has other things going on. Have you seen any instances where AI is either assisting fraudsters or, for that matter, resisting fraudsters?
I think both. I want to go back. The other thing I wanted to say, which I didn’t say about this case. The guy was a convicted felon. When my company hired him, they used a recruiter. Whatever the recruiter did, the recruiter did not do proper background checks. He said, “If you had done a proper background check, including a criminal check, you would have found that I had a criminal record.”
He admitted to that?
He did.
That’s unbelievable. You said that she had insurance, also. Let me touch on that before we get to the AI. I’m not familiar with this, but is there fraud insurance that the business owner can pick up?
Yes, but 75% of small business owners are underinsured on their fraud insurance. In your general liability, you have some fraud protection, but there’s special fraud insurance. That’s not even inclusive of cyber. Cyber is a whole separate type of fraud. Occupational fraud insurance is available. For most companies, their basic is $25,000 to $50,000, which is clearly not enough. Most companies do have some level of insurance, but usually the basic, maybe up to $25,000 to $50,000 of insurance. Luckily, he paid back most of it, so she did get back a good chunk of it through insurance. She was made almost whole, which is very lucky.
You had said that that particular client was in manufacturing and distribution, if I remember correctly. Are there, in your opinion, industries that are more susceptible to fraud? Is fraud more prevalent in certain industries?
Yes. Consumer product companies that have inventory are more susceptible to fraud than service companies that don’t. It’s another area of opportunity for people to steal things. Not only could they steal money, but they could steal inventory. That’s a very big opportunity. Companies with high levels of payroll, like staffing companies, are susceptible to fraud. You could be a $20 million to $30 million payroll company, but you could have a thousand W-2s, especially if they’re putting temps all over. You could easily have someone create a bogus employee for $200 to $800 a week that goes under the radar. It gets added to the payroll, and doesn’t get caught.
The Impact Of AI On Increasing Fraud Incidents
Would that be an instance where AI would assist a fraudster in pursuing some sort of a plan, possibly?
We’re seeing it every day with different types of fraud being incurred through email scams and all that. Every company in America has a story about it, or either has been or is being prodded into it. AI is going to have an impact on fraud. The fraudsters are going to be smarter. There are going to be more opportunities and more ways for them to come in and do bad things. I’m confident fraud will continue to increase, especially in small businesses.
What I find so amazing is that we hear all the time on the news the level of loss to companies from theft. You hear that, and you’re amazed by it. People don’t talk about fraud, and the enormity of the impact that fraud has on a business.
For small businesses, it’s a double whammy because large businesses have fraud as well, but they have the wherewithal to absorb it. We said the fraud could be up to 5% to 10% of revenue. If someone steals $1 million from a $10 million company, that’s substantial. That could represent the equity in the company. That could put them out of business. What they’ve found is that’s what happens. The statistics said that in one third of the bankruptcies in small businesses, fraud was a reason for the bankruptcy.
Statistics show that in one-third of small business bankruptcies, fraud is a contributing factor.
That’s very sad, if you think about it. In your experience, what percentage of these fraud transactions end up in some sort of criminal investigation? In your case study, it didn’t go there.
Few. I’d say less than 10%.
Why is that, in your opinion?
Embarrassment. People are embarrassed. Business owners don’t like the idea that they would have to go to their insurance company and go to the police. There’s a whole exercise that you need to go through. The time involved. They don’t want to spend the time to do it. They don’t want to bring it up. It’s so hurtful. They’re trying to move on from it, and they don’t want to bring it up again.
There’s also the law enforcement’s lack of interest, especially if it’s under $1 million. If you call the police to the company, they’ll laugh at you. They’re so busy that they don’t have time to deal with it. White-collar crime is not on their radar. It doesn’t get the attention it deserves. People don’t want to talk about it. That’s the biggest thing.
I was speaking to another business owner. A good friend of mine was in the staffing business. He sold his company for a great, wonderful transaction. It was significant. I was speaking to him about this. He’s a good friend of mine. I was talking about fraud, and he said, “Steve, I want to let you know I got defrauded by my CFO about 8 or 10 years ago. He took over $1.5 million from me. I sued the guy, and I put him in jail.” He did that because it was more substantial.
Talk about the feeling. This guy was on his team. He wasn’t a family member, but he was like family. He couldn’t believe this guy did it. This guy was one of the better businesspeople I know. I was shocked. He said, “Steve, this is a topic that needs discussion.” I’m a Vistage member. He said, Steve, “You’ve got to speak to Vistage and tell them. You’ve got to speak to business owners about this. They don’t know. They don’t care. They’re not doing the right thing. They are susceptible, and they don’t even know it.”
It’s a combination of trust and a sense of entitlement. That’s a bad combination.
If I have 30 clients, I could go to 15 or 20 of them and say, “The opportunity is ripe for anybody to do bad things.” Whether it be $50,000, $100,000, or $200,000.
It’s a case because business owners are so busy running their business. They’re being pulled in 25 different directions. They don’t have time to breathe. This is not something or some area they can focus on. They don’t put the time into it.
Shame on them.
I agree. They do that, but it is what it is, sadly.
That’s why they need you, me, and my competitors to go to these clients and remind them, “Tell me. What is the biggest asset that you own? It’s your business. What do you think your business is worth?” They’re like, “I don’t know. $10 million or $20 million?” We’re like, “What happens if someone comes in and is stealing your business?”
They put you out of business because they steal $1.5 million. That’s gone. Is that important to you? Is it worth it for you to spend a little time to sit down, speak to your lawyer, and speak to your people, like, What are some very basic things I could be doing that don’t take a lot of time that maybe could help mitigate this?
If they say, “I don’t have the time.” Say, “Could you do me a favor? Could you walk into your bookkeeper, get a check for $1.5 million, and give it to me if it doesn’t mean that much to you?”
I relay 1 or 2 stories. I say, “You give me five minutes. I have twenty of these. Do you want me to give you 1 or 2? Let me give you one or two stories. They stole $200,000, $300,000, or $1 million. They did it this way. Payroll. Theft. Collusion with vendors.” The opportunities are limitless. I can’t accept that you tell me you don’t have time. That’s unacceptable.
It’s a sad story.
Actionable Steps: Reviewing Books And Forcing Mandatory Employee Vacation
Business owners have trusted advisors. They have their accountants, attorneys, financial planners, and others. You had mentioned a moment ago to speak to them. What is the business owner supposed to do? Give us a little more concrete information. The business owner who’s reading this is not going to sleep tonight because they’re worried about their friend, Tommy, who was their friend in high school and is their controller, ripping them off. They come to you and say, “Steve, what the heck am I supposed to look for?”
First of all, they have to think about it. If they’re not thinking about it, they shouldn’t be sleeping at night. It takes walking into the office. You walk into the controller or the CFO and say, “Let’s sit down. Show me the bank statement this month. Let’s go through it. Can you show me? Let’s take a look.
Give me the payroll run. I want to see the payroll run. Show me the payroll run for last week. I want to take a look and see all the employees on the payroll. I want to see how much we’re paying everybody. Have you guys taken a vacation? You haven’t taken a vacation in eight years. What’s going on? How come you’re not taking a vacation? I want you to take some time off. I’m going to give you $1,500. Go to Puerto Rico with your family. It’s on me.”
Let me ask you. In the context of fraud awareness, which you mentioned at the outset, I don’t know whether you talked to owners about that or you provide these clinics or these programs. Are there checklists that owners could have that say, “When you’re running a business, these are the things you want to look out for, be alert to, or to do?” As Stuart said, what should you be looking for? What should you be doing to prevent this?
There are. Due to this, a lot of the banks do a lot of basic things. For a lot of people like me, if you go online and Google, you’ll find a whole bunch of stuff that’s out there. It does require a little discussion that a lot of people don’t have. They’re not having it. I’m not happy about it. My competitors don’t talk about it. They’re not talking about it, and I don’t know why. I think they’re ignorant themselves. They don’t want to. It’s very basic.
I was in a Vistage meeting, and I spoke about this a couple of years ago. At the end of the meeting, one of the owners came over to me. He’s whispering. He said, “My bookkeeper stole hundreds of thousands of dollars from me. I’m still reeling from it. I have not recovered fully from this.” He was embarrassed. He didn’t raise his hand during the meeting and say, “This is something that we should all speak about,” and that’s the problem right there. That attitude doesn’t belong behind the scenes. It belongs front and center.
It’s like the silent killer.
It is, and it’s a shame. Stuart and I finished a beautiful transaction a couple of months ago with a wonderful company. In that company, the owner was very financial. The controller was the wife of the husband. If she weren’t the bookkeeper, she could be stealing millions of dollars over the years.
There’s no doubt about that.
$100,000 a year of a $10 million company, whether or not the company is making money or losing money, they’re not going to find it unless they are looking for it.
I’ve been taking some notes. Is it fair to say, number one, the business owner has to be aware? They have to be concerned regardless of how airtight they believe their business is. Number two, they have to speak with their professionals and take guidance from their professionals with respect to this issue. Number three, and I thought that you said this very well. Force your financial people, whether it’s your CFO, your controller, or whomever, to be out of the office for a week, two weeks, or what have you, so that you can do an independent evaluation of the books and records. Is that fair?
Yes. Things happen when you’re out of the office. This guy was out of the office. The bank statement happened to come in. It was luck that it came in when he was not around. It was luck that the guy, the accounts payable clerk, happened to open it up, look, and find something that looked unusual. He was smart enough to do a little bit of extra work. If he didn’t do that, that could have been going on for another 6 months, 1 year, or 2 years, and the numbers could have been ten times bigger than what they were. This is a $10 million company. I’m not talking about a $50 million or $100 million company.
You said at the outset that a lot of times, these things are uncovered by chance.
They are, and that’s the sad part. That’s why putting in a tip system is a no-brainer. It doesn’t cost anything to do. That’s, overwhelming by ten times, the most popular way these things are getting detected.
When you say a tip system, that’s what I was going to ask you. Give us an example of a tip system so people understand what you’re talking about.
Let’s assume the company. In the newsletter, there would be a thing saying, “New policy in place. We have a new system that, if you see something, we need you to say something. If you see a vendor, an employee, or a customer doing anything unusual or suspicious, we’d like you to let us know about it. We’d like you to let us know anonymously.” That could be in the newsletter every month.
They can have a company meeting with their employees. During the company meeting, the owners could say how they realize they love their employees and they love the company, that they know it’s a small company, and that there are no bells and whistles covering everything. If anyone sees anything going on, it would be important for them to let someone know.
They’re like, “Let us know if you see anybody doing anything in the company that you think is hurting you or hurting me. It means something to me. I may even reward you.” They could put out a reward. They’re like, “If you say something, like, ‘We found someone,’ we’ll give you a $1,500, a $5,000 bonus, or 10% of what we find.” It could be anything to give people an incentive to say something.
That’s all great advice. The conversation, besides being informative, was scary as to what goes on in this world and what shouldn’t go on, which is the sad part about it. Business owners don’t focus on this as they run their business. The only tips at the end that you and Stuart talked about are great tips on simple things you can do to prevent this from happening.
It’s pretty obvious as long as you’re aware of it.
I created a top ten list that I like to give to all my clients of things that they should be doing. That includes some of these things and a few more things. These things cost next to nothing. I’m not talking about hiring us to come in and do a forensic order for $25,000 to $30,000. That’s not what I’m saying at all. Another thing I want to say, which is a little fun fact, is that size matters. The smaller you are, the more susceptible you are, and the harder it hurts. You don’t need to be a $200 million or $300 million company to be concerned about this. You shouldn’t be. The smaller company should be much more concerned.
Personal Anecdote: Fraud Committed By The Speaker’s Own Office Manager
Everything you mentioned isn’t complicated. They’re simple tasks or simple things that you can do to prevent this. I love the tip system. “If you see something going on that’s wrong, notify us, whether it’s with a vendor, a contractor, an employee, or anyone. Let us know anonymously.”
We had fraud in our own company. Our office manager committed fraud against our firm several years ago.
You read about it all the time.
He was on vacation, and someone saw a Tiffany gift box sitting on her desk. Someone noticed that. That’s unusual. Why would something from Tiffany be on the office manager’s desk? One of our office supply vendors sent it to her. We did a little bit of checking. We were being overcharged by him by thousands of dollars, and she was taking kickbacks.
Having it sent to the office is brilliant.
That’s another thing I’ll tell you. People are brazen. Sometimes, you’d be amazed. They confess. They say things that you wouldn’t expect. They share what they did. They take pride in what they did and say, “I’m surprised it took you so long.” They realize that they’ve done it, and they’re going to do it again because it’s very unlikely that they’re going to be put in jail for it.
That’s a great word, brazen. When you talk to people doing what you do, they have said it before. I’ve talked to forensic accountants and other forensic investigators. They use that word on a regular basis. It is amazing how people do that. This has been great. It was informative for me. I took notes. I’m sure our readers are going to enjoy this conversation. Thank you.
It is a bit scary, but there’s a lesson to be learned by virtue of the fear factor here. Everybody should be aware of it. That’s very important.
Our job is to inform our clients and give them knowledge. We give them knowledge, good, bad, and indifferent, and let them do with it what they choose. This is an obvious one. It’s in their best interest. They need to know. They’re ignorant. This is something that a lot of business owners don’t think about and don’t want to think about.
‐‐‐
Steve reminds us that when it comes to fraud, business owners have to be vigilant. Business owners must always be on the lookout for telltale signs, whether it’s employees not taking vacation time, employees being too friendly with vendors, or basic oddities that you can’t reconcile in your mind. Sometimes, your gut instincts have to take over. While we always like to think that our business partners, our relatives, and our employees are honest, don’t put your head in the sand.
That’s for sure. Thank you all for joining us on the show. We hope this episode has been informative and enlightening. Feel free to share this show with your friends, and please don’t forget to subscribe. We look forward to spending more time with you on our next episode. Thanks again.
Take care, Stuart. Have a good day, everyone.
Important Links
About Steve Nicokiris
Managing Director, CBIZ Advisors LLC
Shareholder, CBIZ CPAs P.C.
Steven Nicokiris provides “hands on” practical business advisory, consulting, auditing and accounting services to middle-market, privately-held, private equity-owned and family-owned companies. Steven helps clients with tax planning strategies that minimize taxes; making meaningful introductions to enhance business and profitability; and efficiently planning, managing and supervising audit engagements and other special projects for clients.
Steven shares his expertise as a lecturer at various professional organizations and financial institutions on topics related to financial statement analysis, fraud prevention, selling and buying businesses, ESOPs and using benchmarking statistics to monitor business results. In addition, he frequently lectures at colleges and universities on job seeking tips and techniques and the benefits of working in an accounting firm that focuses on the middle-market.<
Steven has provided best-in-class consulting services to commercial lending institutions across the country. His deep knowledge of the middle-market lending community among bank and non-bank lenders helps clients maximize their existing and potential financing arrangements, buy-sell transactions and related structuring opportunities. Steve has been an active Industry Partner member of the New York Staffing Association for many years, a Board Member of the Metro Professional Group, an Advisory Board Member of the Global Chamber, New York Chapter and Vistage Trusted Advisor member in NYC for over 11 years.
Prior to joining CBIZ in 1988, Steven was an audit manager at PricewaterhouseCoopers in NYC.
Expertise
- Accounting & Auditing
- Business Advice & Consulting
- Dispute Resolution . Due Diligence/Quality of Earnings Reports
- Financial Projections & Cash Flow Analysis
- Employee Stock Option Plans (ESOPs)
- Tax Planning Strategies & Tax Structuring