Big Boy diner franchisee Frisch's Restaurants Inc. has filed suit against a former accounting executive for allegedly embezzling more than US$3.3 million from the company, the
Cincinnati Enquirer reports. An internal audit in December discovered cost discrepancies between the company's credit card transaction records and those of the company's assistant treasurer, Michael Hudson, who had worked at Frisch's for 32 years. Hudson then resigned a few minutes before a meeting to go over the discrepancies. Following an investigation in January, Hudson admitted to stealing the money. Although Hudson said he had lost all the money gambling, Frisch's investigation found that he had made large withdrawals from his personal accounts at a Cincinnati area casino and had purchased more than US$400,000 in land, vehicles, and jewelry.
It might be tempting to focus on the specific circumstances, severity of impact, and prospects for recovering losses from a multiyear fraud against a mid-sized local company. However, although I am not familiar with the corporate history of Frisch's, I suspect the bigger lessons may relate to those companies that start small then grow much bigger, but do not pay sufficient attention to implementing the internal controls and processes essential to protecting themselves from fraud. Such companies may be particularly susceptible to fraud by long-serving employees who have been granted unconditional trust.
Those controls, which frequently are referenced in the pages of
Internal Auditor, include:
Ethics and financial management policies that state clear expectations for employee behavior.
Appropriate segregation of authorities and duties, especially to limit senior officials from sole or unchecked control and access over large sums of money.
Accounting systems that integrate monitoring and reporting routines to flag unusual, recurring, and large transactions for further scrutiny.
Perhaps most importantly in the context of this story — and maybe unfortunately for what lies ahead for Frisch's board of directors, CEO, and chief financial officer — is the question of the strength of the company's governance and control regime. To be effective, that regime must include directors who regularly ask and get satisfactory answers to penetrating questions about the company's operations and financial health. It also requires a senior executive team that is rigorously focused on balancing business interests and profits with maintaining high standards of ethical corporate behavior.
One additional essential element of an effective corporate governance and control regime is a strong, independent internal audit function — or its equivalent — that systematically and objectively assesses and advises the board and management on what the organization's people and processes are doing against expectations. The IIA's practice guide,
Assessing Organizational Governance in the Private Sector, provides examples of what internal audit needs to examine. Without such a review, it is doubtful that an organization of any size could realistically expect to avoid the kinds of problems illustrated in the Frisch's case.