Rural electric co-operative Naknek Electric Association (NEA) has filed suit against its former general manager, accusing her of using the company credit card for personal expenses over more than 10 years, Alaska Public Radio reports. The lawsuit alleges that as the only employee with oversight of the company's spending, Donna Vukich embezzled $970,359 between 2004 and 2016 by burying her spending under codes in various NEA business accounts. After being confronted by NEA's board last year, Vukich paid back $398,000, but negotiations to recover the remaining amount have fallen through, prompting NEA's lawsuit. NEA has spent $60,000 in auditing and attorney fees. The NEA board said it has put safeguards in place to guarantee spending accountability in the future. Vukich retired from her position in March 2016.
This story is the classic case of a trusted employee gone bad who exploits fundamental gaps and weaknesses of a small organization to steal for personal gain. NEA says new policies and controls are in place to better prevent this theft from occurring again. But what are those measures? They might not be a comprehensive solution to prevent and deter this kind of fraud. Here are three areas to act on:
- Establish a strong governance and accountability regime that is "fraud smart." Even small organizations should be expected to have board directors who are equipped and required to identify and act upon early signs of fraudulent behavior. That includes integrating fraud competencies into the hiring framework for directors and director fraud prevention training. Another director competency is appropriate knowledge of accountability mechanisms and organizational roles and responsibilities — including segregation of duties requirements — financial controls, accounting systems, and the role of audit/fraud risk assessment. Directors also must be able to engage in independent, critical thinking, and actively challenge management with penetrating questions, when necessary. There also should be performance expectations set for directors that include consequences for failures to identify and address preventable fraud events, such as performance assessments, remuneration, and even director dismissal.
- Ensure basic gaps in financial controls, policies, and accounting processes are fixed. To start, it is fundamental to close the gap where there was no segregation of duties over purchasing. In this case, one person was authorized to approve an expense, rather than having a different person be responsible for overseeing that expense. Even the smallest organizations can set up such a system — and NEA was not that small. Additionally, expenditures must be monitored, reviewed, and periodically audited to ensure they are appropriate. This would include a requirement that original invoices be provided. Even online and telephone purchases can be required to be supported by documentation. Moreover, the money allegedly stolen in this case each year was material enough that scrutiny of budget versus actual expenditures would have revealed discrepancies. Regular audits of financial controls, policies, and systems also are essential in detecting signs of fraudulent activity. These three measures alone may have disclosed the fraudster's activities at an early stage.
- Adopt human resource management policies that balance trust with safeguarding organizational interests. Hiring, performance management, ethics, conflict of interest, training, compensation, and termination policies and systems all need to be aligned to be "fraud aware." It's nice to think that all long-term employees doing the same job can always be trusted, but for critical jobs where material assets are under their control, there should be safeguards in place such as job rotation policies and regular background checks to determine whether there have been lifestyle changes that were potentially driven by employee theft. Where fraudulent activity is suspected or discovered, it's possible that circumstances might warrant a negotiated settlement, such as in this case, but generally it's better to act decisively to discipline, terminate, and prosecute the employees found responsible. This sends a better message of deterrence and zero fraud tolerance both to employees and to clients and stakeholders.