The Inside Job

Electrical contractors understand the value of risk management in protecting the assets and financial health of the company, even as they struggle to do so at a reasonable cost. Costs associated with risk include insurance premiums, retained losses (those you pay for directly), implementation of safety and loss control programs, and administrative functions.

There are two major categories of risk. Business risk involves the inherent chance for profit or loss that is associated with any business endeavor. Insurable risk, also called pure risk, only addresses losses and involves no chance for profit.

A proper risk-management plan includes several important steps:

1.Identification of potential risks, by inspecting property and processes; analyzing associated costs; reviewing contracts, claims and loss history; and interviewing personnel

2. Analysis of frequency (probability of occurrence) and severity (extent of consequences) of those risks

3. Selection of an approach—avoidance, retention, control, or transfer

4. Implementation of the approach

5. Monitoring results and costs

With recent increases in white-collar crime, your company may be at greater risk from your own employees than from any other source. Preventing employee-related losses requires that you create an atmosphere of fairness, trust, and empowerment; design a system that discourages dishonesty; enforce disciplinary policies and prosecute criminal acts immediately; pay attention to warning signs; and don’t pretend it can’t happen in your company.

If you don’t carry insurance for employee--related liability, consider adding such coverage, since premiums have decreased. At the very least, make sure that your policies are legally proper and enforceable as they apply to liability for discrimination, hiring and termination, sexual harassment, grievance and disciplinary processes, working conditions, health issues and statutory requirements.

It may not be possible to insure against all crime losses. Securing property and locking up your cash is not enough, now that theft of time has surpassed both in frequency. Timekeeping systems may be upgraded to include biometric (fingerprint or retinal) identification to prevent employees from punching in or out for each other. You may require supervisor oversight and reporting, and occasionally a manager may deliver paychecks in person to detect “ghost” payrolling.

White-collar crime is defined as theft by nonviolent means and usually involves a violation of trust. That is what makes it so difficult to find and prosecute. Fraud requires three conditions: a need, a rationalization and an opportunity.

Embezzlement relates specifically to something already in the person’s custody, so your procedures should be designed to minimize the opportunity to commit such acts. Employees often rationalize that they were “just borrowing” instead of stealing, that they didn’t hurt anyone, that they were underpaid or overlooked for promotion, or that they were following the example of a manager or peers who were stealing, too. When employees face financial stresses, even the most honest may be tempted to steal “just once.”

Managers, too, commit fraud, often in the form of “cooking the books” or contractual breaches. Their goals may be financial gain, justification of a potential bonus or hiding poor company performance. Even owners are not immune to defrauding their own companies.

According to an annual survey by KPMG Peat Marwick on fraud, conditions favorable for fraud included poor internal controls; collusion between employees and third parties (suppliers, customers, bankers); management override of existing controls; and operating in a high risk industry.

Red flags were ignored in almost half of the cases found, and although more than 80 percent of employers investigated and two-thirds reported the acts to police, only one-third filed civil actions for recovery and more than one-quarter retained the employees rather than firing them.

The same survey revealed that fraud was usually revealed through internal controls, notification by a customer or employee, internal or external audits, management investigation, or by accident. The most common steps taken to reduce internal fraud included establishing a corporate code of conduct and conducting reference checks on new employees. Less than half of employers improved internal control systems or increased senior management focus.

Computers have made it easier to commit some types of fraud involving alteration of documents. Paper ledgers with India ink entries were harder to alter without detection. Hackers may divert funds, damage records or change financial statements. Technology can be used for either the commission of crimes or their prevention.

Given all of these conditions, is it possible to implement a system that effectively reduces potential fraud? In Part 2, we will look at some specific things to watch for and controls to include in your risk management plan. EC

NORBERG-JOHNSON is a former subcontractor and past president of two national construction associations. She may be reached at


About the Author

Denise Norberg-Johnson

Financial Columnist
Denise Norberg-Johnson is a former subcontractor and past president of two national construction associations. She may be reached at .

Stay Informed Join our Newsletter

Having trouble finding time to sit down with the latest issue of
ELECTRICAL CONTRACTOR? Don't worry, we'll come to you.