Don’t believe all you read on fraud
A recent Google search for dental embezzlement articles located approximately 30 articles, many written by some of the “stars” of dental consulting. Most followed a common theme; they offer tips for fraud prevention that include control procedures, each designed to block a specific fraud technique. While I agree that certain controls and techniques advocated by those authors are good ideas for reasons unrelated to fraud, I categorically disagree with the suggestion that more or different controls will prevent fraud.
My attack on this conventional wisdom deserves explanation. While I am sure the authors had good intentions (and, by raising dentists’ awareness about fraud clearly have performed a valuable service), I also think most have been caught by something called the Dunning-Kruger Effect, which happens when people who understand the basic elements of an issue become convinced they have a mastery of that issue. Many proponents of the “more controls prevent fraud” principle are either generalist consultants who advise on many areas, or dentists who are writing about their own (necessarily limited) fraud experience.
Fraud theorists have developed the “fraud triangle” that suggests three ingredients are required for fraud to happen: “pressure” (meaning motive), “opportunity” and “rationalization.” Most pundits have correctly recognized the impossibility of controlling people’s motivation or preventing rationalization, and therefore conclude that eliminating opportunity is how to prevent fraud. I agree with this analysis on a theoretical level; however, based on my own experience I conclude that many of the writers haven’t considered that while their suggestions cause the removal of some opportunity, for this approach to succeed, all opportunity must be eliminated.
My company investigates embezzlement against dentists every day. Involvement with hundreds of embezzlements grants us a perspective that is impossible for the generalists and dabblers to acquire — we are given the chance on many occasions to watch how thieves behave.
The people who steal from dentists share common characteristics — superficially they are usually long-service employees, exude efficiency and are liked by peers. Looking deeper, we see both a level of intelligence beyond what is required for their position and also a specialized intellect, which I would label “criminal intelligence” — the ability to perceive systems and rules, and to tailor behavior to work within (or around) the rules. Also, embezzlers are driven by powerful motivation, summarized as “need” or “greed.” This combination of motivation plus “criminal intelligence” permits embezzlers to triumph over virtually any control system you might implement.
An uncomplicated solo practice has hundreds of possible fraud pathways. Considering each individually, you might be tempted to implement a control that would thwart that specific fraud. For example, the dentist personally making all bank deposits — a procedure advocated in many articles — blocks a specific fraud technique (someone helping themselves to cash or checks intended for deposit). However, making four bank deposits weekly takes considerable time for which the dentist should have better use. Second, this fraud is one rarely seen in practice (presumably because it leaves an obvious discrepancy when bank deposits don’t match daysheets). But this control procedure is visible to the thief, who, driven by the powerful forces I mentioned, will not simply surrender. Instead, the thief will develop an alternative way to steal that will circumvent the dentist’s control efforts.
There is probably a control that would defeat any alternative fraud method selected, but this will simply prompt further adaptation. Since every control costs time, money or productivity, to implement procedures to block every known fraud modality would grind every dental office to a halt. I confess that, for most of my 20-year plus investigative career, I, too, believed in controls. My epiphany happened about five years ago when reviewing an investigation with one of my senior investigators. He had examined several years of transactions when he noticed something interesting: There was a point when the dentist (not realizing at the time that he was being embezzled) made some procedure changes in the office, including a new requirement that the dentist personally authorize all write-offs. The change eliminated the thief’s favorite method of stealing: writing off balances she collected and pocketed.
What became clear to us was that, when the dentist decided that he needed to control write-offs, the embezzler varied her scheme and, within days, was happily stealing again. Subsequently, we have seen this pattern repeated frequently — a dentist, either with concerns about fraud or simply unhappy with some aspect of their practice, makes some change that impinges on the fraud methodology employed, which is followed by a quick adaptation by the thief.
There are other pieces of evidence supporting the uselessness of controls in prevention. Published statistics suggest that over half of dentists will be fraud victims in their careers. Surely, with so much information about control systems available to dentists, if those systems worked, the incidence of embezzlement should be much lower. I should also mention that the embezzlement probability has remained fairly constant over time, notwithstanding ongoing improvements in the security features in practice management software.
Also, the American Dental Association performed an extensive embezzlement survey in 2007. One question asked was how embezzlement was discovered. Less than 20 percent of fraud was uncovered by what I consider to be planned operation of the dentist’s control system (including discovery by the dentist’s accountants). More than 80 percent was discovered by accidental means, such as employees being fired for other reasons and their replacements finding fraud, or from patient complaints about billing irregularities, pointing again to the uselessness of fraud controls.
Please don’t misunderstand — I’m not suggesting that controls are inherently bad, or that your office should abandon existing controls; many of which serve other important purposes. For example, checking your daysheet is worthwhile because it catches (potentially expensive) clerical errors. It probably won’t find fraud because the thief will be aware of your attention to daysheets, and will employ tactics that bypass your daysheet. At this point I expect you want to know how I recommend dealing with the fraud epidemic afflicting dentists.
The solution is remarkably simple. Even with the plethora of fraud opportunities, fortunately the behavior of thieves is incredibly consistent. (And I should know, because I have observed many thieves). There are behavioral manifestations of stealing that are virtually universal, readily observable and difficult to hide. Dentists who understand how the behavior of thieves presents itself, and who can periodically consider employees in this light, have an excellent chance of uncovering frauds early.
For example, thieves want to implement their malevolent transactions when alone in the office, so they often frequent the office outside work hours. They also unreasonably resist changes in dental software, banking arrangements or involvement of outside consultants.
We developed a questionnaire designed to assist dentists in identifying telltale behaviors of embezzlers. It can be requested by emailing firstname.lastname@example.org.
Monitoring employee behavior is the easiest, least expensive and most effective means of protecting yourself against embezzlement, and offers far more return on investment than futile anti-fraud controls; and it's something every practice owner should do.
Note: This article appeared in Dental Tribune Canada, Vol. 6, Nos. 4/5.