Since employees can manipulate the innards of computers more dexterously than most bosses can, today's office workers are as likely to steal thousand-dollar data as 10¢ pencils. And the more modest the organization, the more likely it is that such white-collar theft will go undetected, warns theft-protection expert Edwin C. Bliss in Are Your Employees Stealing You Blind? (written with Isamu S. Aoki; Pfeiffer & Co., 619-578-5900, 1993, $12.95).
The author attributes one-third of small-business failures to internal theft of money, property, information, and time. Small entities lack the checks and balances that larger organizations take for granted. An individual given singular control over financial records holds "a license to steal," the cynical Bliss maintains. He cites as typical the case of an office manager who, assigned to pay her employer's business-related charge-card bills, pilfered $90,000 over a three-year period by throwing her own bills into the pot.
Bliss's catalog of crime portrays white-collar ingenuity at its most villainous. Some samples:
False data entry. Known also as data diddling, this ancient fraud is harder to trace when committed by computer rather than pen, since no one's handwriting is involved.
The salami. By slicing small amounts off, say, entries in a payroll, a dishonest manager can siphon significant sums into a personal account.
Superzapping. A system with security controls must have a fail-safe program that can bypass those controls. If that protocol falls into the wrong hands, data become vulnerable.
Scanning. A high-speed computer can be used to test a series of entries until it hits on one that does the nefarious trick.
Internal controls aren't enough to combat such deviousness because over time people regard them as mere guidelines. A check-writing system that requires two people to sign checks is fine on paper, but it doesn't work when one signs a bunch of blank checks in advance and entrusts them to the other. The book's tough-minded tenet: trust nobody.
Even the most fastidious owner should undertake a semiannual audit of procedures. Samplings from Bliss's "checklist of vulnerability": Are bank statements opened and examined by someone other than the bookkeeper? Are all employees who handle financial transactions or records required to take annual vacations, and are their records and responsibilities handled by someone else in their absence? Are voided checks kept and accounted for? Are computer passwords changed regularly? Are surprise audits occasionally made?* * *