As investigators continue to aggressively pursue allegations of business embezzlement in Sonoma County, regional fraud experts warn that many North Bay companies and nonprofits still lack the basic internal practices needed to catch and prevent those crimes.

[gallery link="file" order="DESC" columns="1"]

While cases involve a variety of schemes along what Sonoma County District Attorney Jill Ravitch called a "continuum of sophistication," sometimes simple controls are adequate to prevent theft, according to Ms. Ravitch and experts in accounting and finance. Financial oversight should be considered a standard business practice and implemented by organizations of all sizes in the North Bay and beyond, fraud prevention experts said.

"Wherever there's money, there's vulnerability," Ms. Ravitch said.

The problem is not unique to the North Bay. Nearly half of U.S. companies with fewer than 100 employees lacked an anonymous tip line in 2011, considered the single most effective tool for discovering embezzlement and required for publicly traded companies, according a 2012 study of global fraud by the Association of Certified Fraud Examiners.

Small organizations consistently lagged behind larger companies in preventative measures, and those cases also involved the largest median losses of $147,000, according to the trade certification group. Losses up to $1 million were reported in 20 percent of cases, and a typical organization loses 5 percent of its revenue annually to fraud, according to the report.

Regional fraud experts said that those risks are particularly acute in the North Bay, a region known for its density of small businesses and nonprofits. In pursuit of efficiency at a time of slim margins, owners and managers often overextend the access of those with control of the organization's accounts and essentially empower those employees to commit fraud.

"When you put all your eggs in one basket, you better watch that basket," said James Perez, partner at the accounting firm Pisenti & Brinker and accounting instructor at Sonoma State University.

As in many of the recent cases prosecuted by the District Attorney's Office, it can be months or even years before employers catch employees in the act of stealing company funds. Without continuing oversight, trusted employees can write checks to themselves on company accounts, set up false vendors and otherwise develop methods to siphon funds from their employer, according to regional experts.

Thefts have added up to millions for Sonoma County organizations in recent years. In 2012, judges issued sentences for jail time and restitution in cases including a $1.19 million embezzlement from Petaluma's Bibbero Systems, $700,000 from Santa Rosa's Center for Spiritual Living, $398,000 from the Kid Street Learning Center, $390,000 from the Sonoma Golf Club and $125,000 from the Oakmont Golf Club. Prosecutors are also pursuing a number of new cases in 2013.

"We're not talking about $20,000 here. We're talking about hundreds of thousands of dollars, and the potential failure of the business," Mr. Perez said.Finding motive -- 'the fraud triangle'

While the nature of each crime varies, individuals are frequently pushed to act by a convergence of personal circumstances, rationalization and opportunity that fraud experts refer to as "The Fraud Triangle." Most of those individuals have no criminal record and good compensation, ostensibly at low-risk for criminal behavior, Ms. Ravitch said.

Yet with sufficient access to company accounts and some sort of justification, sudden financial pressure can be enough to instigate criminal behavior that adds up to big losses over time, said Jim Petray, partner in the North Bay office of BPM, Accountants & Consultants

"Generally, it's a long-term and trusted employee," he said. "That's why, when these things happen, it cuts so deep."

Removing of any of those three components can ward off the motivation to commit fraud, experts said. Yet while many of the internal controls that diminish opportunity are relatively simple, like regular owner review of bank statements and payroll, many still fail to implement them, Mr. Petray said.

"In my experience over 37 years, less than half of my clients take proactive measures in this department," he said.

Regardless of an organization's level of preparedness, Mr. Petray advised owners and managers to watch for classic warning signs in their employees. Resistance to taking vacations could indicate a need to keep constant watch over the books, and many cases will manifest themselves in an employee living well beyond their means, he said.

It was during a business manager's Italian vacation that Sonoma Golf Club uncovered the embezzlement of $390,000 over two-and-a-half years, according to the District Attorney's Office. What started as a red flag in payroll lead to the discovery that the 53-year-old business manager had been increasing her own pay rate without authorization and using company accounts to pay taxes and other expenses, according to the District Attorney.

"We put people in these positions because we like them. But circumstances can change and create a motive," Mr. Perez said.

Basic controls address broad risk

Larger organizations are naturally more complex than small companies, with a greater number of entry points for fraud, experts said. Yet across the board, companies generally experience embezzlement in one of three areas: fraudulent recipients of accounts payable, manipulation of employee payroll and "skimming" of revenue. While the methods vary, simple controls remain an effective catch-all in most cases.

In the case of the Oakmont Golf Club, the 31-year-old manager worked within the company's retail accounting system to cover up the theft of products he would later sell, all while giving the appearance of increased business at the shop, according to the District Attorney. Yet while the method was elaborate, Ms. Ravitch noted that it was another manager's questioning of a single reversed transaction that ultimately uncovered the 14-month-old issue.

"If the owner-manager keeps an eye on any point where funds are going out, you can catch a lot of fraud," said Eric Miles, partner in the Business Risk Services group at Moss Adams. "A lot of these cases are pretty simple theft -- it's just that nobody was watching."

Basic measures include a requirement for two signatures on checks above a certain size, a copy of bank statements sent to an owner's personal address, periodic review of payroll, mandatory vacations for employees, surprise audits and an established whistleblower protection policy, he said. Other strategies include proactive assistance to employees with financial hardship, a strong corporate culture of accountability, specialized insurance products and mandatory ethics training.

For small nonprofit entities, oversight from a committed board of directors -- in particular, a treasurer who works closely with a bookkeeper -- can be a powerful line of defense against fraud, said James Andersen, a pioneering expert in forensic accounting in the North Bay and partner at the forensics-focused accounting firm Hemming Morse.

"Where the nonprofits are particularly vulnerable is because nonprofits often have boards of directors that are basically volunteers. Since they are volunteer positions, they aren't spending the hardcore time drilling down into the details and keeping an eye on things," he said. "Weak boards kill nonprofits."Lenders as another safeguard

Lenders can provide another safeguard, with an increasing array of anti-fraud programs available across the commercial lending industry. While banks and credit unions have long since left the era when staff would manually process every incoming check, electronic banking has made it much simpler for business owners to monitor transactions within their accounts and for lenders to warn of unusual spending patterns, said experts in the field.

"Maybe if you're the business owner, you say, 'My job is to be out there talking to people.' But you should be checking in once in a while," said Brad Hunter, senior vice president in charge of electronic banking at Santa Rosa's Exchange Bank. "Some of these things that happen are really blatant. With online banking, you can pull up images of checks. Look at a few of them, and ask your bookkeeper about them."

Business owners can also pursue additional protections through their lender. "Positive pay," a program offered by a number of lenders, will create a record of checks when they are issued and inform owners of any changes during deposit. Owners and managers can also ask to personally approve any transactions above a certain dollar amount, whether over the phone or through an increasing number of mobile and electronic banking programs, said Linda Bertauche, chief operating officer and head of risk management at Santa Rosa's Summit State Bank.

"The time and effort put into would certainly reap rewards if it is discovered that there have been fraudulent charges," she said.

While check fraud has existed "as long as there were checks," Lori Gates, senior vice president of treasury management at the North Coast commercial banking office for Wells Fargo, said the electronic age has accelerated the emergence of new techniques. Employees are not the only risk -- banks now either mandate or provide a number of programs to monitor for the intrusion of computer hackers as well.

A new business customer came forward with suspicion that they were a victim of embezzlement every two months last year, she said.

After fraud, moving forward

After a former business manager used falsified records and forged checks to siphon $700,000 from Santa Rosa's Center for Spiritual Living over six years, staff and members have responded positively to the implementation of new financial oversight, said Jan Davis, chief operating officer.

"It's not making sure our staff isn't doing something wrong. It's being good stewards of the contributions from our community," she said.

Ms. Davis noted that she is not an accountant by trade, but drew on her experience in budgeting for the wine industry to implement clear record keeping practices. The church now conducts regular audits and has transitioned to a culture of greater financial transparency to a membership of approximately 675.

For organizations about to revamp their processes, she recommended a phased implementation of new controls.

"Since we've done it in that way, we've had a really positive buy-in from staff," she said.