The issue in cases like MPL is as much one of change in management style and strategy as of accounting. In the quest to design better antifraud protections, we often lose sight of the fact that good ideas don’t necessarily 40 CHANGEMANAGEMENT ANDFRAUDPREVENTION
sell themselves. A major consideration in fraud prevention is convincing library directors not only that they need better protection for fraud but also that they need to change the way they manage in order for these pro- tections to work. What follows is a series of change management issues to discuss with boards, library directors, and employees to help them un- derstand and adopt better financial controls.
Even Though You’re Small, You’re Still at Risk
Good fraud prevention plans begin with the understanding that an or- ganization may be at risk. However, many library directors have diffi- culty believing they are at risk for fraud. “We’re too small for anyone to bother” and “I trust everyone here; they’ve been with me for years” are among the common objections directors state. A good place to begin the process of developing better internal controls is to educate directors and board members about why they may be at risk.
There are at least four reasons why small libraries in particular are especially at risk for fraud. First, the very size of the organization limits its ability to separate functions related to the authorization, record keeping, and physical safeguarding of assets. Without this segregation of duties, internal control functions are weakened or susceptible to circum- vention. In very small libraries, these weaknesses are mitigated through the director’s personal oversight. However, as the library grows, the di- rector is less able to review every transaction, and the opportunity to commit fraud is increased. Conversely, the personal oversight of a di- rector is not a guarantee that fraud is effectively deterred or detected.
Second, smaller organizations tend to disregard or subordinate the importance of periodic accounting functions such as account reconcilia- tions and analyses. In other cases, the preparation of the financial state- ments is outsourced. Therefore, the individual transactions are never scrutinized by anyone within the organization who knows whether they are correct.
Third, the director and employees may not have adequate fraud awareness. That is, they may not realize the areas in which the library is vulnerable to the risk of fraud and therefore do not take the appropriate measures to prevent it. Along these same lines, it is very common for the management of smaller libraries to believe that the close relationships that exist among a smaller group of people prevent fraud from being committed. In reality these feelings of absolute trust may create an envi- ronment of perceived opportunity to commit acts of fraud.
CHANGEMANAGEMENT ANDFRAUDPREVENTION 41
Finally, even the personal oversight of a director is not a guarantee that fraud will not occur. As we have seen earlier, the compensating measures that a director’s oversight provides do not protect the library from fraud committed by the director or board members.
Your Mission Does Not Protect You
This might be termed the law of sympathetic magic and is often shared by organizations with a charitable purpose. Basically the argument runs,
“Who would steal from God, starving children, or libraries?” Unfortun- ately, as countless case histories have demonstrated, fraudsters are able to rationalize even the most heinous financial crimes. As with size, the real difficulty is simply getting libraries to acknowledge that they are at risk and that their public service is an insufficient protection against fraud.
You Can’t Do Everything Yourself
This is probably the most difficult aspect of change management with li- brary directors. Directors often become successful as the result of their attention to detail and hard work, so it seems counterintuitive to argue that these same qualities are now getting in the way of that success.
A good approach in many cases is to discuss the director’s time as a commodity that produces benefits for the library. The issue then becomes how to invest this commodity for the good of the organization. That is, the director may be good at many aspects of library management, but not all of them are equally valuable to the library. Thus, although he or she may be a good bookkeeper, the time spent doing this work doesn’t generate funding for the library. A good internal control system allows the director to spend more time in the areas that help the library to grow, without losing control over the important aspects of its finances. This leads logically to the next point.
Internal Controls Are an Investment in Your Library
All managers tend to believe that financial controls are an unfortunate expense like insurance. As with insurance, people are reluctant to pay for items for which they see no immediate benefit. One way to deal with this is to put internal controls in the context of an investment in the library.
The most valuable commodity a director has is his or her time. As we just discussed, a director’s time ought to be spent in those activities that generate the most benefit. Therefore, good financial controls aren’t just an expense; they’re actually an investment that allows the library to become 42 CHANGEMANAGEMENT ANDFRAUDPREVENTION
more successful by freeing a director’s time to do those things that pro- vide the greatest benefit to the organization.
Similarly, it isn’t enough simply to bring in more resources; they have to be protected once they enter the library. As the value of assets in- creases, the measures to safeguard them also need to improve. Most li- brary directors understand this concept in the context of physical assets.
Once the connection is made with financial assets, directors usually grasp that good financial controls are an investment in protection in the same way that a burglar alarm or better locks would be for valuable col- lections or office equipment.
Better Internal Controls Don’t Mean You Don’t Trust Your Employees
Internal controls are matters of good management. Establishing and maintaining an honest workforce is a good beginning for internal con- trol, but relying solely on employee honesty is poor management. Inter- nal control involves more than financial misconduct. Control of organi- zational assets also means that the assets are used effectively. Honesty by itself does not ensure accuracy.
You Have to Sell the Employees as Well as the Director
A general principle of change management is that support from top man- agement is necessary but not sufficient for effective change. Even if the library director is convinced that better financial controls are needed, it is still necessary to gain the support of the company’s employees. In fact, a director’s reluctance to alienate longtime employees is often an imped- iment to improving internal controls.
Feelings of distrust, that somehow the director suspects them of mis- conduct, may be common among employees when organizations attempt to institute financial controls where historically none have existed.
Similarly, employees may view internal control procedures as an addi- tional workload and resist adopting them. The following steps can ease the transition to better controls and help ensure that the employees will become willing partners with the directors in change:
1. Make the same case for the employees that was made for the di- rector. Inform them from the beginning that the measures that are being instituted are for better management, not because of doubts about their honesty. Solicit their input on changes. Employees
CHANGEMANAGEMENT ANDFRAUDPREVENTION 43
often have a better idea than management concerning shortcom- ings in internal control. Employee input not only gives manage- ment better information concerning internal control, it helps en- sure adoption of any changes by making the employees part of the process.
2. Give employees time to learn their new tasks. This is a basic step in implementing any new system. It is often overlooked, however, when management modifies a job that employees have done in one way for a long time. Former ways of performing tasks inter- fere with the new system and may require a period of adjustment.
3. Allow for tasks to take longer or require more work. Many jobs such as ordering and paying for purchases with a purchase order will be less convenient and take longer.