Employee scandal. Theft. Insider deals. Sounds like some shady offshore operation, not your company, right? Guess again: U.S. businesses are out $600 billion each year due to employee fraud, with the average business losing $4,500 per employee per year to dishonesty, according to the Association of Certified Fraud Examiners (ACFE).

Common employee scams fall into three main categories: asset misappropriation, fraudulent statements, and bribery or corruption. Unfortunately, fraud is not a rare occurrence, and is not limited to any particular industry or business size. Ernst & Young LLP reports that over a five-year period, two out of five businesses suffered more than five instances of fraud, and one in four had lost at least $1 million as a result of fraud.

For that reason, crime insurance is a wise buy, covering fraud-related financial losses.

Crimes covered

Most crime policies cover not only employee fraud, but also third-party scams including forgery, counterfeit currency, and theft of company property. (If any of these are committed by an employee, the claim falls under the "fidelity" portion of your policy.) In addition, many cover money lost due to computer fraud by hackers who are after company funds, customer credit card numbers, or other financial data.

"The computer coverage and protection against unauthorized funds transfer or computer access are becoming more valuable, as almost all business is done over the computer," says Sue Honeyman, spokesperson for The Hartford, which sells crime policies.

"Technology today creates huge issues," agrees Frank Scheckton, Divisional President of Great American Insurance Groups Fidelity & Crime Division. "With scanners, for example, it's very easy to forge a check. If you can get the account numbers and a signature — what's stopping me from looking at the annual report for the treasurer's signature? — you can do a lot of damage."

Don't overestimate high technology, though. With computer hacking and sophisticated forgery the workplace crimes du jour, it's easy to overlook less glamourous, but more prevalent, frauds. "Everyone is so concerned about high-tech that they forget low-tech," says Scheckton. "I see the most common methods of stealing, things you'd think would have stopped long ago. That's manipulation of checking accounts and of receivables. In this day and age, people are still stealing from the checking accounts of their businesses."

What might happen?

According to Scheckton, it's bad bookkeepers who wreak the most financial havoc. "They can get an invoice in and pay it twice, or control both the checking account and the ledger. That way, they can write checks to an accomplice and take a kickback, but record in the ledger that the check was to a legitimate vendor," he explains. Scheckton worked with one small company where an employee got away with this scheme for four months, absconding with $30,000. At a mid-sized company he dealt with, a similar scheme netted an employee more than $200,000 in 11 months. When external auditors came in, the employee vanished — and the company never recovered all of the funds.

"People get caught, and they do minimal jail time, but the companies never really recover the full amount," Scheckton says. He estimates that 60 percent of the companies making claims on Great American's crime policies are underinsured, meaning that they bought less coverage than they ultimately required.

"Something surprising is that the crimes often don't include money," adds Honeyman of The Hartford. "It can involve goods that have no apparent value, but there are markets for unusual things. At one company we insured, a meat packing plant, someone stole the fat off the animals and sold it."

Who might rip you off?

While diabolical criminals could, in theory, infiltrate your organization, the truth is that your average employee with average morals can fall into financial trouble and see easy access to company cash as a quick-and-dirty solution.

In fact, in The Hartford's experience, the most common perpetrators are simply disgruntled employees, says Honeyman. The most common motivations for employee fraud are greed, vindication against the employer, and financial need. And not to give bookkeepers a bad name, but they are in the "most trusted" category, which can make your company's accounts a playground for an unscrupulous employee.

According to information from the ACFE, more than half the frauds investigated in a 2002 study caused losses of at least $100,000, and nearly one in six caused losses in excess of $1,000,000. In addition, 63 percent of all frauds investigated had been active for over 12 months before being detected, with 40 percent active for two years or longer.

"How do you flag someone who's committing fraud? As a professional auditor, there are all kinds of red flags you look for," says Basil Pflumm, vice president of the Practices Institute for the Institute of Internal Auditors. "Someone who goes on vacation all the time, when they're earning a salary that doesn't support that lifestyle — that's a tip-off. Another old saw in the business is the employee who never takes a break, never goes on vacation, because this employee can't surrender control of their operations. They'd be found out."

What can be done?

Experts recommend a system of internal checks and balances to ensure that unethical behavior doesn't pay off. Such controls can affect the company's insurability and its premiums — insurers examine the extent of internal controls, as well as a company's history of fraud losses, in determining whether the company is a good risk.

"The major thing we tell clients is that you need the strong ethical climate, followed by internal controls, good policies, and procedures, that ensure that the opportunity to perpetrate a fraud simply isn't there. A lot of the time, we assume we're all honest people, but if I have a bad financial situation at home, a sick relative, and not much money, I just might be tempted to take money. Many of the internal controls prevent that," says Pflumm.

Also, be sure your coverage includes a consolidation or merger feature. You may have done everything you need to do to protect your company against fraud, but has the company you are merging with been as effective with their program?