top of page
  • Steve Dawson CPA, CFE

Position, Not the Person

Updated: Jul 6, 2021

Morale is strong. People are happy. Relationships between all employees are positive. Business is growing, and you recognize it is wise to now create an anti-fraud program for your company.

How do you begin to introduce checks and balances that protect against fraud? You can’t design preventative measures without first considering the ways your employees COULD commit fraud, right? Who wants to sit and imagine their trusted employees or coworkers stealing from them? It can be uncomfortable to picture these fraudulent scenarios among the faces you work with and connect with daily. It can be even more uncomfortable to ask them to follow new guidelines to prevent theft, dishonesty, corruption. It could feel like you’re accusing them of something when they’ve never given you reason to question their integrity.

10-80-10 Rule of Ethics

A dose of reality. If your company morale is up and you feel like you can trust all of your people, you have probably done lots of work already to create an environment less inclined to fraud. But keep in mind the 10-80-10 rule. This illustrates the belief that 10% of people are unflinchingly ethical and will never commit fraud no matter the circumstances, 10% are always looking for a way to steal what they believe they are entitled to, and 80% will commit fraud or theft depending on their circumstance and opportunity (remember the fraud triangle). 80%. Trust your people as if they are in the 10% perfectly ethical group, but defend your company with controls as if someone from the other 90% of people could step in.

Teach them, and yourself, this phrase: position not the person. Remind yourself and your employees that fraud prevention protects everyone. These new internal controls are based on the needs of each job position in your company, and not on the suspicions toward each person’s character.

Hit by a Bus

Make it hypothetical. The following scenario is a great way to highlight the need for strong internal controls for every branch of your company without making it seem like a personal assessment or attack on character.


You have one accountant. One person in

charge of your budget, your taxes, your financial reports. And this person is

excellent at their job. They are financially

comfortable in life with no need to ever commit fraud. Even if they had need, their character is so unblemished that they would never even entertain the thought of doing something that wasn’t 100% legal and ethical. They are a perfect example of the positive 10%.

So no internal controls are placed on this person. You just depend on their perfect character.

But tragedy strikes, and your hard-working, completely reliable accountant is hit by a bus. As you and your other employees grieve personally, your company needs a new accountant. Immediately.

You make your wisest replacement, but you have no time to develop a real relationship to establish confidence about where this new person falls ethically. You do not have time to suddenly whip up some internal controls as you welcome a new person to your business, to your finances, to your future success. You just have to hope your company is as safe as before.


As you begin to evaluate specific controls for each role in your company, design them for the position, not the person currently serving that role. Design controls that would protect against fraud no matter who holds that job.

Communication prevents many hurt feelings. As you implement a new policy regarding expense reimbursements, let employees know it is not because you suspect dishonesty from them, but that you are protecting all positions from fraud in whatever future your business sees. Employees getting hit by buses is dramatic on purpose. In reality, people do die, or they move, or they win the lottery and leave in an instant. I’ve also seen companies grow quickly, and during this exciting growth they do not have time to suddenly create an infrastructure of protection. Use expected success as a motivator too!

Communicating this concept to everyone can also help make designing controls easier. A think-like-a-mastermind brainstorming session can expose weaknesses you might not even be aware of. Ask your employees, “If you needed to steal money from the company, how would you do it? How much do you think you could get away with? What are the chances you could do it and not get caught?”

If you make it into a crazy hypothetical, you might be surprised what your employees can teach you about the day to day functions of your own business.

Empowering small businesses to develop strong Anti-Fraud Programs is our mission. We provide consultations to design, evaluate, and improve your anti-fraud program. You can also get a step-by-step guide to design a program that can be tailored for your specific needs by purchasing Steve Dawson’s book, Internal Control/Anti-Fraud Program Design for the Small Business.

If you think there may already be fraudulent activity in your company, contact us today through our website.

Recent Posts

See All


bottom of page