Unfortunately for many small businesses, the “F” word has become increasingly common. It’s a word that’s painful to hear, and a word that should definitely be avoided in a respectable business setting. No, not that word – we’re talking about fraud.
Before you tune out and think this doesn’t apply to your business, let’s start with two common myths about fraud in a small business setting:
Myth #1: My business is too small to worry about fraud.
Reality: Small businesses are actually more likely to be victims of fraud than larger organizations. In fact, according to the Association of Certified Fraud Examiners (ACFE)*, organizations with less than 100 employees experienced higher median losses (at $150,000 per event!) than organizations with over 100 employees.
Myth #2: My employees have been with my company for many years, so I don’t need to worry about fraud.
Reality: The majority of employee fraud is committed by long-term, highly trusted employees.
Where do fraud threats come from?
Fraud can occur internally through employees, or, increasingly, it can occur externally from outside the organization. External threats often come through email in the form of “Phishing” scams. Phishing is defined as the fraudulent practice of sending emails or text messages in order to induce individuals to reveal personal information, such as passwords, social security numbers, or credit card numbers. Malware attacks are also increasingly common. Malware (short for “malicious software”), is a file or code containing software that infects systems and networks in order to gain sensitive information.
For internal threats, what are some employee red flags to watch out for?
Certain behavior, or changes in behavior, may be indicative of potentially fraudulent activity. In the ACFE report*, some of the most common red flags among employee fraudsters were:
- Living beyond means
- Financial difficulties
- Unusually close association with vendor/customer
- Control issues, unwillingness to share duties
- Bullying or intimidation
- Irritability, suspiciousness, or defensiveness
- Recent divorce or family problems
- Refusal to take vacations
Other common reasons or red flags include personal problems such as gambling, drug addiction, affairs, sudden financial difficulties, or simply feeling under-compensated.
What are some fraud prevention tips for small businesses?
- Require that all office employees attend annual training on cybersecurity attacks.Employees need to learn about all of the various types of phishing scams and computer threats, and they need to learn not to click on suspicious links that could contain malware, etc. To find a training that is suitable for your organization, just start by Googling “cybersecurity training for employees.”
- Monitor bank account activity online, preferably daily. Watch for unknown transfers and ACH withdrawals. The earlier you notify your bank of suspicious activity, the more likely you may be able to recover a fraudulent withdrawal. If you wait too long, you may be out of luck.
- Create an ethical culture and a zero-tolerance policy. Everyone in the organization should be aware of what internal controls are in place, what activities constitute fraud, and what the consequences of fraud are.
- Set appropriate hiring policies. Screen potential employees thoroughly, including past employment, references, and criminal records.
- Separate accounting duties. In a small business, it is certainly not easy to properly segregate duties. However, the same person should not be approving invoices, paying bills, making deposits, reconciling the bank statement, etc.
- Limit check signers. Limit authorized check signers to an owner or key executive who is not involved in the accounting function. Do not use signature stamps. After signing, mail it directly rather than give it back to the bookkeeper.
- Review monthly bank statements. In a very small business, consider having monthly bank statements mailed directly to the owner’s home. Watch for checks that are out of order, missing check numbers, or checks written to unknown vendors.
- Monitor credit card activity closely. Business credit cards, while convenient, can be abused. Regularly review your policies and procedures for verifying charges and returns. Establish spending limits and policies for what types of purchases are allowable on credit cards.
- Review payroll records. Compare pay rates with personnel files, and watch for ghost employees (employees being paid but not working for the business).
- Review employee reimbursements. If employees are being reimbursed for company expenses paid personally, require proof and retain proper receipts/invoices. Reimbursement plans are a common area for fraudulent activity.
- Require mandatory vacation time, and rotate duties among employees periodically. Fraud often occurs when an employee has complete control over a function with no oversight or rotation of duties.
- Talk to your insurance provider about business crime insurance. Business crime insurance can reimburse for certain types of losses, including employee theft. This insurance may also provide reimbursement for forensic investigation services in the event of a loss.
Running a business is hard work, and is exponentially harder when money or assets are lost to fraud. Please take some time to address and implement these items in your business to help prevent fraud. Otherwise, you may find yourself using an even more undesirable “F” word.
*ACFE “Occupational Fraud 2022: A Report to the Nations” www.acfe.com