When a small business has an issue with fraud, it’s usually for one key reason: a lack of internal controls. Internal controls are “checks” a business has in place to deter fraud. These checks can include:
Segregation of duties
Regular audits
Management review
Employee codes of conduct
Anti-fraud training for management and/or employees
Segregation of duties is often the most important internal control that is missing at small businesses. The segregation of duties is the balancing of an employee’s responsibilities to prevent one employee from having too much control over a business process.
For example, a business where an accounting clerk writes the business’s checks and manages the business’s bookkeeping has inadequate separation of duties. The accounting clerk in this instance has too much authority. He or she can write checks to themselves, their friends or family and, because they control the bookkeeping, they can disguise the fraud from the business owner.
Ensuring an adequate separation of duties is difficult at a smaller business because there are less people, meaning employees often have to take on multiple roles. In contrast, larger companies have the resources to hire more staff and compartmentalize duties. Smaller businesses often can’t establish internal audit departments or hire full-time anti-fraud professionals.
Small business owners often have little or no formal accounting experience, requiring them to rely on in-house or outside accounting professionals. Due to this, many business owners are unaware of internal controls. This can make it difficult to prevent fraud because many business owners don’t know what to look for and how to confront the problem.
The most important fraud deterrent is frequent management review. Business owners should review records on a regular basis, including:
Checks written
Deposits made
Journal entries made
Invoices issued
Invoices received
Management should also be physically present for on-site reviews. Regularly visit store locations, if applicable, and take a walk around to observe the location and the records. Is everything in order? Does machinery or inventory on site appear reasonable based on payments made?
Fraudsters are less likely to commit fraud when they see that management is actively involved and reviewing activity.
Small business owners should pay special attention to cash. Cash is usually a primary target for fraud due to its liquidity. Be sure to verify that access to banking records and credit cards are secure, and review outgoing payments. If possible, require two signatures on outgoing checks and approval on invoices before they are paid.
Job rotation or mandating vacation leave for staff is a good workaround for businesses where segregation of duties is not possible. Fraudsters are notorious for gaining a reputation for a strong work ethic by never taking vacations or sick leave and working weekends. In reality their constant presence is due to their need to be “in control” to cover their tracks and continue to perpetuate the fraud. Discovery of fraud often occurs when the fraudster is out of the office and someone else has to take over his or her duties.
Small businesses should consider instituting background checks for all new hires. Background checks can reveal prior theft or fraud convictions or other information like a history of drug abuse or gambling debts. This can indicate financial pressures that could suggest a higher risk of committing fraud. This is especially important for potential employees in roles involving management and oversight. Employees in management roles who commit fraud can create larger losses than those in lower-level roles.
Here’s one example of fraud that would have been preventable with the right internal controls.
A sole proprietor of a small contracting company hired his wife to help manage the company’s books. Although she had no formal training in bookkeeping, the owner preferred to hire friends and family at his business because he felt he could trust them.
For several years, operations ran smoothly. However, the owner’s wife had started struggling with a drug and shopping addiction. The wife began siphoning money from the business. She started by depositing checks written to the business by endorsing her husband’s signature and depositing the checks into a joint account she had sole access to.
She also began making transfers from the business to accounts held by her son from a previous marriage. Later on, she began writing checks from the company to herself. The reasons for these checks were often not legitimate, like phony loan repayments or payments for overtime that hadn’t happened.
Soon after, the wife began making lavish purchases using the company’s credit cards. Unfortunately, it wasn’t until her husband discovered his bank account was empty that he began to suspect his wife had been stealing from his company. Because the wife was the only person who had the logins to bank and credit card accounts, and was the only person who handled the business’s bookkeeping, she had easily hidden her theft from her husband.
Management review could have stopped this fraud earlier and saved the company the cost of the fraud. Banking login information should never be restricted to one employee, even if that employee is a spouse. If the owner had access to the bank and credit card accounts, he would have noticed that the bank account balances had been decreasing and that credit card purchases had escalated. Unfortunately, the fraud continued for several years, amounting to a theft of over $1.5 million of the business’s cash.
There is no surefire way to prevent all frauds from occurring. However, taking the proper steps to prevent fraud pays dividends. In companies with strong internal controls where fraud was still committed, there are usually lower losses because the fraud is identified sooner rather than later.
Contact us here or call 800.899.4623.