When starting out as a small business, one area you need to pay attention to is business fraud because it can bring down a business of any size. To understand the negative impact it can have on your business, here is a fact.

According to research by the Association of Certified Fraud Examiners (ACFE), businesses lose an estimated 5% of their annual revenue as a result of fraud committed by employees, managers, owners and executives.

Fraud detection and prevention should be an ongoing initiative,” said Cynthia Hetherington, founder and president of the Hetherington Group, a consulting firm that focuses on intelligence, security and investigations.

“[Businesses should] develop and review policies and controls to fight fraud and safeguard their livelihood from this continually growing problem.”

So with those information in mind, let’s see how you can prevent business fraud in your small business.

• What is business fraud?
• What are the Types of Business Fraud?
• How to Prevent Fraud to Your Small Business
• How can Bank Fraud be Prevented?
• How can the Risk of Fraud be Reduced?
• What about Fraud Detection in your Business?
• What is the best way to Avoid Misappropriation of Assets in an Organization?
• Why are Good Internal Controls Important?

What is business fraud?

Business fraud occurs when a person or a company commits dishonest and illegal acts that result in a financial gain for that person or organization. Business fraud can often be hidden and appear to be a legitimate business interaction.

Read Also: 10 Best Accounting Apps for Small Businesses

Because fraud is such a monumental problem – so much so that it could even lead to the critical failure of an otherwise successful business – it’s important to combat it vigorously. Research published in Harvard Business Review (HBR) suggests that those in the best position to fight fraud are employees.

To encourage employees to come forward when they are aware of fraudulent activities, companies should consider offering job protections, and even rewards, to whistleblowers. Unfortunately, firms engaged in fraud often offer incentives for employees to ignore the fraud instead, and these methods work.

“Misreporting firms that granted more stock options to rank-and-file employees were less likely to be exposed by a whistleblower,” HBR researchers wrote.

“Approximately 10% of the firms in our sample were subject to a whistleblowing allegation. Firms that avoided a whistleblower granted 78% more stock options than these firms did not.”

Part of avoiding this vicious cycle in the first place is to build a culture of anti-fraud right from the start.

Owners and managers should put together a list of anti-fraud policies in good faith that will govern the organization for years to come and, in the case the company goes public, be subject to shareholder review before being revised or rescinded.

Hetherington offered the following tips to help businesses protect themselves from fraud:

• Offer internal and external audits.
• Create management reviews and independent audit committees.
• Offer fraud training for management and employees.
• Have mandatory vacation and job rotation.
• Create a hotline or tip line and rewards for whistleblowers.

What are the Types of Business Fraud?

The media are full of stories about fraud against individuals, but businesses are just as likely to be the victims of fraud, and maybe even more so, because business deals with many employees, vendors, and customers every day, any one of whom can be attempting to defraud the company.

Fraud can take many forms. Some of the common types of business fraud include charity fraud and nonpayment of funds fraud. Charity fraud uses deception to act as a business that is a legitimate charity to get money from individuals or businesses.

Nonpayment fraud includes when a company receives products or services and then refuses to pay for those items. However, these schemes can take many other forms.

Bankruptcy Fraud

Bankruptcy fraud might include hiding or undervaluing assets, concealing information about the company or destroying documents.

This fraud happens when a borrower purposefully hides assets to avoid paying a debt during a bankruptcy proceeding. It can include giving false records or information before or during the bankruptcy.

Employment Fraud

Employment fraud can be from the employer or the employee side of the equation. If a person falsifies information on an employment application or not report convictions and felony charges before being hired they are committing employment fraud.

If a business gives an employee the false hope of better pay or promotions they are defrauding the employee.

Insurance Swindle

Insurance fraud can happen when a person claims an injury or falsifies insurance claims documents. They may do this in hopes of getting a large financial settlement from the insurance provider.

Mail and Wire Scams

Both wire and mail fraud are federal offenses. Mail fraud happens when a person uses the U.S. Postal Service (USPS), FedEx, United Parcel Service (UPS), or electronic transmissions to make false representations.

Electronic communications—including internet, TV, or radio—are used to make these false representations. These scams can take the form of sweepstakes and telemarketing attempts.

Identity Theft

Identity theft is the stealing of individual or business information—usually electronically but not exclusively—and can include tax information and credit card fraud. 

Employees can steal credit card or other private information when working with a customer. The theft of identity information is a planned use of another person’s personal and private information to gain financial benefits.

Employee and Insider Fraud

The most common types of insider fraud are theft of assets and accounting fraud; if these are done by employees, this type of fraud is often termed embezzlement.

Other ways employees and other insiders defraud a company is by skimming cash, writing fake checks to themselves, or taking goods or supplies from the company.

Customer Fraud

Customers or buyers can defraud a business in a variety of ways, including writing bad checks, using bad credit cards, shoplifting, returning items not purchased to get a refund—called return fraud, or filing a false claim for an injury or accident on your property.

Contractor or Vendor Fraud

Independent contractors or subcontractors who do work for your company can shortchange you on work, over-charge, or bill for work never done.

How to Prevent Fraud to Your Small Business

While you can’t prevent every instance of fraud from happening to your business, you can take precautions to minimize fraudulent activity. To prevent employee fraud and embezzlement conduct background checks on all new employees, particularly those who have financial responsibilities.

Keep financial duties separate, so no one person has control of all financial decisions. Don’t give up your financial responsibilities to any employee. For example, avoid having an employee control all check-writing.

Also, let employees know you are watching.

Preventing Other Types of Fraud

To avoid losses of cash, train your employees on how to spot counterfeit money, bad checks, and stolen credit cards. Institute specific policies in dealing with these situations. Prevent identity theft by monitoring your business accounts. 

Review accounts payable, invoices, and purchase orders periodically to make sure they are from real vendors and that you are getting the items you order.

Set up inventory control policies to keep track of supplies and inventory, so it doesn’t walk out the door. You may not be able to count every pencil, but you should know what’s in the supply cabinet or inventory at all times.

Institute data policies and back up your sensitive company data continuously. In this way, even if you are breached, you will have access to this information. You may want to consider setting up a surveillance system to keep an eye on customers and employees.

In general, the best ways to prevent and detect fraud against your company are:

• Carefully screen employees and use reputable vendors
• Set up monitoring systems in all critical areas to watch employees, customers, and vendors
• Review the monitoring, so you know what’s going on

Prevent fraud by hiring the right employees

Small businesses must be extra vigilant about fraud, Hetherington said.

“Small businesses, in particular, are extremely susceptible to employee fraud, as they often lack the anti-fraud controls or policies found in larger organizations,” she said.

Hetherington offered the following tips for small businesses to start preventing fraud right from the hiring process.

1. Conduct a background check

Small companies seldom bother doing background checks on new employees, which means they’re potentially inviting hackers, predators and even convicted felons into the organization. Before hiring an employee, conduct a thorough background check that goes back seven years to see if there is a criminal history. 

2. Run a credit report

With a signed release, check new employees’ credit reports for any fiscal irresponsibility, especially if they’ll be working in any kind of financial role. During an economic crisis, it’s OK to have some financial stresses, but you wouldn’t want your comptroller to be filing for bankruptcy.

3. Do a social media audit

Once the employee is being considered for hire, review their social networks for anything that could be damaging to your business’s reputation, especially any animosity against their former employer.

4. Implement policies to protect your reputation

Institute an employee policy that outlines expected employee behavior anytime they represent the company, including any mentions on their social networks.

How can Bank Fraud be Prevented?

According to Alex Romeo, VP, Electronic Payments Network Product Manager, the keys to overcoming corporate account takeover: a mix of “old school” procedures and layers of technology.

“Large or small businesses are targets,” Romeo says. “What oftentimes it is called ACH fraud, or wire fraud, is actually corporate account takeover. Once the criminals have the corporate’s banking credentials, they’re off to the races.”

Romeo sees several things that both institutions and the businesses can be doing to lower the potential for corporate account takeover:

1. Multi-Factor Authentication

The best approach is to start with a multi-factor authentication/multi-layered security structure. This is what Romeo is seeing from the institutions that are successfully thwarting fraud.

“Remember, there is no one silver bullet that will solve this problem, so if you put all your hope in a single solution, you’ll get compromised, and the intruder will have everything.”

This multi-layered approach from a software perspective, combined with old-fashioned out-of-band phone calls to the customer to confirm a questionable transaction, can cut the institution’s headaches and the business’ fraud losses.

In the old days, Romeo says, calendars were put in place for all set transactions for all accounts, whether they were large corporates or small businesses. “If they had a weekly payroll, that only went out once a week, and then all of a sudden we saw something going out every day — that would be a red flag; we would question it,” he says.

2. Banks: Monitor Transactions

In his days in bank operations, Romeo says, the bank used to set up daily limits on each user. “We used to set these limits on our mainframe processor in the bank, along with file limits and batch limits, so if there were something added, or out of the ordinary, we would spot it.”

Another thing to watch for is a whole lot of activity right under $9,000. “Because the fraudsters know they won’t draw suspicion of a bank if they fly under $10,000 mark.”

3. Businesses: Reconcile Corporate Accounts Daily

For businesses, Romeo recommends reconcilement of banking accounts and transactions on a daily basis — either at end of day or at least at the beginning.

“This will help catch any transactions you didn’t make, and the sooner you bring it to your bank’s attention, the better chance to retrieve the money, with the bank doing a recall or reversal of the transaction. The longer you wait, the less likely it is that you’ll see that money recovered.”

4. Employ Dual, Triple Controls

Dual controls at the corporate side are, at the very least, tablestakes. Romeo suggests even triple controls, where one person creates the transaction, a second person approves it, and then a third person actually sends the transaction.

“If you don’t have the people, then set up the ACH transactions with the institution, an out of band confirmation, whether it is a phone call to confirm that you’ve sent it, and confirmation of the correct information was received,” he notes.

This can be done live or through an automated voice response system. Usually, only one person would have the password and ID to call the bank, which would be totally separate from the person’s computer.

5. Raise Fraud Awareness

Finally, Romeo says, continuous education of business customers is important. At the national level, this problem of corporate account takeover has gotten real attention.

But real solutions won’t come until financial institutions and their corporate accounts alike realize the real risks they face – and simple solutions they can implement to help mitigate those risks.

How can the Risk of Fraud be Reduced?

Employee fraud is a significant problem faced by organizations of all types, sizes, locations, and industries.

Although it we would all like to believe our employees are loyal and working for the benefit of the organization (and most of them probably are), there are still many reasons why your employees may commit fraud and several ways in which they might do it.

According to the 2014 Report to the Nation on Occupational Fraud and Abuse (copyright 2014 by the Association of Certified Fraud Examiners, Inc.), research shows that the typical organization loses 5% of its annual revenue each year due to employee fraud.

Prevention and detection are crucial to reducing this loss. Every organization should have a plan in place as preventing fraud is much easier than recovering your losses after a fraud has been committed.

It is important to an organization, large or small, to have a fraud prevention plan in place. The fraud cases studied in the ACFE 2014 Report revealed that the fraudulent activities studied lasted an average of 18 months before being detected.

Imagine the type of loss your company could suffer with an employee committing fraud for a year and a half. Luckily, there are ways you can minimize fraud occurrences by implementing different procedures and controls.

Below are some ways you can reduce the risk of fraud in your business.

1. Know Your Employees

Fraud perpetrators often display behavioral traits that can indicate the intention to commit fraud. Observing and listening to employees can help you identify potential fraud risk. It is important for management to be involved with their employees and take time to get to know them.

Often, an attitude change can clue you into a risk. This can also reveal internal issues that need to be addressed. For example, if an employee feels a lack of appreciation from the business owner or anger at their boss, this could lead him or her to commit fraud as a way of revenge.

Any attitude change should cause you to pay close attention to that employee. This may not only minimize a loss from fraud but can make the organization a better, more efficient place with happier employees. Listening to employees may also reveal other clues.

Consider an employee who has worked for your company for 15 years that is now working 65 hours a week instead of 40 because two co-workers were laid off.

A discussion with the employee reveals that in addition to his new, heavier workload, his brother lost his job and his family has moved into the employee’s house.

This could be a signal of potential fraud risk. Very often and unfortunately, it’s the employee you least expect that commits the crime. It is imperative to know your employees and engage them in conversation.

2. Make Employees Aware/Set Up Reporting System

Awareness affects all employees. Everyone within the organization should be aware of the fraud risk policy including types of fraud and the consequences associated with them. Those who are planning to commit fraud will know that management is watching and will hopefully be deterred by this.

Honest employees who are not tempted to commit fraud will also be made aware of possible signs of fraud or theft. These employees are assets in the fight against fraud.

According to the ACFE 2014 Report, most occupational fraud (over 40%) is detected because of a tip. While most tips come from employees of the organization, other important sources of tips are customers, vendors, competitors, and acquaintances of the fraudster.

Since many employees are hesitant to report incidents to their employers, consider setting up an anonymous reporting system. Employees can report fraudulent activity through a website keeping their identity safe or by using a tip hotline.

3. Implement Internal Controls

Internal controls are the plans and/or programs implemented to safeguard your company’s assets, ensure the integrity of its accounting records, and deter and detect fraud and theft.

Segregation of duties is an important component of internal control that can reduce the risk of fraud from occurring. For example, a retail store has one cash register employee, one salesperson, and one manager.

The cash and check register receipts should be tallied by one employee while another prepares the deposit slip and the third brings the deposit to the bank. This can help reveal any discrepancies in the collections.

Documentation is another internal control that can help reduce fraud. Consider the example above; if sales receipts and preparation of the bank deposit are documented in the books, the business owner can look at the documentation daily or weekly to verify that the receipts were deposited into the bank.

In addition, make sure all checks, purchase orders and invoices are numbered consecutively. Use “for deposit only” stamps on all incoming checks, require two signatures on checks above a specified dollar amount and avoid using a signature stamp.

Also, be alert to new vendors as billing-scheme embezzlers setup and make payments to fictitious vendors, usually mailed to a P.O. Box.

Internal control programs should be monitored and revised on a consistent basis to ensure they are effective and current with technological and other advances.

If you do not have an internal control process or fraud prevention program in place, then you should hire a professional with experience in this area. An expert will analyze the company’s policies and procedures, recommend appropriate programs and assist with implementation.

4. Monitor Vacation Balances

You might be impressed by the employees who haven’t missed a day of work in years. While these may sound like loyal employees, it could be a sign that these employees have something to hide and are worried that someone will detect their fraud if they were out of the office for some time.

It is also a good idea to rotate employees to various jobs within a company. This may also reveal fraudulent activity as it allows a second employee to review the activities of the first.

5. Hire Trustworthy Experts

Many of the people working for your company, including Certified Fraud Examiners (CFE), Certified Public Accountants (CPA), and CPAs who are Certified in Fraud Forensics (CFF) can all play important roles in establishing antifraud policies and procedures.

However, not all of these experts have the experience or the reputation for providing the service that is best for your needs.

When hiring accountants, fraud examiners, and other expert professionals who will have access to sensitive company information such as bank account numbers, it is critical to ensure these firms or individuals have reputations built on quality service and trustworthiness.

This way, you can feel confident that your forensic analyses, basic financial and business consultations, and internal control audits are thorough, and your information will never be compromised.

6. Live the Corporate Culture

A positive work environment can prevent employee fraud and theft. There should be a clear organizational structure, written policies and procedures and fair employment practices.

An open-door policy can also provide a great fraud prevention system as it gives employees open lines of communication with management.

Business owners and senior management should lead by example and hold every employee accountable for their actions, regardless of position.

What about Fraud Detection in your Business?

In addition to prevention strategies, you should also have detection methods in place and make them visible to the employees.

According to Managing the Business Risk of Fraud: A Practical Guide, published by Association of Certified Fraud Examiners (ACFE), the visibility of these controls acts as one of the best deterrents to fraudulent behavior.

It is important to continuously monitor and update your fraud detection strategies to ensure they are effective. Detection plans usually occur during the regularly scheduled business day.

These plans take external information into consideration to link with internal data. The results of your fraud detection plans should enhance your prevention controls. It is important to document your fraud detection strategies including the individuals or teams responsible for each task.

Once the final fraud detection plan has been finalized, all employees should be made aware of the plan and how it will be implemented. Communicating this to employees is a prevention method in itself. Knowing the company is watching and will take disciplinary action can hinder employees’ plans to commit fraud.

What is the best way to Avoid Misappropriation of Assets in an Organization?

The goal of fraudsters is to steal, and theft includes not only cash, but pilfering of equipment, supplies, wages, diversion of payments, and gaining possession of other things of value.

According to the Association of Certified Fraud Examiners (ACFE), misappropriation of assets, better known as theft, is the most common type of fraud scheme perpetrated against organizations, with a median loss of $114,000 per incident.

How do you Prevent it?

• Develop strong internal controls to prevent, detect, and respond to fraud.
• Set the tone from the top. Management should set appropriate ethical examples for employees.
• Set up written policies and procedures for employees to follow and ensure that they are regularly reviewed.
• Provide training and communications to ensure that every employee is aware of what constitutes a fraudulent activity and what the consequences are.
• Ensure employees know what to do if they suspect fraud and where to report it.

How do you Detect it?

• Carry out inventory counts on a regular basis and verify against the asset registry.
• Review purchases for trend analysis and investigate irregularities.
• Perform a three-way match of invoice, purchase order and receiving report to ensure the organization is paying for correct and legitimate purchases.
• Secure access to physical equipment.
• Consider separating ordering from receiving and management of supplies to increase the number of touchpoints.
• Consider locked storage and regular inventory counts for expensive supplies
• Limit high cost product ordering to no more than two items, one for use and one for backup.
• Review BearBuy reports to determine if expenses are appropriate for those that have by-passed approval process.
• Review and have a robust approval process for any changes to bank account and routing numbers. An example would be:
  • Prior to making bank account changes, a call should be made to the vendor to substantiate both the old bank account and routing number and the new bank account and routing number. Retain and review supporting documentation.
• Implement a control – reviewing budget to actual and investigating variances.
• Segregate cash handling functions to different individuals: authorization, recording, and custody.

Why are Good Internal Controls Important?

Internal controls can be thought of as checks and balances to prevent errors and losses in various areas of a business.

Good inventory controls prevent losses and misstatements while helping in managing inventory levels. Since inventory is quite expensive, any measure to protect this investment should be considered.

Savings

When controls are in place, a firm is likely to save money and be run more efficiently. Management can make better decisions about inventory and sales because the data it receives is real and relevant.

A manager may decide to cancel an order or to return a shipment because of the documentation available, usually due to internal control requirements.

Other savings are related to taking advantage of discounts, as payment processes related to inventory are enhanced with proper internal controls.

By paying bills early or on time, the firm is in a better position to negotiate terms and other conditions over the supply chain, saving money over the long run.

Public Filings

Public firms must file internal control reports with the United States Securities and Exchange Commission, attesting that controls are working properly. This requirement is specific to the Sarbanes-Oxley Act of 2002, which was enacted after many financial scandals, including the Enron fiasco.

For executives to sign this report, they must have assurances about controls’ effectiveness and other detailed information. There are not many choices in this area for many firms, which have controls in inventory as part of the entire control package.

Most businesses don’t want to disclose that their internal controls are not working well in inventory (or any other area), and therefore, they keep their controls up and going by conducting periodic testing and evaluations.

Reliability

Another important benefit of internal controls is that it improves the reliability of accounting information, including management reports. Confidence matters in the financial area.

Investors and bankers appreciate internal controls, which can build up a firm’s reputation and dependability. A business with strong controls that are regularly evaluated and tested is not just a fly-by-night outfit — it’s perceived as a well-managed, growing business that is expected to succeed.

For example, if you see $400 as inventory balance in a report from a firm with strong controls, you’re more likely to trust the number and to make good decisions based on that amount.

Standardization

A “side-effect” of good internal controls involves the standardizing of processes and procedures. Work flows that comply with internal controls are usually desirable, and most businesses maintain them on a daily basis.

Controls permeate firms and become the “normal” status, helping to bring a business to a higher level of operation with more organization and less confusion.

Read Also: Save your Business by Outsourcing your Accounting Needs

Official policies and procedures can be set up based on controls, such as a procedure to require tagging all inventory items as they arrive in the warehouse.

Such level of standardization helps in training new employees, decreasing errors and the chances for fraud or theft. When a transaction doesn’t follow the expected process, it stands out and can be identified easily.

Conclusion

Those who are willing to commit fraud do not discriminate. It can happen in large or small companies across various industries and geographic locations.

Occupational fraud can result in huge financial loss, legal costs, and ruined reputations that can ultimately lead to the downfall of an organization. Having the proper plans in place can significantly reduce fraudulent activities from occurring or cut losses if a fraud already occurred.

Making the company policy known to employees is one of the best ways to deter fraudulent behavior. Following through with the policy and enforcing the noted steps and consequences when someone is caught is crucial to preventing fraud.

The cost of trying to prevent fraud is less expensive to a business than the cost of the fraud that gets committed.