According to the Kroll Global Fraud 2013/2014 report, 70% of US Companies suffered at least one type of fraud in the last year. Small and medium sized businesses are particularly at risk. The median loss to companies with less than 100 employees is 28% higher than those with more than 100 employees per 2014 ACFE Report to the Nations.
Can you afford a$154,000 loss that the ACFE calculates as the median loss to small and medium sized businesses per fraud incident?
What are some common indicators of employee fraud?
– Individual’s lifestyle exceeds their salary level
– Financial statements don’t make sense (e.g. earnings too good to be true, overly consistent growth despite down economy)
– Personnel issues (e.g. personal financial difficulties/bankruptcy, addiction, divorce/family problems, personal legal issues)
– Individuals refuse to share information or responsibility (e.g. refusal to take vacations or let others see work)
– Overly close relationship with suppliers, vendors, or customers
– Employees with HR issues (e.g. disgruntled, harassment, poor performance, tardiness)
– Destruction of files without proper authorization
– Resistance to providing information to auditors
What makes me susceptible to fraud?
All organizations are susceptible to fraud. Larger companies have difficulty with fraud due to their size. Small and medium sized businesses (SMBs) struggle with having enough resources (cash, time, and/or expertise) to have traditional controls and segregation of duties.
What are some common issues that make SMBs more susceptible to fraud?
– Cash functions (inflows and outflows) handled by one individual with little or no oversight or review
– Large volume of cash transactions
– Insufficient control environment and/or general lack of segregation of duties
– Reconciliations not performed or reviewed on a consistent and timely basis
– Individuals in roles that they are not competent to do
– Compensation tied to measures that individuals can manipulate
– Failure to conduct due diligence in business combinations
– Company management has little to no experience reading and understanding financial statements
What can I do to prevent fraud?
By creating a proper control environment, your organization reduce its risk of loss due to fraud. Here are some example steps you can take:
– Perform background checks when hiring new employees
– Protect and monitor checks (e.g. the person with access to check stock should not have check-signing privileges)
– Separate cash-related duties as much as possible among employees
– Separate bookkeeping duties as much as possible amount employees
– Don’t depend on automation: manually review inputs and outputs on a regular basis and make sure you understand the transactions
– Review invoices and books for questionable transactions, vendors, or customers
– Analyze the risks to your organization and address them
– Have a code of ethics
– Have bank statements delivered to you unopened or download directly yourself from online banking
– Review bank reconciliations timely
– Create the perception of detection (ask questions about transactions, reconciliations, checks, invoices, vendors, etc; communicate with staff on fraud prevention, ethics, and how to report fraud)
– Implement a fraud hotline
– If you don’t know how to read financial statements, take an online or other short class on accounting basics
– Create an environment where your employees feel comfortable bringing up concerns and talk about fraud prevention with your employees
– Fill out the ACFE’s Fraud Prevention Checkup
– Review Homeland Security’s Protect your Workplace materials
– Look at other free resources provided by groups like ACFE and International Fraud Awareness Week
And always ask questions about things happening at your organization. Question what you don’t understand, and ask questions about what you do understand. This gives the perception that you are vigilant in the oversight of your organization.
What should I do if I suspect fraud is occurring?
When a company suspects of potential fraud, you should consider the following:
– It maybe best to contact a licensed professional (accountant, attorney, private investigator, fraud examiner, computer forensic expert, etc) to perform a fraud examination even while you think the fraud is still happening as you maybe able to obtain more information than if the fraud was no longer happening.
– If you do need to terminate someone that is suspected of fraud, you may need to consult an attorney. Ideally, a terminated employee should not be allowed to take files with him or her or touch their computer. Also, be sure that any terminated employees cannot remotely access their computer(s) or company files hosted on servers or in the cloud. In some cases you may want to segregate and lock up the terminated employee’s computer and not allow anyone to access the computer until a computer forensics professional can image the computer. In some (not all) cases, files that were thought to be deleted can be recovered if you protect the physical machine and only let experienced computer forensic experts work on the computer.
– While in many cases it is not recommended, you can investigate a fraud at your organization on your own. Be sure to understand the implications of any potential civil or criminal ligation prior to investigating on your own, and be sure to discuss with your attorney. Three common procedures are (1) performing inquires of key individuals, (2) review bank records and related support for cash movements (be sure to look at the endorsement side of cleared checks), (3) perform analytic analysis to identify trends or anomalies.
Read Danielle’s interview with the Association of Certified Fraud Examiners, check out our In the News page.