How susceptible is your business to fraud?
All too often, owners are so busy growing their business that they become vulnerable to one of the costliest threats happening right under their noses.
Fraud is more common than you might think – and in most cases, it’s start-ups and small businesses who suffer most from the impact of that financial loss.
It’s no surprise, then, that businesses who are affected most are those who reportedly fail to implement some key internal controls. According to the ACFE (Association of Certified Fraud Examiners), “This gap in fraudprevention and detection coverage leaves small organizations extremely susceptible to frauds that can cause significant damage to their limited resources.”
So What Can Small Businesses Do to Protect Themselves?
The good news is this: You don’t need an elaborate team to implement many of the standard preventative measures that will leave you less susceptible to fraud. In fact, you can start now with these 10 basic practices and internal controls that can make a huge difference.
- Review the numbers regularly. Are you comparing line items in your budget to actuals? On a monthly or quarterly basis, it’s critical to perform a variance analysis to ensure all transactions are legitimate. Is your rent expense showing $50K per month when you believed it to be $40K? Regular reviews reveal such discrepancies, so be diligent about performing them. Additionally, always provide evidence showing that these reviews are supported by management.
- Segregate duties. As a rule of thumb, no one person should handle a given transaction process. Implement a system of checks and balances to ensure funds are always deposited and disbursed appropriately. Take the check-writing process, for example: ideally, your accountant/controller would write the check, and the owner of the company would sign it. Depositing funds? Designate one person to count the money; another to make the deposit. It’s also a good idea to always require two signatures on checks.
- Be stringent about documentation. The more vigilant you are in creating documentation around your company’s desired processes, the better your chances of them being followed. This applies to different facets of your business – for example:
- Formalize internal policies for new hires. When going over policies with new employees, sitting down with them for 30 minutes is not enough. Employees should have access to written policies and procedures for basic accounting procedures, such as how to pay vendors. Additionally, employees should know exactly where to go for help or questions with those policies.
- Provide documentation to support ALL financial transactions. Enforce the rule that all checks, statements, quotes, invoices and other transaction-related materials are supported through adequate documentation. For example, every expense report should be backed by receipts AND approved by management before employee reimbursement.
- Verify further with regular managerial reviews. Building on the point above, any significant process or documented transaction should require an additional level of review and approval performed by someone independent of the process. Select a reviewer within the company who has the experience and knowledge to identify errors and omissions, and be sure that the review is documented to verify that it’s been done. Regularity matters here, too – managerial reviews should be performed at least on a weekly or monthly basis. To streamline this step, most companies will find ways to aggregate the process. For example, you may have your bookkeeper provide a consolidated list of checks/wires for weekly review, or require managers to review a list of new vendors from the accounting system monthly.
- Keep the communication lines open. The importance of this step cannot be overstated: it’s critical to foster an environment where employees are encouraged to voice their concerns or report any red flags. Make sure your staff members are properly trained, familiar with your policies and procedures, and know who to talk to or where to go for help if anything looks or feels suspicious.
- Implement secure measures for the handling of cash and checks. Secure cash and checks in locked drawers or a safe. Always limit access to cash registers, drawers and safes. Restrictively endorse checks upon receipt. Record every check in a log upon receipt, and make sure to reconcile to deposit credits on the bank statement.
- Perform reconciliations of key accounts. Just like balancing a checkbook, routine and thorough reconciliations are a powerful control to help identify and correct discrepancies. Are people paying you on time? Are automatic charges being accounted for when determining your actual current balance? Businesses should reconcile all funds and accounts routinely — on at least a monthly basis — and record any necessary adjustments. When doing this, be sure you assign a person outside of the reconciliation process to review, sign and date the reconciliation to signify that the review has been satisfactorily completed and any discrepancies were resolved.
- Safeguard your electronic environment. There’s good reason behind all those personal tech tips you’ve picked up along the way — so be sure you’re putting them to use for your business! For all electronic logins, choose obscure passwords. Never share passwords, and change them periodically. Do the same for building entry codes. Ensure you have a password-protected server that’s backed up regularly (and ideally, in a remote location) and restrict access to any files that contain sensitive information, such as payroll. Always safeguard credit cards numbers and keep them confidential.
- Provide guidance. Do not put your employees in a position where they can be suspected of wrongdoing because there are not adequate controls in place. Regularly solicit their input and provide adequate supervision. Make “doing the right thing” always the easy choice through effective internal controls. It’s up to business leaders to provide this type of guidance in the best way they see fit for their staff.
- Keep fraud top of mind – and don’t dismiss the red flags. Maintaining a general awareness is key. Think about “risks” on a regular basis. Consider how fraud might be perpetrated in your area. Evaluate the key controls upon which you rely – are they working? Discuss risk control with your business partner(s), or talk with someone if you feel a potential risk could expose your business to a significant loss, damage or penalty.
In general, awareness is key to fraud prevention. In the throes of day-to-day business, obvious things get missed. Is a suspicious employee suddenly making lavish purchases? Has a colleague been hanging around after hours and behaving suspiciously? In addition to the 10 critical controls mentioned here, be aware and conscientious of changes, unusual behaviors and activities that don’t add up – and in doing so, your business will be in a much better position to thrive.
Looking for more ways to help your business thrive? Find everything from quick tips to deep expert analyses in our weekly Insights blog. Explore more topics here. Or, to contact us to discuss how 8020 Consulting can help your business, just click below.
About the Author
Jessica is a CPA and Deloitte alumnus with over 16 years of experience, including leadership roles from Controllership to her most recent position as the Senior Director of FP&A at Maker Studios, a next-generation entertainment company. Her industry experience spans the entertainment, new media, e-commerce, advertising, consumer products and financial services industries at companies including U.S. Auto Parts, Napster, Canyon Capital Partners, TCW, Procter & Gamble, Toyota and UTi Worldwide. Among other accomplishments, Jessica has provided all internal and external financial reporting (including SEC), supported a successful IPO, led M&A transaction support and due diligence efforts, as well as providing financial modeling, data mining and budgeting/forecasting. Jessica holds a BS in Accounting and an MBA from the Indiana University, Kelley School of Business.
Categorized in: Internal Controls