Given the number of stories in the news, the phishing scams delivered to our email, and the portrayal of crazy schemes in movies, I am often asked for some practical tips that a business owner might consider to safeguard their business from fraud.
Here are my top ten practical tips on protecting your business against fraud:
Understand Fraud Factors
Factors contributing to fraud are commonly referred to as the “Fraud Triangle, which is a framework explaining how some individuals are more susceptible to commit fraud.
Individuals experiencing all three of these factors; motivations/pressures (such as a financial need), opportunity, and ability to rationalize the behavior may be more likely to commit fraud.
A small organization with limited staff may have individuals who rationalize their behavior by believing they deserve more or they work in an environment with limited internal controls that provides the opportunity. Business owners should understand these factors and evaluate their organizations and staffing against the risks of fraud.
Employee Practices
In this tight labor market, your hiring speed has probably increased so as not to lose out on the top candidates. In your pursuit for the perfect employee, don’t shortchange your process by skipping reference and background checks. It is essential to exercise appropriate diligence in the hiring of skilled, qualified personnel.
As a business owner, you should also make sure employees handling funds and corporate accounting services are covered by an insurance bond and that you have adequate insurance coverage for employee practices liability (EPLI). Likewise, it is very important to have human resources and labor counsel available to assist you as you make decisions geared to correcting behavior or terminating employees.
Fraud Training
Bring it into the open, conduct fraud training for your employees, so they understand what is considered fraud and how to spot it. In its 2018 Report to the Nations, the Association of Certified Fraud Examiners, reported that 30% of Fraud was exposed through a tip.
Establish, Maintain and Participate in Strong Internal Controls
Establish, maintain and participate in a robust internal control environment by staffing roles so duties are appropriately segregated. Your key goals should include preparing accurate financial statements, tax returns and other regularity reports; complying with laws and regulations; efficient and effective operations; and, ultimately, safeguarding assets.
In smaller environments where there are limited resources, the business owner needs to make sure he/she plays a key role in internal control.
Some key things the owner should do include:
- Opening and reviewing the original bank statements to look for improprieties or unusual items
- Maintain check-signing authority and review the underlying support before checks are sent to vendors
- Be familiar with the vendors and question unusual payees and expenses.
In larger environments, there may be enough employees to spread these controls around to others, but the owner should always make sure the employees know he/she is watching – do some surprise checks every now and then.
Understand your Financial Statements and Tax Reporting
Financial and tax reporting has continued to become more complicated as rules continue to change. It is imperative that as the business owner, your understand the content of all internal management and external reports and review them regularly. Seek the assistance of your corporate accounting services team, especially if you suspect something is amiss.
Establish and Monitor KPIs
Key Performance Indicators (KPIs) assist management run the day-to-day operations and, depending on the criteria, a KPI may be something reviewed on an hourly, daily, weekly or monthly basis; in any case, way more timely than a financial report. Business owners should work with their teams to identify both financial and nonfinancial metrics that can be used to monitor the business – and provide opportunities to check on anomalies timely in order to take corrective action.
Cyber Risks: Understand and Protect
Technology is a great asset for business. But with these powers come risk and responsibilities. In today’s world, there are constant attacks and hacks out there threatening access to and exploitation of data; data which, in some cases can be used to access personal records of employees, customers, vendors, etc.; and in other cases may be data that is stolen for the value of trade secrets.
Of course, there is also the risk that a cyber-hacker may find a way to shut down your business until you pay a ransom.
These desperate times require desperate measures such as:
- Strong internal controls over data
- Sufficient security to prevent unauthorized access to systems
- Appropriate cyber insurance coverage in the event the first two measures fail
Monitor Personal Credit
When you employ people that have access to key data points about your company, they often have access to key personal data points about you. To that end, consider investing in a credit monitoring service, so you are alerted if someone tries to open a new credit arrangement in your name. There have been many instances of credit cards, loans, etc. being opened with different mailing addresses allowing someone to steal from you and your company and potentially damage your personal credit along the way.
Surround Yourself with Great Advisors
You know your business and your business advisors know their area of expertise. Legal, corporate accounting, technology, banking and insurance advisors should be considered to be part of your team to help you with these specialty areas in order to help you establish appropriate business practices and help you when you have concerns.
Trust, but Verify
While noted to be a Russian proverb, this expression became famous when President Ronald Reagan used it in the context of nuclear disarmament. Personally, I have been amazed by the number of business owners that I have met, or read about in fraud news stories, that indicated they trusted their internal accountant, executive assistant, or other key employee ‘implicitly’ only to find that it was this person that stole from them because they had the proverbial keys to the cookie jar. With this final item, I am not suggesting you trust no one that you employ, but that you refer to the items above and be vigilant.