Detecting and Preventing Fraud in Small Businesses
by Patricia B. Ciardullo, CPA, CFF, P –
October 2, 2018
Fraud can be as devastating to small businesses as it is for larger organizations. In fact, the findings of the 2016 Global Fraud Study by the Association of Certified Fraud Examiners (ACFE) are staggering: small businesses (those with fewer than 100 employees) suffer a median fraud loss of $150,000, and 60 percent do not recover any of these losses.
Top Fraud Risks
The ACFE study reveals the top fraud risks for small businesses:
- Corruption — bribery, embezzlement or other illegal behavior by those in positions of authority
- Billing schemes — submission of invoices that appear authentic but are accompanied by fabricated supporting documentation that connects a vendor to the perpetrator
- Check tampering — forged signatures, falsification of payee or amount
- Skimming — taking cash from daily receipts before sales are recorded in the accounting system
- Non-cash misappropriation — theft of inventory or assets other than cash
According to the ACFE study, fraud is uncovered in a variety of ways. Employee tip-offs are the leading method of detection, followed by a review of accounting records by management or internal or external auditors. Often, fraud is uncovered through account reconciliation and, sometimes, completely by accident. As a result, owners of small businesses should consider implementing detection methods such as anonymous hotlines, which not only empower employees to report suspicious activity but also equip management to uncover problems sooner, take action more quickly, and improve employee retention and workplace satisfaction. Equally valuable are regular weekly or monthly reviews of financial data and records, account reconciliations and analyses, physical counts and inspections.
In his role as an administrative assistant at a small business, Doug had access to the firm’s accounting program and checkbook. Plotting to embezzle funds, Doug set up a fake company and chose a name for it that was similar to that of an actual vendor his firm used. He then wrote firm checks payable to his fake company, cashed them and kept the funds himself. To authorize the checks, Doug had a stamp made bearing the signature of a top executive. He recorded the amounts in the firm’s accounting program as payable to other vendors. Every few months, an outside bookkeeper would perform bank reconciliations in the accounting program using bank statements that it was Doug’s responsibility to provide. However, in advance of her arrival, Doug would download, save and edit the statements so that images of the checks written to his fake company would match those of actual vendors. It was this edited version of the statement that he gave the bookkeeper. Doug’s deceit crumbled with the hiring of a new director who compared the firm’s budget to actual expenses and noticed something unusual. To investigate, she contacted a vendor about a specific payment and discovered that it had not been made to that vendor. She followed up with the bank to inquire about the check, and the scheme unraveled. Doug had embezzled $125,000 over three years.
The first step is to develop a formal anti-fraud policy and procedures for reporting suspicious activities. These should be detailed clearly in an Employee Code of Conduct Manual, which also serves to demonstrate management’s commitment to fraud prevention. In addition, all employees, managers and executives should be required to participate in fraud avoidance and detection training, including how to integrate prevention techniques into their operations. Furthermore, performing a system-wide risk assessment can identify areas in greatest jeopardy, facilitating the reinforcement of internal controls and the introduction of targeted monitoring programs to surveil high-risk areas.
Instituting these proven measures is vital for organizations of every size. Owners of small businesses, which stand to suffer proportionally greater loss, should tap the knowledge and experience of experts in this area to implement appropriate programs and protocols. As technology expands to deliver more opportunities for abuse, the appetite for it seems insatiable, making protection more important than ever. Fortunately, fraud management can be easily implemented and is highly effective.
Patricia B. Ciardullo
Patricia B. Ciardullo, CPA, is a partner at PKF O’Connor Davies, LLP. She is
a member of the NJCPA.
This article appeared in the September/October 2018 issue of New Jersey CPA magazine. Read the full issue.