With all the buzz about cyberattacks and cyber threats, it’s all too easy to take your eyes off of a common threat that is much closer to home—fraud that occurs within your own organization. While no business owner wants to think about embezzlement occurring within their own employee population, it can and does happen on a frequent basis.
Consistent with national trends, organizations with fewer than 100 employees are the primary targets. Additionally, there is an increase in financial crimes in which people are colluding with internal or external partners.
Cooperation increases their chances of success, because collusion cases are more difficult to detect—perpetrators tend to be more creative than those who work solo. But, they can be exposed if organizations are diligent about curbing fraud and embezzlement.
Statistics show that companies that institute effective fraud policies experience a material reduction in financial losses should economic crimes occur. There are ways to reduce those losses, maximize earnings and save embarrassment. The following questions and answers serve as a starting point to begin thinking about what your company needs to do to either reinforce or put in place a strong fraud prevention policy.
What should we be doing to prevent fraud?One of the most effective ways a company can minimize risk is by continuously reviewing and testing internal controls. Even though many executives believe their company’s internal controls are adequate, that might not always be the case. The material discrepancies between what management thinks is in place versus what employees are actually doing can be significant. That explains why constantly reviewing internal controls is a major deterrent to fraud and embezzlement.
Organizations should also educate their employees and vendors about what is expected of them regarding fraud and implement a fraud hot line outside the company through which employees and vendors can anonymously report real or perceived fraudulent activity. This hotline can be tied in with the American Institute of Certified Fraud Examiners (ACFE), local CPAs or law firms, or a multitude of other sources. The hotline should not be tied directly to company sources, though, because the people receiving the fraud alerts might be involved in the fraud.
What is a fraud policy?
A fraud policy is a “thou shalt not steal” document that allows companies to communicate with their employees on the reporting procedures they should follow if they suspect that fraud is going on. It is important that the policy be written and signed on an annual basis by all employees, from the top down. It sets the tone by specifying that fraud will not be tolerated at any level of the workforce and lays out the consequences to employees.
All employees who sign the policy acknowledge that they have not perpetrated economic crimes and do not intend to in the future. The signed document is a valuable tool should they commit such a crime and fall back on an excuse like they were only “borrowing” the money, as unauthorized “borrowing” is a fraudulent act.
What makes up an effective fraud policy?
An effective fraud policy outlines specifically what constitutes fraud and explains what the consequences will be, e.g., perpetrators will be prosecuted and, of course, terminated, and the company will seek restitution.
It should include what activities are considered inappropriate and provide examples of fraud, such as misappropriation of checks, paying personal bills with company funds or using company property without permission.
Ideally, it should be disseminated to outside vendors and customers in light of the increase in collusion cases that involve people outside the companies. That makes outsiders aware of the company’s firm position on fraud and may lead to alerts from them about the occurrence of internal fraud.
Is it costly to implement an effective fraud policy?
No, but it’s money well spent.
Some of the anti-fraud recommendations have a dollar tag associated with them. Others do not, since they are nothing more than changes to policies that are already in place. Setting up a “whistle-blower” program or a hotline is relatively inexpensive. There might be fees associated with steps like changing where customer deposits are sent.
It might be advisable for small business owners to have their company’s bank statements sent to their houses. That way, they can personally monitor every check or wire transfer to make sure it is appropriate. About 85 percent of all fraud that occurs is done through checkbooks and cash. So, simple mechanisms like reconciling every bank statement or setting up a physical lockbox for cash can deter fraud.
Overall, the costs associated with instituting an effective fraud policy depend on how inclusive a company wishes to make it.
Get a Fraud Risk Assessment
In today’s corporate environment, the mentality of ‘it won’t happen to me’ is being replaced with the question “How can I prevent this from happening to me?”
Companies are more susceptible than ever to fraudulent activity due to weak internal controls, improper disposal of confidential information and ineffective security on technology. Many individuals can commit fraud against any organization or company with an understanding of where weaknesses commonly lie.
SVA’s fraud risk assessment professionals help to uncover these weaknesses and will make recommendations to strengthen controls and security to protect your physical and intellectual assets.
Download The Importance of Internal Controls to learn more and contact SVA's fraud experts to get started on your fraud risk assessment.