Fraud is a label that is applied to a wide variety of crimes which businesses and individuals can fall victim to. It includes everything from employees misappropriating assets to complex cyber threats, and all manner of deception and embezzlement in between.
However, as well as a many-headed hydra, it is also an ever-changing foe. The types of frauds being perpetrated against businesses were different 100 years ago (cyber-attacks weren’t a problem in the 1920s). Even in the last 10 years the fraud landscape has changed dramatically, for example there has been an increase in ransomware attacks with arrival of crypto-currencies. The types of frauds committed depend on the opportunities presented to the fraudster-to-be, and these opportunities have changed with time.
The nebulous nature of fraud can make it quite daunting to deal with. Preventing and detecting fraud can be a real challenge. Perhaps it is no wonder that thousands of small business owners across the country put it to the back of their minds (or the bottom of their to-do lists) until it is too late.
In this blog post, I will be looking at the opportunities present in small to medium sized enterprises (SMEs) for employees to commit fraud against their own employers, and what SMEs can do to prevent these opportunities arising.
Why does employee fraud occur?
In a previous Ensors blog post, we explained the three key elements of the fraud triangle:
Pressure – the circumstances that lead to an incentive for individuals to commit fraud
Rationalisation – the justification in the perpetrator’s mind that the fraudulent actions are forgivable, if not completely acceptable
Opportunity – the ease with which an individual (or individuals) can commit fraud, often due to a lack of effective controls or collusion to overcome those controls
Often, the pressures faced by employees that lead them to commit fraud are external to the business, such as a personal financial troubles. Whilst this can be mitigated by encouraging an open dialogue and offering support as appropriate, this factor is largely outside the control of the business.
Likewise, the rationalisation exists in the mind of the fraudster, so this is difficult for businesses to take action on.
The best way businesses can limit their exposure to fraud risk is therefore by restricting opportunity. This can be done through a well-designed system of controls that is appropriate for the type and size of business. These can be used to reduce risk of occurrence and increase the chance of detection.
One of the reasons SMEs in particular face a threat here is that typically they have smaller finance teams. This makes it more difficult (sometimes impossible) to operate a system of segregation of duties.
For instance, a business should aim to operate a system of review and authorisation for all outgoing payments to ensure these are genuine. If there is only one person with the ability to e.g. make online bank payments, then any illegitimate payments may not be discovered until the bank account is later reconciled by which time it may be too late.
Proactive vs. reactive
“Prevention is the best medicine” or so the old adage goes. We would always encourage businesses to take proactive steps to establish controls in sensitive areas of the business, particularly in the finance function.
Written procedures can be used to clearly set out responsibilities, and outline when employees are not following the agreed processes. Taking the time to write down how things are supposed to work is also an ideal chance to consider where things could go wrong or where weaknesses exist.
We would recommend a clear system of documentation which records which employee e.g. authorised an expense claim. This can also operate as a deterrent to those inclined to abuse these systems or circumvent controls.
Regular monitoring of key areas such as bank balances, employee expenses, and high value stock can also serve as an early warning that fraud has taken place. Many small businesses wait until the year end to review these higher risk areas.
The warning signs
All too often, fraud detection in small businesses sometimes only happens when it is too late. There are a few warning signs to watch out for which may indicate that your business is at higher risk of fraud.
If your business has that one member of staff who “never takes holiday”, it is worth understanding the reason for this. Is this really because they don’t want a break? Or is it because nobody else can do what they do? If it is the latter, and nobody else understands how to e.g. make the month-end supplier payments or process payroll, then there is a risk that too much responsibility is concentrated in this employee’s role.
This is important from a continuity standpoint too. Consider what would happen if this employee was unwell for a period of time. It is important to ensure that the duties can be delegated or carried out by another employee.
Small businesses are often guilty of having an over-trusting environment. Whilst it may help with the smooth running of the business when staff trust each other enough to e.g. share log in details for the accounting system, this is likely to be damaging in the long run. This makes it difficult to restrict permissions as appropriate and prevents documentation of who has made changes.
If you suspect a fraud has occurred, what are the first actions to take?
The most important thing to do is respond quickly and appropriately. Don’t sit back and wait until you are certain a fraud has occurred. It is never too early to seek advice from a specialist.
Whatever the current challenge facing your business in respect of fraud risk, whether it is designing and implementing an effective and appropriate system of controls, or detecting or quantifying fraud that has already occurred, we would be happy to discuss with you what the next steps should be.
Please click here to get in touch with the team or to find out more information.