Fraud has nothing to do with need, greed or trust. It has to do with opportunity. And small businesses are disproportionately victimized, according to a recent report by the Association of Certified Fraud Examiners.
Most fraudsters are first-time offenders and typically have worked for a company for years before they steal. The reasons small businesses are at more risk may be a lack of fraud-prevention resources or a lack of oversight.
But there are things you can do to thwart employee theft. Here are four ways to help protect your business and avoid becoming part of these statistics.
1. Divide tasks and duties
The person paying the bills should never reconcile the bank statement. That’s the No. 1 mistake that business owners make. There are three tasks related to your finances that need to remain separate:
- Authorization – The person who approves the vendor bill or sends a customer invoice
- Recordkeeping – The person who produces or gets the check signed or who creates the invoice
- Custody of related assets – The person who reconciles the bank statement or credits/edits the invoice
If sufficient staff isn’t available, consider outsourcing some tasks to provide a system of checks and balances.
Once you have these duties divided, you still need to ensure that things remain above board within each of them. You could try job rotation – every quarter, every six months, every year – whatever works for your staff. In addition to providing a system for checks and balances, it also ensures your employees are cross-trained and can cover for each other during illness or vacations.
Where else might you find irregularities? Consider vacation time: If your office manager, Bob, hasn’t taken a vacation in three years, you need to insist that he goes. It may be appealing to have an employee so loyal that he doesn’t want to take time off. But, given that he’s so committed, you might wonder what Bob’s been doing to your books.
While Bob is on vacation, get someone else to do his job. That way, you see how things are being done, if there are any red flags and whether there is a need for changes to your processes. It’s good to get a different perspective every once in a while.
2. Control the environment
You need to restrict access to sensitive data and have physical safeguards to keep tabs on where the money is going and who is handling it.
Have a separate username and password for each person who enters your records system. This is critical to electronic data security. Do not use “Admin” as a catchall username for several people. This could make it difficult to pinpoint who is making or adjusting transactions – a tempting scenario for would-be fraudsters.
Use an online bill-paying service. Attached to each electronic payment should be a copy of the bill – that way there is no question where the money is going. The person approving the expense will be able to see the bill and approve or flag it at a glance. If you must write actual checks the old-school way, put your checkbook in a locked place and stipulate that more than one person has to be involved in the process to get the check signed.
Conduct employment verification and background checks on your job candidates. Surprisingly, small businesses rarely run credit checks on candidates before hiring them. Both of these checks can highlight potential problems that might not otherwise show up on an application.
3. Keep the audit trail clear
Lock down prior periods in your accounting system so transactions posted in prior periods cannot be changed. Why? Unauthorized changes impact financial reports and statements, and it reduces the chance of someone being able to conceal fraudulent postings in the previous year’s records.
Once you lock down a prior period, your accounting system should be set up to flag any changes made to that financial period. This will bring to light any suspicious activity and reduce temptation for potential fraudsters. QuickBooks® has this capability.
Most systems have exception reports, which don’t allow deletions without leaving a trail. So, even if something is deleted from an invoice, it can be traced to the person who made the change. This is why everyone should have a unique user name and password. It’s also why you don’t delete your system’s previous users – doing so could keep you from finding the culprit in a fraud scheme.
Let’s say your office manager, Bob, is the one who is able to make adjustments or credits to invoices. Bob leaves the company, and a few months later someone notices discrepancies in the books. You might guess that it was Bob, but if you’ve deleted him as a user, you won’t be able to know for sure. Oftentimes problems show up after employees leave the company. By designating them “inactive” rather than deleting them from your system, you are able to see what they did before their departure.
4. Have policies and procedures
The most important way to reduce the risk of fraud is to set the right ethical attitude at the top. Management’s expectations and directives should be spelled out for employees. Your policies establish what should be done, and procedures show how to implement the policy.
You have to be specific, such as: You may not use the company assets for personal use; you may not use another person’s login on any computer system, etc. This information can be part of the employee handbook, and each employee should sign a document indicating they received the information.
Documentation helps prevent clerical errors, incorrect statements and – once trained – reduces the need for supervision.
Here’s a checklist to help you safeguard your small business:
- Do employees understand what constitutes fraud? Is it in the employee manual?
- Does management set the right tone? For example: If there’s zero tolerance for breaking policies, then it should be applied across the board.
- Do employees believe they can speak freely? Most fraud is discovered through whistle-blowers.
- Do employees know where to go for advice on reporting suspicious activity? Is it a third-party? Or someone in-house?
- Are anonymous surveys conducted to assess morale? Good morale can go a long way in preventing fraud – either by happy employees who won’t want to steal or happy employees who are vigilant in wanting to help protect the business.
One final thought
Your finances are the foundation of your business. Take time to divide tasks and duties appropriately and stay informed of what’s going on to help prevent fraud.
Remember, it’s not a matter of trust; it’s a matter of good business practices.
Through its Insperity® Reveal™ software, Insperity Financial Services has the tools you need to improve accuracy and oversight of your company’s finances. Get a free trial of Insperity Reveal to experience all your financial data in one simple system.
Watch a demo of Insperity Reveal.