Protecting Your Business Against Internal and External Fraud
As a business owner, you juggle multiple responsibilities, oversee a number of processes and projects, and wear numerous hats. The last thing you want to worry about—on top of everything else—is someone undermining your hard work and success. Unfortunately, every business is susceptible to fraud, largely due to the numerous types of fraud in existence. In their 2022 Global Economic Crime and Fraud Survey, PwC reports that 46% of surveyed organizations experienced fraud, corruption, or economic crimes in the last 24 months. Additionally, small businesses may be more vulnerable specifically to employee fraud compared to larger companies, as the often trusting and familial environment becomes more conducive to fraud. The solution is to create and enforce effective controls that address every possible area of exposure, both internally and externally. We’ll explain the ways in which fraud can occur as well as address preventative measures below.
Types of Fraud
Businesses are susceptible to multiple types of fraud that occur both internally and externally. Internal business fraud can take numerous forms in practice, but are generally separated into three categories:
- Asset misappropriation, which makes up the majority of business fraud. This typically entails situations in which an employee misuses or exploits a company’s resources—stealing cash before a transaction is recorded, making fraudulent reimbursement claims, or taking non-cash assets from the organization.
- Financial statement fraud, which tends to be less common but more costly. This involves intentionally misrepresenting information within the company’s financial reports, such as hidden liabilities or false revenues.
- Corruption, which entails employees misusing their influence within the organization. This is seen is cases of extortion, bribery, or conflict of interest.
External fraud varies by industry, but takes place in the occurrence of an unexpected financial, material, or reputational loss as the result of actions from someone outside of the organization. It originates with external perpetrators, such as hackers, customers, vendors, competitors, or third-party advisors. Instances of external fraud include theft, forgery, system hacking, theft of proprietary information, or fraudulent selling practices. For example, a vendor may sell a low-quality replacement for the price of a high-quality product, or send slightly fewer units of the product that was ordered. Or, a customer may falsely claim that they never received an order to receive a free replacement.
Measures to Avoid Fraud
Implement Screening Measures for New Hires
When you’re adding new members to your organization, it’s prudent to go a step beyond work history and reference checks—especially if you’re looking for accountants for hire who will handle sensitive financial information. Having a formal hiring routine, even at a small business, can help prevent fraud. Background checks should be executed for any staff handling payments, bank account information, or other sensitive data.
Maintain Internal Controls
Often, the best internal controls to implement are preventative ones, as they help to avoid accounting errors and discrepancies from occurring in the first place. These can include:
- Separation of responsibilities, meaning no one person is in charge of a financial transaction from start to finish
- Controlled access to the accounting system
- Expense verification
- Limited access to assets, such as cash, equipment, or inventory
Detective controls are similarly important, as they help to identify errors that have already occurred. Conducting regular internal audits, reconciliation, and inventory counts can help verify that your company isn’t being affected by fraudulent activity, as described below.
Conduct Financial Checks and Balances
Perform an internal review of your company’s finances each month. This can include matching payments to invoices, checking for missing documents, verifying vendor orders, or looking into large discrepancies between projections and actuals. Running random audits, or even bringing in a third-party to conduct an audit, shows employees that you’re dedicated to fraud prevention, and can deter future fraudulent behavior.
Protect Credit Card Information
As businesses have continued to become more cashless, especially in light of the COVID-19 pandemic, credit card fraud has only increased. In fact, credit card fraud is the most common type of fraud in the US. For small businesses especially, it’s crucial to separate business and personal accounts. Mixing business funds with personal funds does not only set you up for costly errors, but can make you susceptible to losing money on both sides if fraud occurs.
Be wary of who you provide your credit card information to, and only use secure, online bill payment services when possible.
Protect Computer and Online Systems
One large area for potential fraud lies within the systems that your employees regularly use, such as accounting software, ERPs, or even email. Start by controlling the number of employees that have access to the system; the more people that log in, the greater the chance of a breach of information or fraud. Additionally, invest in firewalls and anti-virus software, as well as employee training that teaches them to avoid phishing scams. Phishing scams are designed to look legitimate—such as a financial institution or service provider reaching out about a concern to one of your employees. Even requiring your employees to double-check email addresses before responding can safeguard you having sensitive information shared.
Train Employees to Look for Fraud
Employees that work in fraud-prone areas of the business, such as accounting or HR, should be trained to be able to identify warning signs of fraud as well as utilize prevention methods. Although it may seem counterintuitive, the employees that ultimately commit fraud often have close relationships with their coworkers. They are willing to work extra hours or take less vacation time, as this allows them to handle more responsibilities with less oversight.
Invest in anti-fraud training for your employees. You can also consider creating an anonymous reporting system for employees to submit their concerns about potentially fraudulent activity. Finally, working in tangent with your HR team can help you to create a strict code of ethical conduct that sets expectations for all of your employees.