Protect Your Assets

Does Your Organization’s Culture Inadvertently Promote Fraud?

Does Your Company's Culture Inadvertently Promote Fraud?

Occupational fraud committed by an employee or manager strikes 30 percent of U.S. small businesses, and losses can be devastating. The median small business loss is $150,000 per fraud incident, and 60 percent of small business fraud victims don’t recover any of their losses.1 From cash skimming to improper expense inflation or falsified billing, occupational fraud is a serious threat to the bottom line of small businesses.

Fraud protection starts with basic measures like segregating responsibilities, building information firewalls and creating robust audit procedures. To be most effective, fraud prevention must be part of a company’s culture. Defining acceptable and unacceptable behavior into a clear message of responsibility can build the environment that deters fraud.

Three-legged stool of fraud

David Sawyer, a forensic accountant with Frazier & Deeter, identifies three contributors to fraudulent behavior, “The three-legged stool of fraud - motive, opportunity and mindset. All three are usually present, and no one drives the other, but they all feed off of each other to create an environment where fraudulent behavior may emerge.”


The opportunity to successfully commit fraud usually occurs as due to a lack of internal controls. Sawyer says, “You want to separate approvals, authorization to release funds, access to funds, and audits/review of fund movement. By separating the initiation of the movement of money from the release of funds, companies can protect all employees and build an environment of trust.”

Separating duties distributes the approvals, authorizations, access and reconciliations of core financial functions, e.g., purchasing, payroll, accounts payable, accounts receivables, etc. Careful design of staff responsibilities in these functions can reduce the opportunity for fraudulent behaviors.

With cyber fraud, opportunity is often created by holes or gaps in systems. The reconciliation steps for systems may be automated, but assigning someone to review generated reports can identify areas of exposure to fraudulent behavior.


Individual mindset is a second, but powerful driver to an anti-fraud culture. Sawyer comments, “Fraud occurs because individuals rationalize their behavior with thoughts like ‘I’m only getting my fair share; I won’t get caught; there is plenty to go around; it won’t be missed; this is how business is done’. The tone from the top is critical to influencing individual mindset.”

Leadership sets the tone and creates a culture of ethical behavior. An example of honesty and fairness needs to show a commitment to zero-tolerance for unacceptable behavior. It means avoiding what may seem to be inconsequential acts, i.e., treating personal expenses as business costs; attending conferences for the “perk of the location”; hiring less-qualified family members or friends; treating vendors to trips or exclusive events with no link to business activity, etc., that blur right from wrong. “I’ve seen that these sorts of inconsequential behaviors can begin to chip away at a culture of honesty and trust — giving individuals the view that a little bit of fraud is acceptable.” says Sawyer.


Sometimes referred to as need or greed, motive can come from a variety of sources. Need often comes from personal situations: addictions, financial distress, garnished wages or family illness. In addition, it is often legitimate need that leads companies to hesitate in prosecuting cases of fraudulent behavior. Sawyer discusses cases of unprosecuted fraud, “While on one hand, executives are trying to show compassion in the face of an employee’s dire need, my concern is that they put other companies at risk by not prosecuting — and quite frankly, may leave themselves open to future fraud because other employees see fraud not being punished.”

Creating a culture that deters fraud

Sawyer recommends that you consider the following four steps to build a culture that deters fraud:

1. Assess your organization. Ask your financial team, e.g., CPA, financial consultants, to evaluate your organization and financial processes for improvement opportunity. By minimizing the opportunity, you will deter the likelihood of fraudulent activity. Consider separation of duties when assessing the approvals, authorization, access and internal audits that you have in place. If you have suspicions, use a surprise audit to get the most realistic picture of how systems are currently working.

2. Revise procedures. Based on the assessment, revise procedures and job duties for better reconciliation and limits on information access. Explain the benefits of new systems by helping employees see how reconciliation and auditing protect them and will create a more profitable, sustainable environment.

3. Celebrate ethical behavior. Overtly discuss, practice and celebrate a corporate commitment to ethical behavior. Send a message to employees with policies that reward the right thing and take a zero-tolerance approach to unethical behavior.

4. Minimize motive. Motive is difficult to combat, but awareness of employee issues outside of work and taking the initiative to help address them can prevent the pressures of dire financial situations, addictions, health issues, etc.

Supporting your fraud protection efforts

Fraud monitoring and protection, from creating the right culture to setting up the best preventative measure, absorbs energy, time and money. It’s important for business owners to understand the need to minimize the risk and distraction of fraud.

David Sawyer is a Partner with Frazier & Deeter LLC, where he leads the Firm’s Forensic Services practice. During his career as a forensic expert, he has investigated fraud, corruption or financial damages in more than 200 cases. He also consults with organizations on improvements of internal controls, as well as fraud prevention and detection.

Learn more about protecting your company from fraud and other business risks in SunTrust’s Small Business Best Practices Guides.

1 Association for Certified Fraud Examiners. (2016). FRAUD IN SMALL BUSINESS INFOGRAPHIC. Retrieved from Report to the Nation on Occupation Fraud and Abuse:

SunTrust Bank and its affiliates and the directors, officers, employees and agents of SunTrust Bank and its affiliates (collectively, “SunTrust”) are not permitted to give legal or tax advice. Clients of SunTrust should consult with their legal and tax advisors prior to entering into any financial transaction.

This content does not constitute legal, tax, accounting, financial or investment advice. You are encouraged to consult with competent legal, tax, accounting, financial or investment professionals based on your specific circumstances. We do not make any warranties as to accuracy or completeness of this information, do not endorse any third-party companies, products, or services described here, and take no liability for your use of this information.


Investment and Insurance Products:

Are Not FDIC or any other Government Agency Insured   Are Not Bank Guaranteed  May Lose Value 

© 2018 SunTrust Banks, Inc

equal housing logoSunTrust Bank is an Equal Housing Lender. Member FDIC

equal housing logoEqual Housing Lender. SunTrust Mortgage, Inc

SunTrust, SunTrust Mortgage, SunTrust PortfolioView, SunTrust Robinson Humphrey, SunTrust Premier Program, AMC Pinnacle, AMC Premier, Access 3, Signature Advantage Brokerage, Custom Choice Loan and SunTrust SummitView are federally registered service marks of SunTrust Banks, Inc. All other trademarks are the property of their respective owners.

Services provided by the following affiliates of SunTrust Banks, Inc.: Banking products and services are provided by SunTrust Bank, Member FDIC. Trust and investment management services are provided by SunTrust Bank, SunTrust Delaware Trust Company and SunTrust Banks Trust Company (Cayman) Limited. Securities, brokerage accounts and insurance (including annuities) are offered by SunTrust Investment Services, Inc., a SEC registered broker-dealer, member FINRA, SIPC, and a licensed insurance agency. Investment advisory services are offered by SunTrust Advisory Services, Inc., a SEC registered adviser. GFO Advisory Services, LLC is a SEC registered investment adviser that provides investment advisory services to a group of private investment funds and other non-investment advisory services to affiliates. Mortgage products and services are provided by SunTrust Mortgage, Inc.

SunTrust Mortgage, Inc. - NMLS #2915, 901 Semmes Avenue, Richmond, VA 23224, 1-800-634-7928. CA: licensed by the Department of Business Oversight under the California Residential Mortgage Lending Act, IL: Illinois Residential Mortgage Licensee #MB-989, Department of Financial and Professional Regulation, 100 W. Randolph, Suite 900, Chicago, IL 60601, 1-888-473-4858, MA: Mortgage Lender license #-ML-2915, NJ: Mortgage Banker License - New Jersey Department of Banking and Insurance, NY: Licensed Mortgage Banker—NYS Department of Financial Services, and RI: Rhode Island Licensed Lender.

"SunTrust Advisors" may be officers and/or associated persons of the following affiliates of SunTrust Banks, Inc.: SunTrust Bank, our commercial bank, which provides banking, trust and asset management services; SunTrust Investment Services, Inc., a registered broker-dealer, which is a member of FINRA and SIPC, and a licensed insurance agency, and which provides securities, annuities and life insurance products; SunTrust Advisory Services, Inc., a SEC registered investment adviser which provides Investment Advisory services.

SunTrust Private Wealth Management, International Wealth Management, Business Owner Specialty Group, Sports and Entertainment Group, and Legal and Medical Specialty Groups and GenSpring are marketing names used by SunTrust Bank, SunTrust Banks Trust Company (Cayman) Limited, SunTrust Delaware Trust Company, SunTrust Investment Services, Inc., and SunTrust Advisory Services, Inc.

SunTrust Bank and its affiliates do not accept fiduciary responsibility for all banking and investment account types offered. Please consult with your SunTrust representative to determine whether SunTrust and its affiliates have agreed to accept fiduciary responsibility for your account(s) and if you have completed the documentation necessary to establish a fiduciary relationship with SunTrust Bank or an affiliate. Additional information regarding account types and important disclosures may be found at

SunTrust Robinson Humphrey is the trade name for the corporate and investment banking services of SunTrust Banks, Inc. and its subsidiaries, including SunTrust Robinson Humphrey, Inc., member FINRA and SIPC.