Occupational fraud committed by an employee or manager strikes 30 percent of U.S. small businesses, and losses can be devastating. The median small business loss is $150,000 per fraud incident, and 60 percent of small business fraud victims don’t recover any of their losses.1 From cash skimming to improper expense inflation or falsified billing, occupational fraud is a serious threat to the bottom line of small businesses.
Fraud protection starts with basic measures like segregating responsibilities, building information firewalls and creating robust audit procedures. To be most effective, fraud prevention must be part of a company’s culture. Defining acceptable and unacceptable behavior into a clear message of responsibility can build the environment that deters fraud.
Three-legged stool of fraud
David Sawyer, a forensic accountant and financial crimes investigator for civil litigation and criminal prosecution, identifies three contributors to fraudulent behavior, “The three-legged stool of fraud - motive, opportunity and mindset. All three are usually present, and no one drives the other, but they all feed off of each other to create an environment where fraudulent behavior may emerge.”
The opportunity to successfully commit fraud usually occurs as due to a lack of internal controls. Sawyer says, “You want to separate approvals, authorization to release funds, access to funds, and audits/review of fund movement. By separating the initiation of the movement of money from the release of funds, companies can protect all employees and build an environment of trust.”
Separating duties distributes the approvals, authorizations, access and reconciliations of core financial functions, e.g., purchasing, payroll, accounts payable, accounts receivable, etc. Careful design of staff responsibilities in these functions can reduce the opportunity for fraudulent behaviors.
With cyber fraud, opportunity is often created by holes or gaps in systems. The reconciliation steps for systems may be automated, but assigning someone to review generated reports can identify areas of exposure to fraudulent behavior.
Individual mindset is a second, but powerful driver to an anti-fraud culture. Sawyer comments, “Fraud occurs because individuals rationalize their behavior with thoughts like ‘I’m only getting my fair share; I won’t get caught; there is plenty to go around; it won’t be missed; this is how business is done’. The tone from the top is critical to influencing individual mindset.”
Leadership sets the tone and creates a culture of ethical behavior. An example of honesty and fairness needs to show a commitment to zero-tolerance for unacceptable behavior. It means avoiding what may seem to be inconsequential acts, i.e., treating personal expenses as business costs; attending conferences for the “perk of the location”; hiring less-qualified family members or friends; treating vendors to trips or exclusive events with no link to business activity, etc., that blur right from wrong. “I’ve seen that these sorts of inconsequential behaviors can begin to chip away at a culture of honesty and trust — giving individuals the view that a little bit of fraud is acceptable.” says Sawyer.
Sometimes referred to as need or greed, motive can come from a variety of sources. Need often comes from personal situations: addictions, financial distress, garnished wages or family illness. In addition, it is often legitimate need that leads companies to hesitate in prosecuting cases of fraudulent behavior. Sawyer discusses cases of unprosecuted fraud, “While on one hand, executives are trying to show compassion in the face of an employee’s dire need, my concern is that they put other companies at risk by not prosecuting — and quite frankly, may leave themselves open to future fraud because other employees see fraud not being punished.”
Creating a culture that deters fraud
Sawyer recommends that you consider the following four steps to build a culture that deters fraud:
1. Assess your organization. Ask your financial team, e.g., CPA, financial consultants, to evaluate your organization and financial processes for improvement opportunity. By minimizing the opportunity, you will deter the likelihood of fraudulent activity. Consider separation of duties when assessing the approvals, authorization, access and internal audits that you have in place. If you have suspicions, use a surprise audit to get the most realistic picture of how systems are currently working.
2. Revise procedures. Based on the assessment, revise procedures and job duties for better reconciliation and limits on information access. Explain the benefits of new systems by helping employees see how reconciliation and auditing protect them and will create a more profitable, sustainable environment.
3. Celebrate ethical behavior. Overtly discuss, practice and celebrate a corporate commitment to ethical behavior. Send a message to employees with policies that reward the right thing and take a zero-tolerance approach to unethical behavior.
4. Minimize motive. Motive is difficult to combat, but awareness of employee issues outside of work and taking the initiative to help address them can prevent the pressures of dire financial situations, addictions, health issues, etc.
Supporting your fraud protection efforts
Fraud monitoring and protection, from creating the right culture to setting up the best preventative measure, absorbs energy, time and money. It’s important for business owners to understand the need to minimize the risk and distraction of fraud.