How Annual Assessments Can Prevent Fraud in Your Business

Small businesses lose a crippling amount of money each year to fraud due to a lack of awareness of the risks or a lack of seriousness in dealing with them. To prevent fraud in your business, you need to know how and why it occurs to put the proper controls in place.

What would happen to your business if it suddenly lost $150,000? A loss of that magnitude could cripple many businesses. Yet, based on cases that were actually reported, that is the median loss suffered by small businesses in 2018. For many businesses, a loss that large would sound alarms. However, employee fraud tends to occur over time, making it less noticeable and, therefore, more devastating. On average, small businesses lose six percent of their annual revenue to fraud – a rate of loss few enterprises can withstand.

While small businesses are more vulnerable to fraud than big companies, it’s not entirely due to a lack of resources – although that does play a part. The primary reason is their lack of awareness of fraud risk. Even with minimal resources, small businesses can effectively mitigate fraud risks when they know how and why it occurs.

How Fraud Occurs

It’s probably no surprise that most fraud occurs within the financial functions of a business, specifically in the areas of employee expenses, procurement, and payroll.

Expense reimbursement: An employee inflates his expenses with fake travel activities or by increasing the amount of expenses.

Business credit cards: Employees using business-issued credit cards to pay for personal expenses.

Procurement: An employee creates a purchase order for goods or services and then diverts them for personal use; or an employee creates a phantom vendor account, through which fake invoices are processed with funds paid to the employee as the phantom vendor.

Payroll fraud: It could be as simple as an employee padding his time log to receive overtime payments or a payroll staffer creating a phantom employee with fake time logs.

Knowing where and how fraud could occur in your business is the first step. The second and more critical step is to gain a clear understanding of your business’s specific fraud risks.

Assessing Fraud Risk in Your Business

The type and level of fraud risk can vary from business to business depending on its size, structure, and industry. The only way to identify your business’s vulnerabilities is with a fraud risk assessment that should be conducted at least once a year. A fraud risk assessment should involve your management team, Board of Directors, and an audit committee or a Certified Public Accountant. Larger businesses should engage a Certified Fraud Examiner who can guide the assessment while assisting in developing internal controls.

While it is an investment of your time and resources, consider the return on investment for preventing the loss of $150,000.

Conducting a Fraud Risk Assessment

A thorough fraud risk assessment is an end-to-end process that begins with identifying risks and leads to developing responses and controls. The process should be ongoing with periodic monitoring and assessment of control effectiveness. Here are the critical components of fraud risk assessment:

Identify potential fraud risks or schemes. In addition to the more common schemes described above, consider all internal and external vulnerabilities specific to your business.

Probability of occurrence. Rank the likelihood of occurrence from highly unlikely to a near certainty and the frequency of occurrence from rare to very frequent.

Impact on the organization. For each fraudulent activity, rate its financial impact on the organization from incidental to catastrophic.

Identify existing fraud prevention controls. List the internal controls used to prevent or detect specific fraudulent activities.

Assess the effectiveness of existing controlsfrom ineffective to high effectively.

Propose corrective actions.Propose additional controls to cover newly discovered risks or improve existing controls.

Assign responsibilities. Assign development, implementation, and monitoring of controls to appropriate personnel.

Assessment review: Schedule regular reviews of your fraud risk assessment to include a reassessment of potential risks and the effectiveness of internal controls.

Implement Fraud Prevention Procedures

Most small businesses have limited resources to address all their risk exposures. The assessment will tell you where you need to act first – based on the probability of occurrence and the impact on the organization. Many of the controls can be procedural, which might only require a reallocation of some resources.

Preventative procedures can include periodic surprise audits, fraud education and training, and establishing and communicating a code of conduct. Detective procedures could consist of establishing a fraud hotline for employees, customers, and vendors, along with reporting mechanisms. Fraud response procedures are the corrective actions taken immediately to minimize damage, including a coordinated approach to investigation and remedial action protocols.

Communicate Your Fraud Policy
One of the more effective ways to reduce fraud is to develop a formal fraud policy and communicate it to all employees. It should also be shared with vendors and customers who can play a crucial role in fraud prevention. Companies that spend more time talking about fraud with their employees tend to experience less of it.

 

Recent articles: