5 Practical Ideas to Help Prevent and Detect Fraud in Small Businesses

March is fraud prevention month and in this post we focus on fraud prevention for small businesses, which is a sub-sector that is particularly vulnerable to fraud because many organizations of this size don’t have proper controls in-place. Furthermore, in order to function successfully management and employees have a lot of trust in one another. That can create opportunities where a fraudster can conduct their activity with out much difficulty.

There are some measures that a small business owner can take to ensure that internal fraud is limited in their organization, such as:

  • Engender a Culture of Integrity in the Business: If employees believe that owners or managers take unfair advantage of other parties, whether those people are employees or outside resources, the employees are likely to believe that behavior is acceptable and they may attempt to take advantage themselves. Most fraudsters attempt to justify their activities when they are contemplating fraud and an ethical tone at the top within the organization makes the activity harder to rationalize.
  • Mandatory Vacations: In small businesses one person can wear many hats. Ensure that employees take mandatory vacations and have someone else perform their duties. This is particularly important in accounting functions such as accounts payable, deposits, bank reconciliations and payroll. If the owner/manager is not capable of doing the work, then they should hire an outside accounting company or book keeper to assist. If an outside firm normally handles that function, have a backup person do it for a month.
  • Basic Physical Security Procedures:  Basic security measures can prevent and detect fraud. Alarm systems and door codes that log when personnel enter and leave a premises can help establish a timeline if a fraud event occurs. Security cameras can also be helpful in this regard; however they should be only in places where there is no heightened expectation of privacy. Locking up negotiable instruments (i.e. cheques), signature stamps and employee files will help prevent fraud and identity theft. Shredding documents that are no longer necessary will also aid in preventing fraud.
  • Basic IT Security Procedures: Having properly assigned user names, passwords and permissions on IT systems are  important steps in deterrence and detection of fraud. For example, if a person does not need to be able to access the accounting system for their work, then they should not have access to it. Furthermore within systems it is important that permissions are properly set, so that if a person only needs to access one part of the system (i.e. to enter time) that is the only part of the system they are allowed to access. Finally many organizations neglect to ‘turn on’ the logging  functions on their systems which show what user names accessed which functions at a given time. These are very helpful in conducting investigations and can deter would be fraudsters if they know their activities are logged. Owners should consider consulting with an employment lawyer regarding what clauses should be contained in an employee’s contract with respect to having the ability to review an employee’s activities on IT systems.
  • Risk Ranked Due Diligence: We always recommend conducting due diligence on counter-parties, but we strongly believe that due diligence should be commensurate with the level of risk involved in a transaction. For example for a new hire that has no access to financial information and no ability to spend the company’s money, it may be sufficient to have a basic criminal records check done; however, if an organization is hiring a new purchasing manager, CFO or comptroller then the level of due diligence should be increased substantially. Furthermore when considering entering into a partnership arrangement or investing in a new venture, due diligence relating to the background of the individuals and organizations involved is a must. Red flags include a history of financial difficulties,  litigation, regulatory sanction or criminal charges, reputation issues in the news or on social media. It is most important to conduct a basic verification to ensure that the people you believe you are dealing with are in fact who they say they are.

Personnel are the primary asset of any business and business opportunities are the lifeblood of any private sector organization; however with a few basic adjustments to an organization’s culture, policies and procedures the incidents of fraud can be reduced dramatically and when fraud is committed, it can be detected more easily.