Over the past few weeks, I have come across three separate instances of fraud being committed on a small or medium sized business, so I was prompted to write a post on this issue. Hopefully it will prompt business owners into looking for signs of fraud in their own business. All were very simple and unsophisticated crimes, and could have easily been prevented.
If you think that fraud is just a problem for large corporations and high finances, think again. Your small business is not safe from fraud, and may be under threat as we speak.
According to the Australian Institute of Criminology, fraud costs Australian business some $6 billion each year. Large organisations are the most common target for fraud, but small businesses (with less than 100 employees) suffer a higher median value of losses – $162,000 versus $110,000 for larger companies. That’s enough to wipe out the annual profit of many SME’s.
The first instance I wanted to highlight was actually perpetrated by a small business owner – on other (larger) businesses. The fraud was simple – sending false invoices for advertising in trade magazines that didn’t exist. Once the invoice was due, the target company would receive a phone call threatening recovery action and publicity if the invoice was not paid. The crime relied on the fact that invoices would be processed without question and without checking by the accounting/bookkeeping staff, because it looked legitimate. Had there been a process for cross-checking of invoices prior to payment, the fraud would have been discovered.
The fraudster was successful in reaping approximately $100,000 from over 100 companies before being caught.
However, when it came to prosecution of the fraudster, only 5 of these businesses were prepared to assist the prosecutors. The rest were too embarrassed, and did not want any publicity about their loss.
Amazingly, the fraudster went back for a second try at the same fraud, despite having been caught once. I suppose that given the lucrative rewards, and the low chance of his victims testifying against him, he thought the odds were sufficiently in his favour to give it another try.
The second instance that I was made aware of was a trusted employee who was engaged as a casual bookkeeper. This employee offered to bank the cash takings – to relieve another busy person of the task of going to the bank, waiting for the cash to be counted etc. Some of the cash takings would simply be deposited in the employee’s bank account instead.
Again, a highly simplistic and unsophisticated fraud which was eventually discovered. The employee was trusted to perform both the bookkeeping and the handling and banking of cash. Had these functions been separated, the opportunity to commit the fraud would not have been available.
Over time – and under time
Our third scenario involves a restaurant. Karen (not her real name) owned and supervised a small Italian restaurant for three years. She had four wait staff including Doris (not her real name either) – her head waiter and assistant manager. Doris had been with the restaurant since its opening and was, at first, an ideal employee. She would be first to arrive in the morning and last to leave at night. But Doris began to change. She frequently arrived late to work, or left early, or both. Karen was not aware of Doris’ cutting corners, because Karen personally did the payroll and had not seen anything unusual in Doris’s time-keeping. The fraud was discovered when the restaurant had a minor incident with a customer and Karen quizzed her employees as to where her assistant was at the time. The other staff came clean and admitted that Doris either arrived late or left early every day – sometimes both.
The time records did not show the true work hours however, because Karen had given Doris access for editing and correcting in the time-keeping system. Doris had simply been falsifying her own work hours.
Karen reviewed the restaurant’s CCTV to cross check her assistant’s actual login and logout time, and an internal audit revealed that Doris had claimed two to four unworked hours every day – and had been doing so for a year.
Karen admitted that although she had a digital time-keeping system, she never thought of verifying the actual login and log-out time of her employees. She trusted Doris to use the editing access of the time-keeping system in good faith.
Fraud most common
These three examples fit neatly into the 5 most common types of fraud committed on small business:
- False invoicing
- Transferring money to another bank account
- Cheque fraud
- Payroll fraud
- Skimming cash
Fraud- The Who and the Why
KPMG research shows that almost 75% of fraud cases are committed by people within the organisation – the people that we, as business owners, trust. Financial pressure is the biggest single reason given for committing fraud, with greed & lifestyle ambitions following closely. Interestingly, gambling has dropped significantly as a driver of fraudulent behaviour. Most fraud (71%) is committed by a person acting alone, as we have seen in these examples, and 91% of perpetrators had no known history of dishonesty. Men are 3 times more likely to commit fraud than women (two of the cases relayed above were committed by women however).
As we also saw in the false invoicing case above, most cases of fraud are never reported. Small businesses usually do not report or file fraud crimes due to company embarrassment. They feel that bad publicity is bad publicity – it is bad for the business and they avoid it at all costs.
So, while there is certainly no cookie-cut stereotype of a typical office fraudster, there are clear places to look for potential weaknesses in your business systems.
All three of the instances of fraud above could have been prevented by having robust business systems. In fact, according to KPMG, 47% of major frauds occur due to deficient internal systems and controls.
In short, very often trust takes the place of systems. This is particularly so in SME’s where there is a high degree of trust, and a corresponding lower level of checks and balances.
There are, however, some simple steps that business owners can take to minimise their exposure to losses through fraud, that don’t impinge on the daily operations of the business.
Trust is Not Cheap – While having trusted employees is important to your business success, trust does not replace good internal controls. Have crosschecks for deposits, bank withdrawals, invoicing and other key financial transactions. Schedule regular internal audits or, if your company can afford, hire an external qualified auditor. Employees are less likely to commit or even consider fraud, if they are aware that the company conducts regular audits. Better still, conduct a surprise one.
Choose wisely – As we have seem from the KPMG research, 91% of employees committing fraud have no prior record of dishonesty. This doesn’t mean that you shouldn’t do a thorough background check if you are hiring someone who will have access to company cash, credit cards, bank accounts, company books, and highly sensitive data. Better safe now than sorry later.
Divide and Conquer – Never let a single employee handle all or majority of financial responsibility. Separate the financial functions amongst your team so that no single employee can have too much financial access. Separate your personal account from business accounts.
Tech is Not Always the Key – Technology helps business processes, but technology alone cannot stop fraud. In fact, it often makes it easier – and faster. I have seen several instances where a trusted employee has access to the business owner’s bank login details – including personal accounts – to pay bills. This should be a separate function. All the major banks have the technology to separate payment creation and authorisation functions. They do have fees, but the fee is certainly cheaper than trying to recover from a case of fraud.
Monitor holidays – While the loyal employee who hasn’t taken a holiday or sick leave in years may seem to be the ideal person to have, this unwillingness to be away from their post may hide some activity that they don’t want others to detect.
Corporate Culture – Having a clear statement of your company’s attitude to fraud (including the fact that you will prosecute), and a corporate code of conduct sends a clear signal to the entire company that the organisation is proactive in preventing instances of fraud.
There are, of course, many other actions we can take as business owners to protect our businesses from fraud. We have also not touched at all on the issue of cyber-fraud in this post – that is a whole subject unto itself. These three instances that have appeared in the past few weeks merely prompted me to stress the value of having robust and documented business systems.
Systems aren’t just useful for compliance.
By Bronwyn Reid