Business Fraud Prevention Checklist
Small businesses (organizations with fewer than 100 employees) continue to suffer disproportionately higher losses according to the most recent study from the Association of Certified Fraud Examiners. One of the reasons this occurs is that these businesses generally do a poor job of proactively preventing and detecting fraud. Owners/management needs to accept the fact that fraud is commonplace and can happen at any business. The good news is that the risk of fraud can be managed. Following is a checklist of simple and affordable measures for the small and midsize business owner to combat the threat of fraud.
Set an appropriate ethical example for employees to follow. Employees will follow the lead of management, whether that lead is ethical or not.
- Communicate to employees the behavior that is expected of them. Develop a code of conduct or fraud policy and provide fraud training to managers.
- Control the mailroom. Remittances from customers should be directed to a post office box. In small companies, the owner or an employee who has no responsibilities related to recording deposits or accounts receivable records or revenue, should pick up the mail.
- Review bank statements before your bookkeeper. The owner should either have the statements sent directly to them or picked up by someone who has no cash responsibilities and delivered, unopened, to the owner. The owner should review for the following red flags:
- Unexpected overdrafts or declines in cash balances
- Missing or out of sequence checks
- Unknown payees
- Altered checks or checks signed by unauthorized personnel
- Maintain current and accurate accounting records. Bank and other control accounts should be reconciled on a monthly basis and reviewed periodically by the Company’s outside accountant. Review financial reports and any exception reports on a monthly basis.
- Monitor approved vendor lists. Verify the credentials of all new vendors before they are authorized to supply the Company. Control access to new vendor set-up. Owners should periodically review the list of approved vendors, being alert for the following red flags:
- Vendors with no physical address (P.O. Box) or telephone number
- Vendors with names similar to employees or other vendors
- Unknown vendors
- Minimize the number of authorized check signers. If possible, the owner should sign all checks. If not possible, require two signers over a specified dollar amount. Never sign blank checks. Review supporting documentation with checks and question any improprieties. Do not use a signature stamp.
- Physically secure the business premises and assets. Restrict after hours access and limit access to high risk areas to only those who truly require it. The use of video surveillance or a keypad lock can be very effective in preventing fraud.
- Insist that employees take vacation and establish a schedule of rotation of employee responsibilities. This practice will minimize management’s reliance on any one individual while providing a disincentive to commit fraud.
- Review computer security. for proper administration and access rights. Access should be limited to job responsibilities and passwords should be required to be changed on a regular basis.
Be alert to changes in employees’ behaviors, attitudes and lifestyles. Because you interact with employees on a daily basis, you have the ability to observe changes in what otherwise might be considered their normal behavior. Some of the indicators to consider in this area would be the following:
- Severe stress
- Financial difficulties
- Alcohol or drug abuse
- Serious illness
- Extreme nervousness
- Dissatisfaction with bonus or lack of promotion
- Living beyond means
- Provide means for employees to report suspected fraud. Employee tips result in the detection of fraud more than any other method. Consider implementing a fraud hotline,suggestion box or other anonymous means for employees to report fraud occurrences.
- Obtain adequate fidelity bond insurance. In the event fraud should occur, at least you have the potential for recovery through insurance. Coverage limits vary and should be reviewed periodically for adequacy
- Reminder. An external audit by a CPA firm is performed to obtain reasonable assurance about whether financial statements are free of material misstatement caused by error or fraud. It is management’s responsibility to design and implement programs and controls to prevent, deter, and detect fraud.
Fraud is a crime that affects, or has the potential to affect, every business on a global basis. Nothing you can do will completely eliminate the possibility that your business will become a victim to fraud. However, by following these simple steps you can go a long way towards the prevention and early detection within your organization. For more information, contact Robert L. Bates, CFE, CPA