Business Fraud Prevention Checklist
Fraud incidents tend to disproportionately affect small businesses, especially organisations with fewer than 100 employees. They suffer higher losses according to the most recent study from the Association of Certified Fraud Examiners (ACFE). The primary reason why this occurs is that these businesses generally do a poor job of proactively preventing and detecting fraud. Business owners/management needs to accept the fact that fraud is commonplace and can happen to any business. Fortunately, the risk of fraud can be managed. Here is a checklist of simple and affordable measures that small and midsize business owner can take to combat the threat of fraud.
Set an appropriate ethical example for employees to follow. Employees will follow the lead of management, whether that lead is ethical or not.
- Communicate to employees. Organisations should communicate the behavior that is expected of their employees. Establish a code of conduct or fraud policy and provide anti-fraud training to managers and all employees of the organisation.
- Control the mailroom. Remittances from customers should be directed to a post office box. In small organisations, the owner or an employee who has no responsibilities related to recording deposits or accounts receivable records or revenue should pick up the mail.
- Review bank statements before your bookkeeper. The business owner should have the bank statements sent directly to them or picked up by somebody who has no cash responsibilities. It should be delivered unopened to the owner. The owner should review for the following red flags:
- Unexpected overdrafts or declines in cash balances
- Missing or out of sequence checks
- Unknown payees
- Altered checks or checks signed by unauthorized personnel
- Maintain current and accurate accounting records. Check bank and other control accounts on a monthly basis and know how much it costs to run your business. Review financial reports and any exception reports and sign up for text and email alerts.
- Monitor approved vendor lists. Verify the credentials of all new vendors before they are authorized to supply your organisation. Control access to new vendor set-up and ensure that you periodically review the list of approved vendors, being alert for the following red flags:
- Vendors with no physical address (P.O. Box) or telephone number
- Vendors with names similar to employees or other vendors
- Unknown vendors
- Minimize the number of authorized check signers. If possible, the owner of the organisation should sign all checks. If this is not possible then hire two fraud and forensic accounting signers over a specified dollar amount but remember to verify their credentials. Do not use a signature stamp and neither sign blank checks. Review supporting documentation with checks and question any improprieties.
- Physically secure the business premises and assets. Restrict after-hours access and limit access to high-risk areas to only those people who truly require it. The use of video surveillance or a keypad lock can be very effective in preventing fraud.
- Insist that employees take a vacation. This helps establish a schedule of rotation of employee responsibilities. This practice will minimize management’s reliance on any one individual while providing a disincentive to commit fraud.
- Review computer security. Basic measures can deter criminals who are looking for easy targets. Protect your network with firewalls and anti-malware products. Access should be limited to job responsibilities and passwords should be changed on a regular basis.
Be alert to changes in employees’ behaviors, attitudes and lifestyles. As you interact with employees on a daily basis, you have the ability to observe changes in what otherwise might be considered their normal behavior. Some of the indicators to consider in this area would be the following:
- Severe stress
- Financial difficulties
- Alcohol or drug abuse
- Serious illness
- Extreme nervousness
- Dissatisfaction with bonus or lack of promotion
- Living beyond means
- Provide means for employees to report suspected fraud. Employees are the assets of a company and their tips result in the detection of fraud more than any other method. So, implement a fraud hotline, suggestion box or other anonymous means for employees to report fraud occurrences.
- Obtain adequate fidelity bond insurance. In case if fraud occurs, you have the potential for recovery through insurance. Coverage limits vary and should be reviewed periodically for adequacy.
- Reminder. An external audit by a CPA firm should be performed on a regular basis to obtain reasonable assurance about whether financial statements are free of material misstatement caused by error or fraud. It is management’s responsibility to design and implement programs and controls to prevent, deter, and detect fraud.
Fraud is a crime that affects or has the potential to affect, every business on a global basis. Nothing you can do will completely eliminate the possibility that your business will become a victim of fraud. However, by following these simple steps you can go a long way towards the prevention and early detection within your organisation and implementing controls like having fraud and forensic accounting performed to help identify unusual activity. For more information, contact Robert L. Bates, CFE, CPA.