We often hear more about fraud at large companies because of the hefty price tags involved and the large number of investors who may be affected. But the sad fact is that when small businesses experience a fraudulent event, they may be hit much harder and have more difficulty absorbing the losses. Innocent employees may lose their jobs, personal investments may be lost, and creditors may be wary of helping out the victimized business in the future. And smaller companies are more likely to experience a fraud than large ones.
In the past two years, nearly 30 percent of reported organizational fraud cases occurred at companies with fewer than 100 employees, and 24 percent of cases occurred at companies with between 100 and 999 employees, according to the Association of Fraud Examiners (ACFE) 2014 Report to the Nations.
And from a loss-to-revenue standpoint, their impact hurt more. Organizations with fewer than 100 employees had a median loss of $154,000, while those with 100-999 employees had a median loss of $130,000. The victim organizations with over 10,000 employees made up just 20 percent of the reported cases, experiencing a median loss of $160,000. (Keep in mind while all those median losses are at the six-figure level, one-fifth of all reported cases involved losses of over $1 million.)
The problem for many of these companies is they didn’t realize that fraud could be instigated by their most trusted employees.
A common thread
Smaller companies may underestimate their risk, thinking “it can’t happen to me.” And yet small organizations are disproportionately harmed by fraud losses, often due to employee misconduct, a lack of internal controls and segregation of duties.
And what kind of fraud is most prevalent? The fraud schemes most common in small businesses include corruption (33%), billing fraud (29%) and check tampering (22%). Embezzlement happens, particularly in organizations with inadequate controls or segregation of duties.
Awareness can reduce the risk
There are inexpensive and tangible actions that even the smallest of companies can take to reduce the risk of fraud:
- Implement a code of conduct, and have employees acknowledge their compliance annually.
- Perform supervisory or management reviews, particularly of complex, unusual or non-standard transactions.
- Segregate duties that involve payments (e.g., adding vendors and employees to systems vs. paying them).
- Separate cash handling, including bank deposits from bank reconciliation activities.
- Hold employees accountable for the completeness and accuracy of financial statements (e.g., certification).
- Provide a whistleblower hotline, keeping these points in mind:
- While 68% of companies with over 100 employees have fraud hotlines, they are found only in 18% of companies with fewer than 100 employees, yet these simple tools reportedly reduced the median duration of fraud from 24 months to 12 months!
- Posters improve hotline awareness within a company, and when the hotline can be accessed through the company extranet, customers and vendors have a vehicle to report potential fraud if necessary.
- Educate employees on how best to raise flags and report suspicious activities.
The fact is that resource-strapped companies can prioritize activities that are proven to effectively reduce the risk and duration of frauds. For example, consider the feasibility of the following:
- Fraud risk assessment: Identify your company’s fraud risks and brainstorm how a fraud might occur within company boundaries. If an insider wanted to do something inappropriate, would anyone take notice? Does the company have adequate controls to mitigate these potential risks? A formal fraud risk assessment tailored specifically to your company might be just what the doctor ordered and may help your organization avoid becoming the next victim.
- Fraud training: Do employees know the warning signs of fraud? Teaching them the basics about fraud risks, red flags and the procedures for reporting suspicious activities may empower your team members to speak up or raise a concern.
- Regular and surprise audits: Consider asking an internal auditor to conduct an occasional deeper dive audit in areas of potential risk. Should this include financial, cash handling processes, inventory or related party transactions?
It has been reported that companies lose 5% of their revenues to fraud. You don’t want your company to be the next one victimized or to be known for ineffective controls and management.
Alisanne Gilmore-Allen is a recent addition to the RoseRyan dream team. She is a Certified Fraud Examiner as well as a Certified Internal Auditor, Certified Information Systems Auditor, and she has a Certification in Risk Management Assurance. Alisanne spent over seven years helping Big 4 clients with enterprise risk management, and she has consulted for and headed the internal audit departments at Bay Area technology companies.