No one wants to think that their employees would try to steal money or defraud their company in some way.
But it happens. Unlike in very large companies where employee fraud might result in prosecution or newspaper headlines, employee theft in small or medium-sized businesses is largely unreported and often just a loss for owners.
The number of fraud cases and the amount of fraud losses is growing in the United States and around the world. The biggest factor that puts smaller or mid-sized companies at risk is that because of fewer employees, too many financial-related duties are in the hands of one person, making it easier to steal money without anyone noticing.
Most of the frauds we see in smaller businesses are pretty basic. For example, someone who processes accounts payable checks will make a check out to themselves, but record it in the accounting system as going to a company vendor. That person may forge the owner's signature on the check, or simply have a signature stamp, making it even easier. If this person is also the one who reviews the monthly bank statements of cancelled checks, no one ever notices the discrepancy.
Studies have shown that most frauds have a duration of about 18 months before being discovered. Typically, an insurance company might cover a loss from employee theft, but insurance might require you to prosecute the employee first. Or you may have a high deductible. The best way to stop loss is to prevent it.
There are three factors that are needed to commit fraud. First, something is occurring in someone's life that makes them feel they need to get their hands on more money than they are making now. Second, they have rationalized that it is okay to engage in a fraudulent scheme. Finally, there must be an opportunity to commit fraud. The only factor that a company can control is opportunity to commit fraud, which is reduced through strong internal controls.
So how does a company improve internal controls and reduce opportunity for theft? The best method is to have adequate segregation of duties in all significant accounting processes to ensure multiple employees are responsible for authorizing transactions, recording transactions, reconciling transactions, and having access to cash or other assets. If only one person is responsible for all four of these functions, committing fraud is simply too easy.
A risk assessment can identify where a company is vulnerable and what controls are needed to prevent fraud and detect it. Once the controls are in place, top managers should regularly monitor compliance to ensure they are being followed. Designing good internal controls is only half the battle; you must make sure controls are not being circumvented.
Good financial oversight by owners and management is one of the best measures for detecting a significant fraud.
If you are an owner, you should actively and regularly review financial statements, following up on any unusual amounts or relationships. This review should include the balance sheet and the profit and loss statement. Too often, management will only focus on the profit and loss statement and the bottom line income without reviewing the balance sheet where many fraudulent transactions can be buried.
Owners can also work with their outside CPA for guidance. If your company currently has an annual audit by an independent CPA, they will already be assessing your internal controls and providing you with a report with suggested improvements. If you do not currently have an annual audit, you can engage an independent CPA to perform an internal control assessment consultation to identify weaknesses and potential improvements.
Steve Thomason is a Senior Manager in the LBMC Audit and Advisory practice. He can be reached at 423-756-6585 or firstname.lastname@example.org.