By Howard I Gross, Steven W. Reed and Casey L. Higgs
A typical organization loses 5 percent of its annual revenue to fraud.
When a business owner or adviser ponders this finding from the Association of Certified Fraud Examiners’ (ACFE) 2012 Report to the Nations, one has to consider their own susceptibility to fraud. Initially, you convince yourself that you have a low risk for fraud because you operate a small business, employ trusted people (and know what they are doing) or the business has been operating for years. You believe “it can’t happen to me.”
You are wrong.
Small businesses historically have suffered disproportionately larger losses due to fraud than larger organizations. According to the 2012 ACFE report, the smallest organizations suffered the largest median losses. Further, nearly half of the victim organizations do not recover any of the fraud losses.
Billing and check tampering are the most common fraud schemes reported by the entities. A single individual in a smaller entity, such as the bookkeeper, many times performs the check writing and cash collection processes. Within larger entities, these duties are segregated, with a formal approval and authorization process in place. Small organizations typically lack the appropriate anti-fraud measures which leaves them especially vulnerable.
The likelihood of successful fraud prevention and detection at smaller organizations is relatively low due to:
The organization’s accounting firm performs a compilation or review and not a financial statement audit;
The belief that a fraud risk-management program is costly to implement;
The belief that a substantial increase in resources is necessary to deploy proper internal controls; and
Employees are family and/or close friends and there exists a relationship of trust.
An organization that receives a compilation or review and not an audit of the financial statements does not reap the benefits of having its operational processes and internal controls analyzed by auditors. Auditing standards require auditors to consider the risk of fraud when planning and performing audits, but this is not required in a compilation or review. While audits are beneficial for assessing internal controls, the ACFE report stresses that external audits should not be relied upon as a business’s primary fraud-detection method. In the survey, audits only detected 3 percent of the frauds and ranked poorly in limiting losses.
Small businesses can implement cost- effective control measures such as:
Employee education and fraud awareness
Simple segregation of duties
Job rotation and mandatory vacation
A company code of conduct
According to the ACFE report, hotlines are consistently the most effective fraud-detection method, but only 15 percent of small businesses have a hotline in place. Enacting hotlines, as well as all of the other inexpensive anti-fraud measures discussed above, can help business owners prevent fraud.
The belief that more resources are required to develop and implement proper internal control procedures also is misleading. An organization does not necessarily need to hire additional resources. A shift in roles, fraud training, and a proper segregation of duties can occur in organizations as small as three employees.
Lastly, businesses often employ family members and close friends, and there exists a relationship of trust. These businesses generally have very few controls in place, if any at all, because they rely on and trust those individuals. We recently encountered a fraud of this kind. A veteran employee of a small professional practice who was a longtime family friend allegedly misappropriated more than $100,000 in cash receipts over the course of four years. This particular employee was trusted by the owners and the perpetrator’s duties were not questioned nor were there proper controls in place to prevent or detect the ongoing fraud. Further, this person, like 87 percent of all perpetrators, was a first-time offender with a clean employment history.
The presence of anti-fraud controls significantly decreases the cost and duration of fraud schemes. According the ACFE report, organizations that had implemented any of the most common anti-fraud controls experienced lower losses and a shorter time to detection than organizations without controls.
Fraud can happen, especially in small businesses. The risk of fraud affecting your client increases without proper anti-fraud measures and controls. The first step of successful fraud prevention and detection is to acknowledge and be aware that fraud can occur. A seasoned forensic team can assist in evaluating your situation before it is too late.•
Howard I Gross, CPA/ABV/CFF, CFP; Steven W. Reed, CPA/ABV; and Casey L. Higgs, CPA/CFF, CFE, CVA are with BGBC Partners, LLP – Litigation, Forensic and Business Valuation. Contact BGBC at 317-633-4700 or visit www.bgbc.com. The opinions expressed are those of the authors.