Small Business Owner's Fraud Checklist
Fraud is commonplace and can happen to any business, as evidenced by the frequent news stories on the subject. Though business owners have developed a heightened awareness of the potential for fraud, the 2016 Global Fraud Study by the Association of Certified Fraud Examiners (ACFE) revealed that the impact on businesses continues to grow. For some perspective, try to absorb that the total loss reflected in the 2016 study of just 2,410 reported cases was $6.3 billion, with median loss for all U.S. cases at $120,000 and 23.2% of cases causing losses of $1 million or more.
The most common forms of occupational fraud are asset misappropriation (billing schemes and check tampering schemes, payroll, and expense reimbursements), financial statement fraud and corruption (more likely to occur at large organizations). The types of fraud vary somewhat by industry and are illustrated in the ACFE’s interactive chart here.
How is Fraud Carried Out?
Knowing the most common ways that fraud is carried out and concealed can help you understand what to watch closely and why. For example, the ACFE study showed that occupational fraud is often concealed through:
- Creation of fraudulent documents
- Altering documents
- Altering transactions in the accounting system
- Creating fraudulent transactions in the accounting system
- Destroying or altering electronic documents
- Altering journal entries
How is Fraud Detected?
Most often from:
- A tip (employees, vendors and customers)
- The study also showed that a significantly higher percentage of fraud was detected from tips in organizations that had a fraud hotline in place.
- Internal audit
- Management review
Small businesses have a staggeringly higher risk of fraud than large companies due to lack of internal controls. As with previous studies, the 2016 report shows that strong internal controls are a critical step to fraud prevention.
As a business owner or executive, what can you do? There are some basic actions business owners should take and review on a regular basis. Our checklist is provided below, but is also available for download by clicking the PDF icon above.
- Check references and run background checks on all prospective employees and vendors. Ask previous employers if the prospective employee is eligible for rehire.
- Develop a written code of conduct that explicitly prohibits fraud, conflicts of interest, kickbacks and other illegal acts. Require that all employees annually confirm compliance with the code and that major vendors and customers are provided with a copy of the code. Practice and strictly enforce the code.
- Owners who dip into petty cash, fudge on an expense report or set other examples of loose business behavior will find employees rationalizing dishonest actions. Set an ethical example for employees to follow and treat them with respect and fairness, including fair pay.
- Carry adequate fidelity insurance to limit your company’s exposure to fraud losses.
- Ensure that no employees or vendors are added to the payroll or approved vendor listing without your approval. Periodically review the payroll and approved vendor list to ensure none have been added without your knowledge.
- When employees leave, be sure to disable access codes and passwords immediately on such things as software, network, email, laptops, hard drives, office, banking information if they had access and even online subscriptions. While not an all-inclusive list, this should provide a start to a list of the technology that could be vulnerable. Ensuring that your technology is secured can help prevent breaches.
- Personally approve large credit memos, price concessions and bad debt write-offs.
- Have customers mail payments directly to a lock-box maintained by your bank.
- Require that your receptionist or someone independent of the accounting department open the mail and log cash receipts received at your office location.
- Periodically reconcile daily cash receipts logged by the receptionist (or other) to individual customers account details, as well as the amount deposited per the bank statement.
- Examine all original invoices and receiving documents (not copies) when signing checks to ensure that the prices are reasonable, that goods were actually received and that the vendor is legitimate.
- Never use a signature stamp for check signing. Notify your bank that only original signatures are valid.
- Require that the bank obtain your authorization for all electronic fund transfers.
- Notify your bank that the employee who makes the daily bank deposit is not authorized to receive “cash back” from your deposit.
- Have your company’s financial statements audited annually by a CPA. The cost of fraud losses is 35% lower in companies that have an internal or external audit.
- Have supervisors review employee time daily to ensure time worked was reported accurately.
- Monthly bank statements should be delivered unopened to the owner, who should review them in detail for irregularities such as unexpected declines in balance, overdrafts and unusually large disbursements.
- Cash disbursements and receipts should be reviewed in detail by a CPA at least annually to ensure all recorded transactions are supported by valid source documentation and are consistent with business reality.
- All bank accounts should be reconciled monthly. These reconciliations should be reviewed periodically by a CPA to ensure the propriety of the reconciliation.
- Have an open door. 26% of employee fraud is discovered and reported by a fellow employee. Ask your employees to identify ways in which someone could commit fraud at your company and the ways to avoid it. Offer monetary rewards to employees who report fraud.
- Review monthly financial statements in comparison to budget and prior period actual and investigate unusual fluctuations. Also compare financial ratios to expectations.
- Take note of employees who appear to live substantially beyond their means.
- Send monthly statements of customer account balances. The statement should indicate the name and number of a contact person, who is independent of the accounting department, to call with complaints/discrepancies.
- Have a CPA review the payroll function at least annually to ensure that pay rates are consistent with the employee’s personnel file and that hours paid agree to manual timecards or time sheets.
- Require that key accounting personnel take a vacation at least annually and that someone perform their job function in the interim to detect possible irregularities.
- Perform a full goods and fixed asset physical inventory at least annually and investigate significant shrinkage.
Prevention and Investigation
According to the 2016 ACFE study, the presence of anti-fraud controls correlated with lower fraud losses and quicker detection. Unfortunately, small businesses are less likely to make fraud prevention a priority and are more susceptible to significant financial damage should fraud occur.
Smith & Howard’s Red Flag Reporting Service provides a confidential 24/7 ethics and fraud hotline for your employees to use in the event they witness or suspect ethics violations or fraud in the business. We provide education for all employees, monitoring, multiple languages in the hotline system and complete confidentiality.
Please complete the contact form below for more information on:
- Internal control review, design/update and implementation
- Red Flag Reporting Services
For a printable PDF of this checklist, click the PDF button at the top of the article.
Compiled by Smith & Howard from the Association of Certified Fraud Examiners’ (ACFE’s) “Report to the Nations on Occupational Fraud and Abuse” and the American Institute of Certified Public Accountants’ Monthly Checklist Series.