We’ve seen fraud countless times. Here’s how to protect your business.
Tips for preventing, detecting and mitigating fraud—from Dugan + Lopatka CPA’s experienced auditing team.
A Quiet, Costly Crime
No one likes to imagine that fraud could happen within their own business.
Unfortunately, fraud is everywhere. It happens every day, in organizations of all sizes, across every industry. And when management takes a see-no-evil, hear-no-evil approach to fraud, it only makes it that much more likely to happen.
How much do businesses lose to fraud? According to the Association of Certified Fraud Examiners (ACFE), which conducted a study of more than 2,000 companies, fraud costs the average organization about 5% of its annual revenue.
No industry is immune. Fraud is particularly common in real estate, but the ACFE also reported numerous cases in wholesale trade, transportation, warehousing, construction and utilities.
It’s not just the big businesses, either. In fact, organizations with the fewest employees had the highest median loss. Smaller businesses were twice as likely to be victims.
The worst part? Fraud’s damage is often irreversible. Most victim organizations never recover a cent.
What Can You Do About It?
The bad news is that fraud is pervasive. The good news is that it’s often preventable.
The ACFE estimates that nearly half of the fraud cases we mentioned above “likely could have been prevented with a stronger system of anti-fraud controls.” Twenty-nine percent of the victim organizations had minimal controls in place, while 20% had internal controls that the perpetrator was able to circumvent. If these organizations had taken stronger preventative measures, they could have stopped or at least reduced the damage of these crimes.
At Dugan + Lopatka, our team has partnered with numerous businesses and nonprofits to conduct audits and implement anti-fraud controls. Over our decades of service, we have learned that the best approach is a proactive approach, and that thoughtful communication with employees should be front and center in any preventative strategy.
Let’s talk about some proactive steps you can take to protect your business.
Basic Anti-Fraud Controls for Any Business
Here are some proactive steps you can take to fight fraud in your business:
- Divide your duties. Giving a single employee multiple financial management responsibilities is a recipe for fraud. Instead, distribute duties like bookkeeping and deposits among multiple team members. This reduces the opportunity for criminal activity and adds a layer of oversight.What about small businesses? If you don’t have the resources to divide responsibilities among multiple employees, have at least one additional team member periodically review financial documents and key transactions.
- Regularly audit your business’ assets. It’s easy to get caught up in the day-to-day of managing a business. But by periodically cross-referencing your cash, inventory and other assets with financial documentation, you can identify any discrepancies and stop fraud in its tracks.In addition to physical assets, you should regularly reconcile your accounting systems with bank statements and other third-party records.
- Control access to accounting systems. Controlling access through passwords and access logs helps you fight fraud in two ways: by keeping unauthorized users out, and by making it easier to track usage and identify the source of fraudulent activity.Access controls can also make a good deterrent; would-be perpetrators are much less likely to act when they know they’re leaving digital footprints.
- Standardize your financial documents. Standardizing documents like invoices and expense reports makes it easier to review your records and identify suspicious activity—and harder for perpetrators to cover their tracks.
- Require managers to authorize key transactions. A big part of fighting fraud is creating more oversight. That’s especially important when you’re talking about large exchanges of capital. Require at least one manager to review every major transaction to reduce the opportunity for large-scale fraud.
How to Make Anti-Fraud Controls that Really Work
Fraud controls are designed to do three things: prevent, detect and mitigate.
When people think about fraud control, they generally assume that detection is the most important aspect. It is important, particularly in cases of large-scale or ongoing crimes.
But detection is more of a last resort. Losses are difficult to recover, and the process of confronting and prosecuting employees is often uncomfortable, time-consuming and expensive. Once the crime has been committed, there is little you can do but fire the perpetrator, press charges, and hope you can recover at least some of the damages.
The best solution is prevention.
Stopping Fraud Before It Happens
Ideally, your controls will deter fraud by making it less feasible and less tempting.
For example, periodic job rotation – moving employees between different teams and departments – makes it harder for individuals to familiarize themselves with systems to the extent that they might exploit them. Fraud tends to occur when a person has exclusive access, when they work with systems that only they can use or understand. By adjusting your organizational structure and incorporating redundancies, you can reduce the possibility of a crime.
Strange as it may sound, mandatory vacations and other work-life-balance measures are also important fraud-prevention tools. Happy, healthy employees are significantly less likely to steal from their employer. Investing in your employee’s well-being is more than just the right thing to do; it’s an important part of protecting your business.
Deterrence Hinges on Good Communication
In general, fraud controls work a lot like drug testing in professional sports. The possibility of a surprise exam is enough to turn off most would-be perpetrators. If employees know that a team of CPA auditors could review their company’s data at any time, they may think twice before committing a crime that leaves a data trail. Or, at the very least, they might inflict significantly less damage than they would have otherwise.
The catch? The only way this approach works is if you communicate to your employees that there is an anti-fraud system in place, and remind them of the consequences of committing fraud. By setting clear boundaries and being transparent about your anti-fraud controls, you can reduce the temptation of committing a crime and give them the opportunity to make the right choices.
It may be tempting not to tell employees about anti-fraud controls – maybe you want to see who commits a crime when they don’t know someone is looking over their shoulder – but keep in mind that losses are rarely recovered. The most valuable aspect of your controls is their ability to prevent damage from happening in the first place.
Detecting Suspicious Activity and Mitigating Damage
While prevention is the goal, your controls should also be highly effective at detecting fraudulent activity and mitigating losses.
Quick detection is essential. If an employee is committing continuous fraud, in which they are regularly stealing from the company, your controls must identify the behavior as soon as possible, so you can take action.
How can you detect fraud? You could start by empowering your own employees. Hold educational classes to teach them about red flags, and install a hotline to make it easy for them to anonymously report suspicious activity. Employee intervention is one of the most common ways that fraud is exposed; reducing the friction of the reporting process makes it more likely that team members will blow the whistle.
In addition to boosting morale, those mandatory vacations we mentioned earlier are good opportunities for detecting fraud.
When a perpetrator is out of the office, they may not be able to carry on their scheme or cover it up. Meanwhile, other employees must take on their responsibilities and review their work, adding a new layer of oversight. All of this makes it more likely for discrepancies to appear—and makes identifying a suspect easy. For this very reason, banks and other financial institutions often mandate that employees take several weeks of consecutive PTO.
Often, the best way to detect crimes within your organization is by tapping outside expertise. An external audit from a CPA firm like D+L can help you identify fraud that your internal controls may have missed. Our team can also audit your current controls, and help you implement more robust detection and prevention solutions. That includes AI-driven programs that analyze large quantities of data and flag patterns indicating potential criminal activity.
Yesterday’s Controls Might Not Detect Today’s Fraud
The nature of fraud is always shifting and adapting. To maintain effective controls, your business should regularly benchmark against industry peers and hire a trusted partner to audit your system.
Much like cyber security, the only way to keep up is to keep moving.
We Make Fighting Fraud Easy + Approachable
Dugan + Lopatka works closely with all our audit clients to identify improvements to anti-fraud internal controls. We take a proactive approach to fighting fraud, helping your business develop controls that deter crime, mitigate damage, and detect suspicious activity.
Whether you’re looking to implement controls, upgrade your existing processes, or simply need our experienced CPAs to conduct an audit, D+L has you covered. Connect with us today to get started or learn more about our auditing services here.