March is Fraud Prevention Month, an annual public awareness campaign aimed at helping educate the public, and providing the tools and resources businesses need to defend themselves against fraud.
However, businesses are the target for many kinds of fraud, and small businesses are particularly vulnerable. Which is why we decided to take this opportunity to bring light to some of these issues and discuss what can be done to mitigate these risks.
- Firstly, there are multiple kinds of fraud, but what is occupational fraud and how does it threaten a business?
Occupational fraud is sometimes called workplace fraud or internal fraud, but refers to fraud committed by employees or executives, against the company. There are 3 general categories of occupational fraud.
- Corruption: This may be the most well known type of occupational fraud. Examples include bribery, kickbacks, and extortion. However, corruption is not the most common form of occupational fraud, nor is it the most costly (on average) to businesses.
- Asset misappropriation: By far the most common form of occupational fraud, examples of asset misappropriation include, skimming, fraudulent disbursements, and larceny (false sales/shipping, theft of office equipment, etc.)
- Financial statement fraud: This may be the least common source of occupational fraud, but it is certainly the most costly for businesses. Examples include improper disclosures, fictitious revenues and improper asset valuations.
Businesses are often focused on external threats, and combat these by implementing firewalls, alarm systems and encrypted access to systems. However, occupational fraud is more common and causes more financial loss to businesses than frauds committed by third parties, and these internal threats require controls and protective measures as well.
- Businesses of all shapes and sizes are vulnerable to occupational fraud. How are small businesses affected differently?
It’s important to point out that regardless of business size or industry, all businesses have some level of vulnerability to fraud, whether strategically planned, or opportunistic in nature. Having said that, small businesses do seem to be in a higher risk category for a number of reasons.
Small businesses typically have fewer resources to contribute to anti-fraud controls than larger businesses. Not only that, smaller businesses are typically more trusting of their employees and therefore may not feel the need to expend additional resources for these controls.
According to the ACFE 2018 Report to the Nations, small businesses lose almost twice as much per scheme to occupational fraud than large businesses! In addition, fraud caused by a lack of controls is nearly 70% more likely to occur in small businesses than large businesses.
Also, one fact that I found surprising, fraud is nearly twice as likely to be perpetrated by the owner or an executive in a small business (less than 100 employees) than a large business.
- What types of controls can businesses put in place to protect themselves and their consumers from these issues?
There are many controls a business can put in place, and each business needs to think about what works best for them. Having said that, a few examples include:
- A code of conduct: Having a corporate wide code of conduct that explicitly states the ethical behaviour all staff should exhibit has a surprisingly high impact. In a survey of companies done by the ACFE, there was a 56% reduction in median fraud losses when a code of conduct was in place.
- A fraud risk assessment program: A great tool for businesses to understand their risk universe, the likelihood of a risk event occurring, and the measures or controls that are in place mitigate them. Start with a simple approach that can scale.
- A digital business payment platform: No, moving to digital payments does not automatically protect from occupational fraud, but many platforms today, like Ablii, have built-in controls to help small businesses specifically fight occupational fraud.
- Payment approvals require a second set of eyes to review all outgoing payments before they can be completed.
- Employee permissioning ensures only employees with proper authority can add/edit payees and bank accounts.
- Transaction logs keep records of all transactions and account activity on an immutable ledger, allowing businesses to easily identify any financial discrepancies.
Protecting your organization from fraud takes a little work, but once procedures and technology are in place, it will begin to feel like a routine part of running the business. Questions or comments? Get in touch with one of our team members!