Advances in technology and increasing consumer adoption of digital banking and payment tools has created efficiencies for many small businesses, but it has also opened new avenues for financial fraud. A little knowledge and preparation can go a long way to fill any gaps in your business’ fraud protection measures.
Financial fraud is a persistent problem that can have serious ramifications on your business’ bottom line, not to mention cause potential reputational damages. Approximately a quarter of all fraud results in losses of over $1 million, according to independent estimates that also highlight the unsettling fact that the typical organization globally loses 5% of its annual revenues to occupational fraud.
Financial fraud is a threat that can come from inside or outside of your business. A sound fraud prevention strategy should take both into account. Each prong is equally important and comes with different internal controls that can protect your organization’s finances and, ultimately, its reputation.
Internal fraud happens when it is committed against your business by officers, directors or employees. In broad terms, the solution to this problem is often strong governance.
Consider the payments function of your organization – this includes payroll and invoices. Any payment could be fraudulent, and any one of those situations could involve a person (or group of persons) tasked with making and covering up the fraudulent payment.
The first step for your organization is to separate the accounting and payments function between at least two persons. Unfortunately, a common situation in many small businesses is to combine all financial decision-making and recording into one position, but this can give one individual the power to release funds without the involvement of any other individual.
Once the accounting and payment functions are separated, staff should be trained on new payment processes and on recognizing potential signs of fraud. Having an advisor assist you in understanding the risks facing your organization and in better configuring online banking and payment systems can help protect your business from financial fraud, whether internal or external.
The second type of corporate fraud is external, as it usually involves some form of impersonation, phishing or identity theft. In this scenario, a person poses as a vendor and has banking information changed for that vendor so they can receive what appears to be payment for a legitimate invoice. Other terms for this practice are “payment redirect” or “cash disbursement fraud.”
Your business can counteract this type of fraud by verifying the purported vendor’s identity. As a general rule, your business shouldn’t allow banking information to be changed without directly contacting someone at the vendor’s organization (a person that is already known and trusted) to validate that change. Email should be avoided. Instead, use a trusted form of communication, for example a telephone number that you know belongs to the organization you’re trying to contact, and speak to a known individual. This simple measure, alone, could significantly reduce the risk of cash disbursement fraud.
Additional measures can be taken on the back end of your business, by implementing a thorough review process to verify how payments are made and how vendor information is protected.
If nothing else, your organization should start by raising awareness, and ensuring that employees are trained in identifying and addressing common types of fraud. Vigilant employees would naturally be inclined to validate vendors’ identities and avoid making payments to persons they think might be impersonating legitimate vendors.
Proactive organizations conduct a thorough system review before implementing a specific antifraud plan. This review includes banking software and the internal processes that surround it – such as updating banking information and how those systems interrelate with accounting systems. Understanding how your organization’s banking software interacts with other systems will allow you to avoid a situation where one individual can make banking changes without the approval or involvement of another.
Even if your business has already implemented the measures suggested above, and even if it has an antifraud program, it should also have a review process in place, so its antifraud program remains current. As payment processes change, fraud tactics do too, so having a review process with a specific schedule would serve the dual purpose of reminding staff about best practices and changing processes to reflect an evolving business environment.
Grant Thornton is a proponent of risk-based antifraud programs. When structured properly, a formal antifraud program can identify the specific fraud scenarios that an organization could be exposed to and adopts the controls that are appropriate for each scenario. Your Grant Thornton advisor can help your organization throughout this process, by assessing the design and strength of your organization’s current controls, recommending additional controls and providing advice on their effective implementation.
