Fraud and the small business: You should be worried

Nick Cavalancia

If you run or support a small business, you may think there is little potential for fraud, so there’s no need to worry about it. You probably think you have few assets to be taken, you know (and trust) the employees, and believe an overall handle on things is in place.

The reality is… you’re oh so wrong.

Let me start by getting your full attention to the matter with a look at fraud by the numbers, using the Association of Certified Fraud Examiner’s 2014 Report to the Nations:

  • 5% – the typical loss of revenue due to fraud
  • 29% – the percentage of fraud cases involving the small business
  • 85% – the percentage of cases that involved misappropriation of assets
  • $154,000 – the median loss to the small business in fraud cases

So, even with all these stats, you are probably thinking this may just be a lot of FUD and really doesn’t apply to your case. Even if I tell you a small business is 1.45 times  more likely to be the victim of fraud than an enterprise company with 10K employees? Your disbelief may partially be due to a distinct lack of anyone yelling “FRAUD!” But allow me to throw one more stat at those of you who don’t believe it’s happened at your business:

                     'The average time to detection of fraud is 18 months'

So, while you’re thinking it’s not happening, you really won’t know if that’s true, roughly, for another year and a half.

What makes the small business so susceptible to fraud?

SMALL BUSINESS AND FRAUD: A RECIPE FOR DISASTER
It’s actually quite simple, and can come down to two basic reasons:

1. Individuals have Too Much Power
Small businesses tend to have a small number of individuals – if not a single individual – in charge of managing payroll, checks, assets, etc. This person is still human and may fit into Donald Cressey’s Fraud Triangle, which defines the three criteria that, if met, will usually result in fraud:

  • Motivation – Financial trouble at home, a lack of raises at work, problems with gambling, etc. all create the motivation to take company assets.
  • Rationalization – A sense of entitlement from feeling underpaid, thinking it’s only a loan, etc. all play into rationalizing the fraud.
  • Opportunity – This is where the small business is largely failing. In many cases, a single person has so much power, that they could misappropriate funds for years and never be caught.

2. Companies have Little or No Controls
If there’s only one person managing company assets, there is likely no process in place to double-check the work being performed by the individual in power.

Put these two reasons together and you begin to see it’s really quite easy for a small business to become the victim of fraud. I would guess you know more than one company that is just small enough to fit the picture painted above.

WHAT'S A SMALL BUSINESS TO DO?
Many controls enterprises uses are too costly and, therefore, not feasible for a small business, but there are some steps you can take to minimize fraud.

The technical steps:

  • Strong Password Policies
    It may not always be the person in control, but someone stealing their identity. Mandating complex passwords that are required to change frequently on a per-system basis is key.
  • Secure your IT Infrastructure
    Don’t discount external attacks as a means to obtain someone’s credentials (and access to systems). Cybercrime is on the rise and remains a serious risk to small business.
  • Monitor User Activity
    If you suspect an employee, use of User Activity Monitoring software to record and playback the employee’s activity on their computer will help either confirm or deny their misuse of power.

The non-technical steps:

  • Employee Education
    Informing employees about what constitutes fraud, how to spot it, and what to do if someone suspects fraud should all be part of employee training.
  • Proper Hire Screening
    Employment verification, credit and background checks, drug screening all should be part of hiring.
  • Audits / Reporting
    Use of auditing software, surprise audits of activity, etc. all should be a part of business operations to minimize the concept of opportunity in the Fraud Triangle.
  • Anti-Fraud Controls
    Implementing separation of duties, authorization levels, multiple signatures, job rotations, and mandatory vacations (fraudsters don’t like taking vacation for fear of being found out) should all be in place.

DON'T WORRY; BE VIGILANT
While fraud is a reality for the small business, it simply takes some simple actions to put safeguards in place that protect against Fraud. While you’re never guaranteed to not be a victim of fraud, you can minimize your risk and exposure to it.