Fraud happens in small businesses just like in other places. Fraud is more prevalent in small businesses, compared to larger ones, because:

  • Small business owners focus less on controls; they instead focus more on sales

  • Many employees assume additional tasks which are not properly segregated

  • The largest fraud factor is entrusting one employee with a large amount of responsibility. Time and time again, small business owners try to offload responsibility to others who take advantage of this opportunity.


HOW TO MINIMIZE THE RISK OF FRAUD


I recommend this two-tier approach, for owners and employees, in the following areas:


Cash management

  • Owner: set-up and manage banking users and create all payment templates; be the only authorized bank account signers (via the company banking resolution).

  • Employees: make payments using approved bank payment templates; one employee inputs payment (into the banking system) and a second employee approves payment.

Accounts payable

  • Owner: set-up purchase orders, and make supplier changes of address/bank information.

  • Employees: make payments using authorized purchase orders; one employee inputs system payment (ex: in QuickBooks) and a second approves payment.

Accounts receivable

  • Owner: ensure all receipts (checks, wires, ACHs) are sent directly to the bank (and that no receipts are received at the office). Provide AR-application employees with read-only access to apply cash received to customer sub-accounts.

  • Employees: apply cash received to customers’ accounts (using online banking) daily. The cash received should equal the cash applied. If checks/cash are received at the company, an administrator should write up and total each daily deposit, while a second employee completes the bank deposit.

Cybercrime: Email and internet fraud

  • Owner: Create a basic employee rewards program for identifying potential fraud issues. For example, each quarter raffle off a $100 gift card for employees who identify potential email/internet threats.

  • Employees: Participation in the employee rewards program (by identifying threats).