Fraud happens in small businesses just like in other places. Fraud is more prevalent in small businesses, compared to larger ones, because:
Small business owners focus less on controls; they instead focus more on sales
Many employees assume additional tasks which are not properly segregated
The largest fraud factor is entrusting one employee with a large amount of responsibility. Time and time again, small business owners try to offload responsibility to others who take advantage of this opportunity.
HOW TO MINIMIZE THE RISK OF FRAUD
I recommend this two-tier approach, for owners and employees, in the following areas:
Cash management
Owner: set-up and manage banking users and create all payment templates; be the only authorized bank account signers (via the company banking resolution).
Employees: make payments using approved bank payment templates; one employee inputs payment (into the banking system) and a second employee approves payment.
Accounts payable
Owner: set-up purchase orders, and make supplier changes of address/bank information.
Employees: make payments using authorized purchase orders; one employee inputs system payment (ex: in QuickBooks) and a second approves payment.
Accounts receivable
Owner: ensure all receipts (checks, wires, ACHs) are sent directly to the bank (and that no receipts are received at the office). Provide AR-application employees with read-only access to apply cash received to customer sub-accounts.
Employees: apply cash received to customers’ accounts (using online banking) daily. The cash received should equal the cash applied. If checks/cash are received at the company, an administrator should write up and total each daily deposit, while a second employee completes the bank deposit.
Cybercrime: Email and internet fraud
Owner: Create a basic employee rewards program for identifying potential fraud issues. For example, each quarter raffle off a $100 gift card for employees who identify potential email/internet threats.
Employees: Participation in the employee rewards program (by identifying threats).
Comments