Fraud happens and it’s not just affecting large corporations. Small to medium size business are also at risk due to internal control deficiencies and minimal enforcement of policies in place. According to the 2016 Association of Certified Fraud Examiners (ACFE) Global Fraud Study, fraud is disproportionately affecting small businesses. Per the ACFE, 30% percent of all fraud cases occurred in businesses with less than 100 employees. Billing schemes, skimming, and corruption are all top fraud risks for small businesses, according to the ACFE. A well-defined internal control system can help reduce your company’s exposure and give you a better chance of detecting fraud. The following are 4 of the most common challenges to consider when defining internal controls:
- Segregation of Duties – As the business grows, roles can become less-defined and opportunities for fraud exist. With increasing responsibilities for some employees, many business owners are unknowingly opening opportunities for fraud. Identify which employees are handling various aspects of your business and determine where these opportunities might exist. Your bookkeeper may process payables, receivables, cash disbursements, and cash receipts, but by segregating these duties you are taking away an opportunity to commit fraud.
- Documentation of Policies and Procedures – It’s important that job roles and business processes are clearly defined to ensure transparency and consistency for each business process. Without sufficient documentation of key transactions and business processes, no framework exists for developing and maintaining an effective set of internal controls. Documenting when various activities will occur and how certain processes will be evaluated gives necessary guidance to employees, while giving management a better sense of where fraud can occur. Management should place a continued emphasis on maintaining proper records to help reduce risks to your business.
- Employee Access to Information – In many small businesses, employees have access to most if not all data. This frequently occurs due to undefined employee roles and for convenience. Work to limit your employees’ access to include only those items that they need. Provide further access on an as-needed basis for temporary relief caused by terminations or absences. This access should be reviewed periodically by management to determine whether rights should be added or revoked as an employee progresses within the company.
- Management Oversight and Review – The aforementioned internal control tips are useless without managerial emphasis on adherence to the policies and procedures your business has implemented. If shortcuts are routinely taken due to time or personnel constraints, these shortcuts can then become normalized. Your company’s exposure to fraud will increase because of this. Across most organizations, business owners and management can often be pulled in to the day to day operations to help meet the goals of the business. It’s important to consistently review key business metrics, financial statements, and other data available to business owners and management.
These are just a few areas for managers and small business owners to review, but an increased emphasis on internal controls decreases your exposure to fraud. Your accountant is a useful resource for reviewing your internal control system, please contact Levin Swedler Kennedy for help.
Written by: Dane Schaffer