Despite the constraints of surplus financial resources to invest in non-profit making areas of business, availability of time and the misplaced belief of “it won’t happen to me“, it is essential that bosses take steps to prevent, detect and report fraud.
Put simply, implementing education and processes that eliminate or, at least, diminish risk and ensure the entire workforce remains vigilant is as important as focusing on profit-making processes and procedures.
Where are the risks in the business?
First and foremost, businesses should conduct a thorough risk assessment to identify vital assets, that if impacted by fraud, would cause the most damage to the business. Considering how best to protect these assets and the operational and financial havoc that corruption could lead to, should be at the forefront of the minds of senior management.
For example, organisations with an abundance of confidential client data may be most vulnerable to a data hack, whereas businesses with a wealth of intellectual property could be significantly damaged by a leak of company secrets. Conversely, those who identify a weakness in financial or payment procedures are likely to be susceptible to invoice fraud.
Deploying a bespoke approach based on the individual characteristics of a business allows for funds to be allocated in the most effective way possible.
SMEs have smaller teams and chains of command, so fewer employees are responsible for a wider variety of tasks than in larger organisations. This, coupled with the fact that smaller firms are less likely to implement the same depth of financial crime compliance checks, means SMEs are particularly susceptible to employee fraud.
Internal threats can take many forms but often involve the misuse of funds or the manipulation of profit and loss figures where individuals overstate expenses or understate income. Often discrepancies are small and difficult to spot but, when allowed to occur undetected over a long period, have the potential to lead to huge losses.
Other internal threats can be more purposeful, for example, by fellow shareholders or directors taking action in their own way to address a perceived financial imbalance.
To address this threat, business owners must be aware of the indicators which suggest fraud such as changes in cash flow patterns, stock shrinkage, customer complaints and variations in accounting ratios.
If foul play is suspected, it can be helpful to enlist the opinion of a third-party adviser. This objectivity can prove invaluable, especially as working with a partner, friend or family member can impair objective decision making.
As businesses grow, new members join the team. Even for family businesses, this means widening the circle of trust. That could and should call for checks and balances to be put in place for the benefit of all. Those measures may seem ludicrous in a firm that has functioned smoothly without, but that is its Achilles heel.
Even the silent shareholder – who has doubtless worked the ‘hard yards’ in the past – can act as a prompt for employed members to take advantage.
Although bosses are inherently time-poor, ensuring proper background checks and references are collected for new starters is essential. Monitoring users’ access to sensitive documents and restricting remote access to confidential files may also prove a sensible preventative move.
As well as evaluating risks from within, businesses must remain vigilant to external threats such as supplier fraud, data breaches and cyber attacks – each of which in isolation could render the firm’s trading position untenable. Due diligence is crucial – completing credit and background checks on suppliers (and their owners) can prove invaluable.
Providing training on the use and access of protected data will reduce the risk of business-critical files falling into the wrong hands.
The highly-publicised cyber attacks of businesses such as TSB, Superdrug, Yahoo! and TalkTalk, tell us that even large organisations with considerable IT teams and security budgets are susceptible to breaches. Although it is important for businesses to implement the best online security measures possible, organisations may find that ensuring against such incidences provides a greater degree of assurance.
While the structure and working practices of SMEs can make firms particularly vulnerable to fraud, every business can take steps to reduce risk. Crucially, leaders must take the threat seriously and focus on the improvement of systems and processes that reduce the scope for fraudulent behaviour – both internally and externally.
Businesses must allocate resources based upon individual characteristics and, where possible, enlist the entire workforce in remaining vigilant to the signs of fraud. After all, those that best know the business can protect the business.
Arun Chauhan is the director of Tenet Compliance & Litigation and a trustee director of the Fraud Advisory Panel.
Share this story