We assume that it will never happen to us. We trust our “gut” in making hiring decisions, and don’t believe that any of our employees would ever steal from us. But unfortunately fraud is more rampant than we believe, and small business are especially susceptible. Do you know the most common types of fraud and how to safeguard your business?

The average fraud incident costs $150,000 and has been occurring for 18 months before it is caught. Furthermore, 90% of fraudsters are 1st time offenders with no criminal record.

Most Common Types of Fraud

Billing Fraud – Most common; 27.1% of all cases

Billing fraud occurs when an employee creates fake invoices or inflates existing invoices and submits them to the employer for payment. This can be done by sending invoices from a fictitious company, submitting invoices for personal items, or making multiple payments to a current vendor by submitting invoices without dates.

Check Tampering – 20.1% of all cases

Check tampering occurs when an employee steals, alters, or forges a check that’s payable from the employer’s business account. For example, your office manager who has access and the authority to cut checks, could pay her own water bill from the business account and then code it as utilities. Since those expenses fluctuate, it may be harder to spot and it’s possible that it could go unnoticed without an additional layer of oversight.

Skimming Schemes – 11.9% of all cases

When your business accepts cash payments, you’re at risk for skimming and lapping schemes.

Skimming

Skimming occurs when an employee receives a cash payment from a customer and misappropriates the money before it’s entered into the books. Skimming can look like customer theft or inventory error until a fraudster gets confident and starts pocketing more and more cash. In a more complicated form of skimming, the employee tries to conceal the theft by either deleting the paid invoice or falsifying a credit memo or bad debt entry, and applying it to the customer’s balance so the account doesn’t get flagged as past due.

Lapping

Lapping is different from skimming in that the employee does make a record of the cash payment but instead of depositing it appropriately, takes the money for personal use. Then the employee hides the theft by applying the next payment to the customer’s account. When nobody detects it the first time, it’s easy for the fraudster to become more confident and expand the scheme.

Protect Yourself from Fraud

Small businesses are more prone to fraud because they often lack internal controls. Simply put, when one employee handles more than one function in the chain of authorizing, performing, recording transactions and reconciling the accounts, there’s the potential for fraud because that person can hide inconsistencies and theft by falsifying data. While it’s important to understand that no system of internal controls can completely eliminate the risk of fraud, the following controls make it harder for fraudsters to steal, and/or increase the odds that they get caught quickly. Remember, it is the owner’s responsibility (not the accountant’s or the manager’s) to ensure that the following internal controls are put in place to protect against fraud.

Background Checks (including credit)

First and foremost, all employees should undergo a background check prior to employment. Additionally, anyone who will have access to financial information (not just permission!) such as cash, checks, invoices, or payments should also have a credit check.

Pulling someone’s credit MUST be done with their written permission, but if done correctly, will count as a “soft inquiry” and won’t impact their credit score. We currently recommend small businesses use TransUnion ShareAble as they are pay-per-use and don’t require an ongoing monthly or setup charge. However, there are many companies out there to choose from depending on your needs.

User Access

Everyone should have their own user accounts and passwords should be carefully safeguarded. As tempting as it may be to save a few dollars by having employees share, it is not worth the risk. Doing so eliminates the accountability since it could have been a number of people who made the unauthorized charge or payment. Also, it should go without saying, but don’t use the same password for everything. If employees know that all of your mundane accounts are your email as your username and “123456” as your password, then it’s not a leap for them to guess that the same is true of your bank accounts.

Audit trail

For added accountability, all steps of the financial transaction should have an audit trail. Your point of sale system (POS) should be able to log employees each time a sale is made or an order is placed. Additionally, QuickBooks has a report that shows everytime someone logged in and notes who made what changes and when.

Lastly, their should be a trail for payments. We strongly recommend against handwritten checks due to the higher likelihood of forgeries and instead insist on ePayments and/or using a bill payment software such as Bill.com. Not only will it prevent against lost checks, but it will create a digital trail and can be used to setup permissions so that the person authorizing the payment isn’t also the one cutting the check. Plus, it has the benefit of being cloud-based so that authorizations can be done from anywhere at anytime.

Separation of Duties

The most important control to implement is separation of duties. Make sure that there is a separate person performing each role:

• Authorize transaction
• Record transaction
• Reconcile transaction

Leverage Outsourcing

One of the most effective ways to reduce your risk of fraud is to outsource your bookkeeping, accounting and control functions to an experienced provider. This eliminates the risks associated with a lack of internal controls and ensures that every transaction is checked for accuracy. Companies like ours have the experience and expertise to flag and follow up on irregularities as soon as they arise. The truth is that the more people you have overseeing your books, the less attractive your company becomes as a target for fraudsters. So in addition to providing a significant amount of protection, outsourcing also gives you peace of mind.

Are you ready to leverage outsourcing and mitigate your fraud risks?