Manage Your Business Fraud Vulnerabilities
Tools and strategies are readily available to small businesses for purposes of detecting, deterring and prosecuting fraud from whatever source. Both civil and criminal remedies may be available.
The problem of fraud touches businesses of all sizes. The common types of fraud a smaller business will likely deal with are occupational frauds, which are invariably perpetrated by individuals, such as bribery or embezzlement, as well as transactional frauds, such as insurance scams and money laundering.
This is a narrow slice of the fraud pie, but it's the piece most relevant to small businesses. It's unlikely you'll be confronted with big time criminal organizations, but don't fall into the trap of thinking of issues such as employee thefts and shoplifting as just a nuisance cost of doing business. Frauds--big and small--add up. Be certain to deal with frauds against your business appropriately and realize that many frauds are quite preventable if taken seriously.
Dealing with Crooks: Employees and Otherwise
The important thing to keep in mind is, regardless of the type of fraud or fraudster, you should file a complaint with local authorities and urge them to prosecute whenever possible. You may also have the option of filing a civil action, which doesn't involve the criminal justice system.
- Criminal prosecution: Criminals must be proven guilty beyond a reasonable doubt, so evidence of guilt must be documented and preserved to achieve a successful prosecution.
- Civil action: Civil actions are held to a less stringent standard than criminal acts and are decided on the preponderance of evidence.
Criminal prosecution. When a crime is committed, whether by an employee, a customer or a vendor, you should always strive to document the fraud and your investigation of it thoroughly, report it to local authorities, and urge them to prosecute. Restitution should be a focus of the litigation.
Civil Action Restitution should be a focus of civil litigation as well. Remember that in a civil action, you can obtain a judgment against in individual if the court finds that a preponderance of the evidence supports a finding of fraud. This is a lesser standard than the "beyond a reasonable doubt" standard that applies in criminal litigation.
In both criminal and civil cases, there are always potential liability issues in investigations. Use the guidelines for employee discipline and terminations to avoid creating unnecessary liabilities.
And the advice of counsel is recommended whenever possible, but particularly if the fraud was committed by a non-employee.
Of course, prevention is your best option. As is often true, an ounce of prevention really is worth a pound of cure. Devising ways to deter fraud in all its forms will go a long way toward mitigating your risks.
Prevention Is Your Best Strategy
How can you mitigate your fraud risk? One of biggest risks of fraud for small businesses comes from within--employee fraud. Sensible personnel policies, hiring procedures, reference and background checking are essential. Formal written policies and procedures, promulgated to all employees, updated often, and consistently enforced will go a long way toward minimizing problems.
Hire Right, But Don't Stop There!
Getting the right people is the first step. Performing a thorough investigation of every potential employee is vital. But you'll need to go further to best protect your business. Follow these guidelines:
- Have a written policy and procedure manual, including an ethics statement; update it, enforce it, and have all employees sign that they have received a copy, read it and understand that failure to abide by it will be grounds for termination and possible prosecution.
- One positive step to protect your business from fraud is to create a formal employee handbook spelling out all policies, procedures and your expectation of ethical behavior.
- Create a simple, straightforward ethical code of conduct for your firm. Include things like honesty and fair dealing, specifics like employing relatives, accounting for expenses, and confidentiality.
Sample Business Ethics Statement
"Our customers are the reason we exist.
Our success depends on meeting our customers' needs, treating them fairly and honestly and providing excellence in both products and services.
We are committed to the highest ethical standards and demonstrate consistent integrity in all our interactions with customers, suppliers, stakeholders, co-workers and the community."
- Include in the handbook, along with the ethics statement and policies, work rules.
The Business Tools contain sample work rules that you can use to develop a set of rules that are appropriate for your business.
- Enforce the separation/rotation of duties among employees.
- Don't be too trusting. Skepticism is a useful tool.
- Open all the mail yourself.
- Sign all the checks yourself, if at all possible.
- Remove any and all temptations.
- Set a good, honest example. The Association of Certified Fraud Examiners (ACFE) calls this setting the Tone at the Top!
- Keep an open line of communication with employees at all level of the business. And don't stop there. Keep in touch with customers and suppliers as well.
Common sense security measures are also important here. Protect passwords . . . don't keep them under your keyboard or taped to your monitor! And please, don't use your pet's name or your kid's name or your birthday. You may even want to change locks occasionally.
Detecting Fraud Through Documentation
The weapons available for fraud detection range from strict internal controls and cutting edge software to an auditor's sixth sense. The periodic destruction of old records and conversely, the safe retention of important documents, are key to the security of your business.
Retaining Records Helps You Detect Fraud
The age-old dilemma of record retention requirements hasn't gotten any easier, even with the advent of electronic storage possibilities. Even if you religiously keep as many of your business records as possible on your computer and diligently back those records up regularly, you'll still need to retain a great deal of hard copy records for varying periods of time.
The secret to minimizing the sheer bulk of this necessary evil is to know when it's safe to throw stuff out. There is no single statute of limitations for the many categories of records a business needs to hang on to for awhile. The federal and state governments don't always agree, and the rules seem to change from year to year. Requirements also vary widely depending on what specific industry you're in. So much for adopting a scientific remedy.
The art of effective record retention boils down to two standards -- reason and risk. Some business owners fear risking adverse consequences and hang on to everything forever, an unreasonable behavior resulting in landfills such as yours. Others trash everything early and often, an unreasonably risky path to neatness.
Secure Document Destruction Eliminates Opportunities for Fraud
The flip side of a good retention policy is a good destruction policy. A good alternative for a small business might be a document shredding firm that handles your shredding chores on site at your place of business where you can personally see the destruction process of each piece of paper and/or electronic storage media.
Check out the ARMA trade association and the National Association for Information Destruction (NAID) for information on this growing industry. The secure destruction of important records is a major step in protecting you business and its customers from potential fraud.
Disaster planning and damage control are effective ways to cope with fraud when your prevention and detection efforts fail. Like the Boy Scouts always say: Be prepared! Prepare for the worst and hope for the best.
Disaster Planning and Damage Control Should Be Part of Fraud Prevention Planning
It's imperative that you seriously plan for disaster, whether man-made or natural. A little effort in preparing for a range of potential threats will go a long way in the recovery of your business and your ability to quickly rebound and serve customers' needs in a time of crisis.
One of the most important things you can do in an emergency is to have only one individual authorized to dispense information to the public, the press, customers and vendors.
This is what saved the manufacturer in the still-unsolved Tylenol-poisoning case some years back. The Public Relations Department (now usually called Corporate Communications) was well prepared, knew the policy on product disasters, knew what to say, but much more importantly knew what not to say. Their training and honest communication skills saved the day.
The Red Cross site offers specific instructions and suggestions for businesses as well as families. This site considers not only the physical damage to life and property that can occur, but the significant financial and operating realities in the aftermath of an upheaval. Planning can avoid many of these problems.
Business Entity Compliance from CT Corporation — Partner with the Industry Leader
Contact your CT service representative now!