Small and medium businesses have many advantages over their larger rivals. They also have many disadvantages, which centre around the more limited resources they have to get the job done.
One of those disadvantages rarely spoken about, but sadly, present too often, is the lack of robust book-keeping procedures, which can and too often does, enable fraud.
This comes usually from the lack of internal controls, coupled with the ‘all hands in’ necessity of SME’s which means basic financial security measures are curtailed. For example, the recording of both debtors and creditors is in the hands of one person, or even simpler, there is little scrutiny on such items as credit card usage.
The propensity for fraud, and/or misleading financial reports and results can be looked at in a similar manner to fire.
For fire to occur, there needs to be 3 things in place. Fuel, oxygen, and heat. Take away any one of these 3 factors and fire cannot occur. If there is no fuel, it will not burn. Take away oxygen by covering the fire with water, or a fireproof sheet, and it will not burn, take away the heat source, and the fire cannot start.
It is the same in finance.
The 3 factors are opportunity, pressure, and rationalisation.
-
-
- Pressure. For an individual to perpetrate a fraud, there must be some pressure for them to do so. Some situation in their lives that makes them take what they know is a risk creates the pressure to take that step. Debt, divorce, a burning desire to own something they cannot afford, and so on. Then there are a few who are just opportunistic, and when the opportunity arises, will leverage it.
- Rationalisation. The individual must be able to rationalise the fraud, stealing by another name, in some way. They need the money more than the company, nobody will notice a bit going missing every month, ‘I have been underpaid for the value I add’ and so on.
- Opportunity. There must also be the opportunity for the fraud to be perpetrated. The easiest way is to gain access to cash before it is counted, as in retail environments, but the lack of controls in a bookkeeping function or warehouse can have the same impact. I have seen payments clerks set up an account for a phony supplier, generate invoices from that phony, and pay them. I have also seen an order for 10 pallets have 11 pallets loaded onto a truck for delivery and the extra pallet not accounted for. This may not be financial fraud, it is stealing, and the effect is the same. Involving more than one person to perpetrate a fraud makes many types more possible, while at the same time, offering greater detection opportunity.
-
Remove any one of the 3, and fraud is far harder. Not impossible, but harder.
There are many simple things that management of any enterprise can do to minimise the occurrence of fraud in their business.
-
-
- Separate the recording from the physical. The obvious example of this is the use of a till in retail that records the products and amounts bought, which then must be reconciled with the actuals in the cash drawer. This also records the products being sold which can be reconciled with stock records in a stocktake, further eliminating a source of opportunity.
- Separate the two sides of a transaction or create transactions as a data collection point. For example, the separation of the recording and payment of a debt should be separate to avoid the ‘phony’ customer situation. In a factory, you might institute a data collection point using bar coded pallet numbers on transfer from the factory production floor to inventory. This separates inventory from the waste stream, sometimes the source of an opportunity, as it was in the example noted above. This latter example also offers management some of the data necessary for improvement projects as an added benefit.
- Regular and close management of the debtors and creditors ledgers with the bank accounts. This will detect unauthorised payments made from the bank accounts.
- Restrict manual transactions, particularly where they involve cash.
- Control access to the books to ensure accountability of individuals for accuracy and completeness.
- Build in multi person authorisation into standard processes.
- Have clear transaction audit trails, that are monitored.
-
If some of these seem a bit ‘over the top’ for an SME, I understand. However, the volume of fraud that goes undetected and unreported is huge, and very damaging for an SME without the financial depth to easily navigate the losses.
Implementing some simple safeguards is just responsible business practice.
Get some help if you need it, and usually the return on a modest investment will be very quick.
