Lies and deceit hit the little guys
Large financial frauds don't just happen in big business - they're also happening in the suburbs. Small businesses are sustaining larger median fraud losses than their bigger brethren, according to the Association of Certified Fraud Examiners.
Globally, the median figure for fraud losses for small business - those with fewer than 100 employees - is $162,000. For those with more than 100 employees, the figure is about $110,000.
The 2012 Report to the Nations indicates small and medium enterprises are the most common victims of fraud at 31.8 per cent - the highest rate of any business category.
So what kinds of frauds are these? Fairfax Media asked Ernst & Young's partner in fraud investigation and dispute services, Rob Locke, to rate the top five frauds.
Locke says there's nothing new about the scams, except that technology has proved not to be an effective preventive measure.
"Big business can probably absorb losses, but if the ACFE fraud numbers are correct, frauds of this magnitude could wipe out a small business's annual profit," he says.
The top five fraud risks for small business are:
False invoicing Most popular with fraudsters is the payment to fictitious suppliers or making payments to valid suppliers but diverting them to the fraudster's own account.
Transferring money by EFT to one's own account This is on the increase in both small and large businesses as online banking technology is adopted.
Cheque fraud This mostly incorporates writing cheques to cash, or overwriting cheques in the fraudster's favour. The risk is heightened if the same person who writes cheques also completes bank reconciliations, which in small companies can often be the case.
Payroll fraud, especially if there is a poorly segregated or larger base of between 70 and 100 employees It's easier for payments to go undetected if not properly scrutinised by someone other than payroll, but with requisite knowledge of the payroll. Overpaying overtime is also a problem, especially in collusion with an employee.
Skimming/theft of cash This happens in businesses with less-formal receipting processes (the ability to receive cash without issuing a receipt), or where the receiver can manipulate the debtors' ledger and apply other receipts to the cash transaction that was misappropriated (also known as lapping).
Locke says that while technology has streamlined business processes, it is virtually useless to stop fraud without appropriate supervisory and segregation controls. "All technology has done is enable larger frauds to occur in shorter time frames, increasingly by lower-level employees," he says.
Recent frauds that made the headlines were similar in the total amounts stolen (in many cases millions of dollars), he says, being of a short duration (only a matter of months), and the fact the fraudster was a relatively junior- to mid-level employee.
Business owners may also wrongly believe technology such as online banking has inbuilt controls to mitigate fraud, Locke says.
"It is not uncommon to find that payee details have been changed after the approval process and before a payments file has been uploaded," he says. "It's about understanding how the technology works for you - and what controls you need to embed in your processes upon implementing any new technology.
"It's still only as good as the segregations and authorisations configured in it. It's about how much access and authority you provide."
Gary Gill, who runs KPMG Forensic, says small businesses tend to lack the same degree of internal controls as bigger businesses.
"You often find that the bookkeeper runs the whole show - then you find he or she can easily raise false invoices and have them paid," he says. "The owner needs to keep a close eye on money being paid out."
Gill also mentions the "curse" of business growth: as it grows, it becomes harder to keep an eye on the money. Without the segregation of duties - without there being two different people putting in two different passwords - it is just a recipe for a fraud, he says.
Locke adds: "Don't just pay for software and then set up a bookkeeper with unbridled access. Understand where the exposures might lie. Have a look at financial reports - pull out bank statements, skim over them and see where it's all going."
Locke recommends taking the personalities out of the controls process and look at what's possible in the cold light of day.
"Do not discriminate in terms of trust," he says. "More often than not it's a longer-standing employee or a business partner who rips you off."
Frequently Asked Questions about this Article…
Smaller operations often lack strong internal controls, segregation of duties and supervisory oversight, so a single bookkeeper or junior employee can both create and approve transactions. The 2012 Report to the Nations and fraud experts quoted in the article (Rob Locke of Ernst & Young and Gary Gill of KPMG Forensic) note small businesses are the most common fraud victims and can be wiped out by losses that big companies can absorb.
According to the Association of Certified Fraud Examiners (ACFE) cited in the article, the global median fraud loss for small businesses (fewer than 100 employees) is around $162,000, compared with about $110,000 for firms with more than 100 employees. The 2012 Report to the Nations also found SMEs suffered the highest incidence of fraud at 31.8%.
The article lists the top five small business fraud risks as: false invoicing (payments to fictitious or diverted suppliers), EFT/online banking transfers to personal accounts, cheque fraud (writing or overwriting cheques), payroll fraud (ghost employees, overtime overpayments), and skimming/theft of cash (lapping or missing receipts).
False invoicing is when payments are made to fictitious suppliers or valid supplier payments are redirected to a fraudster's account. Prevention steps in the article include segregating duties so different people handle invoice approval and payment, routinely checking bank statements and financial reports, and not giving a single bookkeeper unbridled access to payment systems.
EFT and online banking fraud can happen when payee details are changed after approval but before the payments file is uploaded, or when lower-level employees exploit online access. The article recommends understanding how the technology works, limiting access and authority, configuring segregations and authorisations in the software, and embedding supervisory controls so changes are visible and verified.
Cheque fraud typically involves writing cheques to cash or overwriting cheques in a fraudster's favour. The risk is higher when the same person writes cheques and completes bank reconciliations. To reduce risk, separate cheque-writing, reconciliation and approval duties and ensure an independent person reviews bank reconciliations and cheque payments.
Payroll fraud can involve ghost employees, collusion to overpay overtime, or payroll changes made by someone with too much control. The article advises segregating payroll duties, having someone other than payroll scrutinise payments, monitoring headcount and overtime patterns, and performing regular payroll audits to spot anomalies.
Technology alone can't stop fraud. The article explains that while systems streamline processes, they can enable larger or faster frauds if supervisory and segregation controls aren't built in. Owners should configure authorisations, limit access, separate duties (for example two people for approvals/passwords), and remove personality-based trust—design controls that work in the cold light of day.
Call 1300 880 160
Start a chat
Schedule a call
