Recent headlines tell a hopeful tale: With a few exceptions, COVID-19 seems to be on the run in the U.S. Hospitalizations are down, states are opening their doors, and, after months of uncertainty, consumer confidence is through the roof. This is a recipe for a return to economic prosperity, and for many businesses, it arrived just in time. But the receding pandemic tide could reveal a mess for businesses, including evidence of fraud.
As people go back to their offices and normal procedures resume, it is likely that any unseemly behavior initiated in the past year will be discovered. What should business owners do in 2021 to guard against organized schemes and outright theft? Here are some of the most common types of fraud to look out for and a number of ideas that can be put into action immediately to help deter criminal behavior.
The $125,000 Question
According to a recent study from the Association of Certified Fraud Examiners, the median loss for a business that experienced fraud in 2020 was $125,000. This equals $8,300 per month, and the study reported that the median duration of each fraud case was 14 months. This is a significant sum for any company, but it would be especially devastating for smaller firms just trying to get to the other side of lockdowns. Moving forward, it is critical to know about the most common types of fraud and what can be done to guard against them.
Don’t assume just because it’s 2021 that all employees know what phishing is. Scammers have been practicing and can send totally legitimate-looking emails asking for all types of information they shouldn’t have. Investing in enterprise anti-malware software is a great step, but all it takes is one errant click within an organization for the bad guys to flood in.
Train employees to look at return email addresses and link URLs and to never (ever) open files from outside the company without having them screened. One best practice is to test employees by sending them suspicious emails—some companies make a contest of rooting out and explaining bad emails. The goal is to make employees aware of the risk to the company and, ultimately, to their livelihoods.
First, be sure that the billing function is separate from bookkeeping. Having the accounts reconciled by the same person writing checks is an invitation for mischief. Small businesses may not have the resources to pay two separate people for these duties. If this is the case, the reconciliation process can be outsourced fairly inexpensively. It is often recommended to use purchase orders for an added layer of security. Although it can initially take extra training to put billing safeguards in place, this is time and money well spent.
Believe it or not, as many as 40 percent of companies still use paper checks for paying bills, for payroll, or both. Fortunately, using an automated bill payment software service (e.g., Bill.com) will help. Such a service can dramatically reduce costs—it is estimated that it can cost as much as $20 to write and print a check.
Separating these critical functions also lowers risk. Employees only see the information they need to complete their part of the payment process, and additional steps can be added for enhanced security (such as attaching scanned images to each transaction). Perhaps best of all, an automated service will increase financial intelligence. All of the data captured during the bill paying process can be retrieved, sliced, diced, and presented with ease at a moment’s notice. And if a checkbook is needed, keep it in a secure location—it’s the “ounce of prevention” rule.
Payroll and Expense Fraud
Payroll is usually the first function to be outsourced. One reason is because it operates under strict timing and reporting constraints (with penalties for noncompliance). But another reason is that it is a common area for fraud. If you outsource payroll, have an owner or senior manager responsible for approving all changes. Expense fraud can be mitigated and often eliminated through the use of expense management apps. There are various apps, including QuickBooks, that can capture images of receipts and credit card payments and then send them right into any accounting system. This speeds up the approval and reimbursement process while reducing the risk of fraudulent claims.
The Pandemic Meets the Fraud Triangle
According to 2008 data from the Association of Certified Fraud Examiners, fraud can increase as much as 80 percent during times of economic stress. This is because bad economic times are ripe for creating the conditions that lead to the fraud triangle (pressure, opportunity, and rationalization). Consider pressure—when someone’s livelihood is threatened by decreasing business, sometimes it is tempting to create an alternate revenue stream through fraudulent means.
Of course, just because it is tempting doesn’t necessarily mean it will occur. The opportunity has to present itself. The controls in place (or not in place) will determine whether or not pressure translates into actual criminality. Basically, if the doors on every house in the neighborhood are locked, the crooks will try a different neighborhood. Once the deed is done, rationalization is easy and leads to more of the same.
The pandemic shut off many of the normal avenues for fraud while bringing others to the forefront. Travel was all but eliminated, so there were no expense reports to submit. However, for those fortunate enough to be able to work from home, other avenues for fraud were available. The most common was time theft—it might be really tempting for someone to watch Netflix while on the clock. Payroll fraud is also a concern when many are working remotely. And for a big score, there is worker’s compensation fraud. With the lines between work and home blurred, who’s to say whether falling down the stairs was personal or work-related? The bottom line: Tough times often bring out the best in people, but some will try to take advantage.
Company Anti-Fraud Strategies to Implement
These seven strategies can help any company safeguard against many forms of fraud.
1. Set up an anonymous tip hotline.
A tip hotline can be surprisingly effective. As noted earlier, the pressure of a recession can make people consider nefarious behavior, but the vast majority will not act on the impulse. This same majority will not want others getting away with fraud, either.
2. Perform a CRIME assessment.
A recommendation of the anti-fraud Treadway Commission, this assessment asks a series of questions about corporate controls that can help identify vulnerable areas. Examples could include questions about whether there is a procedure for approving invoices, whether there is anti-malware on the network, and whether there is a corporate gift policy.
3. Review the monthly bank statement.
To an owner or senior manager, there is a very good chance that any out-of-the-ordinary bank activity will stick out like a sore thumb.
4. Separate duties that can facilitate fraud.
Examples of good separations include not letting the bookkeeper reconcile the bank accounts and being sure to have a non-accounting staff member open the daily mail.
5. Have policies for accounting, expense reimbursement, check depositing, and so on.
Although establishing these policies will require up-front work, their existence will become invaluable if problems are discovered (and if prosecution is warranted).
6. Set up accounting systems with care.
There are many fraud prevention steps built into today’s automated accounting systems, but many won’t work if they are not selected during the implementation. Take the extra time and put these safeguards in place.
7. Automate as much as possible.
Not only does automation reduce fraud, but it also saves time and money and provides the data necessary for detailed management reporting.
Don’t Rest—Fraud Is Like COVID-19
Unfortunately, criminals are crafty and are likely to keep poking around in businesses, searching for opportunities. Just because everything seems secure doesn’t mean new back doors can’t open up. Fraud will mutate and, if not stopped, can permeate the entire enterprise. Companies need to “vaccinate” all assets and trade secrets using common-sense safeguards while communicating a zero-tolerance policy for fraudulent behavior.
Written by Stephen King.