*Information required. Your personal information is only used to contact you. Incorp will never sell or share your information.
U.S. companies lose billions of dollars a year to dishonest employees, and less than half of the victimized businesses recoup any of their losses. In the first installment of this article, I reviewed the various ways in which employees can steal from, or otherwise defraud, their employers.
Large corporations may have entire Loss Control departments set up to detect and prevent employee theft, but what kinds of controls can a small business set up to help protect itself? It may be useful to start by looking at why employees commit these crimes.Why do they do it?
Fraud prevention experts have developed what they call the 10-10-80 rule: 10% of employees will never steal, 10% will always steal, and 80% will go either way depending on the circumstances. [Shrapnel of the Month] It’s up to management to set up controls to prevent the 80% from stealing.
If any one of these three elements is missing, the crime won’t occur. There isn’t much an employer can do about an employee’s motive, and rationalization generally doesn’t come into play until the employee has already decided to steal. Therefore, the best way to break the Fraud Triangle is to remove the opportunity by setting up a robust system of internal controls. Here are some guidelines to get you started.Establish a Code of Ethics
While a code of ethics and conduct won’t prevent criminal behavior, it communicates the company’s commitment to ethical conduct and sets a clear benchmark for employee behavior. Make sure that everyone in the company, from the president to the lowest-paid employee, is held to the same standards. If employees see a supervisor or executive disregarding the rules with impunity, they are unlikely to take the rules seriously.Review hiring procedures
While statistics show that most employees caught in stealing or fraud schemes don’t have a previous record, it’s wise to conduct basic pre-employment background checks, especially for anyone who will be handling cash or gaining access to sensitive financial data. (Be sure to consult the SBA’s Guide to Pre-Employment Background Checks for information about the laws governing background checks, which have changed in recent years.) After hiring, regular performance reviews should include an evaluation of the employee's compliance with company ethics and anti-fraud programs.Set up a fraud hotline
According to the Association of Certified Fraud Examiners (ACFE), employee tips are the most common way for businesses to uncover occupational fraud. [Report to the Nations on Occupational Fraud and Abuse] Make it easy for employees to report suspicious activity anonymously and without fear of reprisals.Develop a training program
The ACFE also reports that companies with anti-fraud training programs experience lower losses and shorter duration of fraud schemes than organizations that don’t have such programs in place. Training should include some basic fraud prevention techniques and procedures for reporting suspicious activity. Supervisors should be trained to recognize warning signs of fraud, such as an employee living beyond their means, being over-protective about their workspace or files, or asking to be unsupervised by working after hours or taking work home.Set up customized internal controls
Unlike a large, publicly held corporation, a small business may not need to hire a CPA firm to regularly audit its books. However, common-sense controls can be set up to help reduce risk. For example:
Do your own risk assessment and think of other areas in your company that may present opportunities for fraud. Has inventory been disappearing from your warehouse? Install security cameras and make sure to monitor them. Do your employees use company vehicles? It may be useful to institute a GPS tracking system. Do your outside sales people turn in reimbursement reports? Review them carefully to make sure all the receipts are on the up-and-up.Update and communicate
Anti-fraud controls and training can’t be created and then forgotten. They must be tested, reviewed and updated on a regular basis to make sure they stay relevant and up-to-date. For example, if your current controls don’t take online banking and identity theft into account, they need to be brought into the 21st century.
It’s also important to communicate with employees regularly about fraud issues - in employee newsletters, at staff meetings, or in company emails - to make sure this vital issue is always top of mind. Your bottom line depends on it.