Employee fraud: It could never happen to you. You trust your employees. You don’t have time to develop a bunch of policies and procedures to protect against something that will probably never happen. Well, it did happen to the owner of a local clothing store I know, and the culprit was a long-time employee who managed his store. The store is no longer in business.
As a small business owner, you don’t have to create a lot of policies and procedures to prevent fraud. But you do need to identify scenarios in which theft or loss could occur and decide what you want to do to manage the risk. For some scenarios, you might decide no action is necessary. For example, in the restaurant and bar business, theft of liquor is a big problem; and restaurants monitor stock very closely.
I recently worked with a high-volume retailer that questioned the validity of its cost of goods sold. I discovered that due to the volume of transactions, the store simply did not have enough resources to go through the process of validating the details of invoices for high-volume purchases. They decided to trust that the vendor’s invoices were correct and, given their available resources, I could not fault their decision.
But what concerned me was that the employee responsible for verifying the legitimacy of bills also paid the bills, and this was at the time when they thought their profit margins should be higher. The owners just needed to be aware of the risk, understand possible changes to mitigate the risk, and decide what action they would be comfortable with. They now plan to implement a software application that will automate the reconciliation between vendor bills and purchase orders.
Here are some questions you need to ask in identifying your own risk scenarios for employee fraud:
- Are you separating authorization, custody, and record keeping roles to limit risk of fraud or error by any one person? I uncovered a $250,000 embezzlement by a CFO who had control over cash and the authority over accounting to cover it up and prevent its discovery.
- Are all of your bank and credit card accounts being reconciled each month? The CFO mentioned above opened a separate bank account to deposit the $250,000, had the deposit recorded in accounting, but the subsequent bank statements never arrived in accounting. He withdrew the money and closed the account. Accounting staff, intimidated by the CFO, had never been able to reconcile the account.
- Are you taking timely physical inventories to assure against theft of inventory? The lower the ratio of inventory item size to value, the higher the level of risk for theft.
- Are you looking at month-to-month or quarter-to-quarter financials to compare your margins? Margin changes for the same products could be market driven or they could be dropping to cover up inventory theft or fraud.
- When you have a question about something that doesn’t make sense to you, how easy is it to get answers? I often find accounting entries made without a sufficient description in the memo field to evaluate their purpose. They might have been properly recorded, they could be erroneous, or they could be fraudulent. Rather than make that assessment quickly by looking at the entry, I have to waste time looking for additional documentation or interviewing the author of the entry, who may not remember why he or she made it. The harder it is for you to get answers, the greater the risk of fraud.
- Is there adequate documentation maintained to substantiate transactions? Can you easily view a copy of a paid invoice or a completed bank reconciliation report? It should only take a minute to find these and satisfy yourself that everything is in order. If you can’t do this, you might be paying phony invoices or you might be unaware of unauthorized cash withdrawals.
As I’ve said, you might ask all of these questions and decide nothing needs to be done, but you have made a significant accomplishment. You now understand and accept your risks.