When you own a small business, fraud can have devastating consequences.
Fraud has become a huge problem. In 2021, small businesses lost around 5% of their sales because of fraud.
The damage can be disastrous for them because the loss of revenue takes a more significant chunk out of smaller businesses than larger ones.
These large companies spend more money on fraud prevention and can afford issues when they arise without risking bankruptcy.
The lack of money spent on prevention is why small businesses are four times more likely to experience payment tampering and two times more likely to experience payroll fraud.
For your company, preventing fraud can be the difference between flourishing and closing its doors.
At ROARK, our outsourced accounting and finance teams are experts at protecting businesses with internal controls. We've helped hundreds of companies safeguard their assets with our Finance & Accounting as a Service.
Let's get into the specifics of internal controls – how they prevent fraud, and how we can work with you to create a comprehensive system for your company.
You'll be able to prevent, detect, and correct any fraudulent activity before it drains money from your business.
What Are Internal Controls?
Internal controls are your company's rules and procedures for boosting operational effectiveness and efficiency.
When you execute them, you're safeguarding your assets, ensuring the accuracy of records, and preventing fraud.
Although fraud is the most critical issue you're preventing with internal controls, you can also use it to ensure you're reporting finances on time and in compliance with laws and regulations.
In short – internal controls are essential components of your business.
Without them, your company is vulnerable to a myriad of issues.
Some of the issues that arise without internal controls include:
- Threats to privacy and security
- Risk of embezzlement, theft, and liability, and
- Inability to track performances against projections and budgets
However, when you utilize internal controls, you and your business get a ton of benefits. These include asset protection, accuracy of financial records, and detection and prevention of fraud.
Asset Protection
Good internal controls protect your company's assets by alerting you of errors. They can protect you from theft, misappropriation, and fraud.
Protect your assets with internal controls by:
- Regularly updating security measures
- Checking inventory
- Performing risk assessments, or
- Sealing important information away from unauthorized employees
Accuracy of Financial Records
Accurate financial records are crucial for making sound business decisions. Investors and creditors rely on them to determine your eligibility for their funding.
Ensure accuracy with internal controls by doing reconciliations, dividing duties, and regularly monitoring finances, so records match up with each other.
Detection and Prevention of Fraud
Internal controls' last and arguably most important benefit is eliminating opportunities to commit fraudulent activities.
Putting policies and procedures in place to detect fraud are the best ways to prevent it, and they'll help you deal with it effectively.
These procedures include internal audits, dual controls, and information systems security updates.
The Three Types of Internal Controls
There are three types of internal controls you should have in your company. They're classified as preventative, detective, and corrective.
Preventative Controls
Preventative controls help your business run smoothly by preventing issues, such as fraud, clerical inaccuracy, and data loss, from happening in the first place.
One type of preventative control is separation and rotation of duties. Assign important accounting roles to different people and rotate them every so often so you can prevent one employee from having the privacy to commit fraud.
In your accounting department, divide these activities into separate tasks and assign them to different people on a rotating basis:
- Bookkeeping
- Reconciliation
- Auditing
- Deposits, and
- Authorization
No one should be in charge of one thing entirely. When that person is, they have the power to commit fraud and cover their tracks without you even realizing it.
Another way to prevent fraud is through dual authorizations. A dual authorization is when your employee is restricted from approving something unless another person does.
In payroll, this looks like one person initiating payment and another approving it. By doing so, you're ensuring there's always more than one person involved in important affairs.
When you implement this control, you can rest assured knowing everything is being double-checked.
Detective Controls
These controls alert you when fraudulent activity, any legal violations or issues with quality occur.
Since prevention doesn't always work, detective controls are crucial for letting you know when there's a problem so you can fix it before it gets out of hand.
The most important detective control is reconciliation. Regularly reconcile your financial data so you can respond quickly to inconsistencies. Pair this with separation of duties to make sure different people complete the reconciliations.
Another type of detective control is internal audits. These are vital for maintaining the effectiveness of every other control you've implemented. Auditors will check that your controls are up to date and assess any still present risks.
When you design your internal audit team, make sure you have:
- Assessed processes and methods of your fraud response plan
- Assigned qualified people to conduct fraud investigations, and
- Determined how your auditors will investigate fraud and evaluate current controls
We know how much work it takes to establish and maintain internal controls to protect every aspect of your business, not just fraud. We recommend corrective controls to maximize the protection against it.
Corrective Controls
The last type of internal control is corrective. These are your essential "response controls" implemented whenever the preventive controls fail, and the detective ones flag an error.
When a business gets broken into, the locks (or preventative controls) have failed. The security alarm (detective control) goes off, alerting you of the break-in. As a result, you change the locks and require key card entry (corrective control).
Think of corrective controls as your repairman. When something goes wrong, the corrective controls will correct and restore it. These can be anything from rebooting a system or patching software to restore security.
In the case of fraud, a corrective control will respond by alerting you to the suspicious activity and keeping a spotlight on it until it's resolved. Implement corrective control in this case by having your accounting department physically count money or track assets to find discrepancies.
A corrective control will also keep issues from happening again. For example, if your system is breached and infected with malicious files, a corrective control would respond by quarantining those files and disconnecting the system, so it isn't vulnerable anymore.
How Do I Know My Internal Controls Are Effective?
Navigating internal controls is tricky because there are so many facets of your business that you want to protect.
Internal controls are effective when you maintain proper oversight, have a system of checks and balances, and regularly perform internal audits.
Weak internal controls look like this:
- Data that isn't backed up
- Outdated security systems
- Untimely incident responses, and
- Unenforced operational policies
All of these issues leave you vulnerable to fraud. You won't be able to restore lost data, your security system will fail, and your employees won't be held accountable enough to deter them from fraudulent activity.
When you work with an outsourced finance and accounting firm, they can help you create a plan, identify risks, and implement measures to prevent fraud.
They'll work together with you to create a system to regularly monitor your financial data and spot unusual activity.
Last but not least, an outsourced team will help you put a whistleblower policy in place.
By encouraging employees to report suspicious activities, you're instilling a greater sense of communication and safety within your company. You're dramatically reducing the risk of fraud from internal employees.
What Do I Do If I Suspect Fraud?
Before suspecting fraudulent activity, familiarize yourself with what it looks like.
Fraud within a business happens in several ways but isn't limited to:
- Bribery – Using money, gifts, or promise to manipulate someone's behavior
- Corruption – Upper-level employees using their authority for personal gain
- Invoice schemes – When fake invoices are made to steal money from the company
- Tax fraud – Misreported tax information for financial gain
- Payroll fraud – Employees misreport hours to gain higher pay (small businesses are especially vulnerable to this)
- Identity theft - When fraudsters use your business's financial identity to access your credit
- Workers compensation fraud – Employees do this by making up an injury or falsely claiming it happened at work
Remember to document everything so you can effectively handle fraud when it happens.
First, gather evidence of fraudulent activity, like financial statements, receipts, or time cards, to name a few. It's important to do this first in case the fraudster realizes you're investigating and destroys the evidence.
If you're able, consult with an attorney or forensic accountant to help you piece together the information and advise you on your next steps.
Do not confront the suspected fraudster with an accusation or termination immediately. Once the person knows you're aware of fraudulent activity, they'll cover their tracks or quit before you can leverage your evidence.
Take your evidence directly to essential members of your organization. These are your internal auditors, human resources, board members, and relevant managers. Only include people that are directly involved with the process.
Your team should begin interviewing witnesses who may have information about the suspected fraud. Add any relevant findings to your database, compile the evidence, and send a detailed report to the police or FBI.
After the fraudulent activity has been stopped, reevaluate controls to prevent it from happening again.
To prevent any more money from being lost, make sure your company has insurance with a high level of fraud protection.
Can Outside Professionals Help With My Internal Controls?
When it's time to implement a solid internal controls system, you can outsource it to a team of accounting and finance professionals.
The expert team will ensure you have a solid system of internal controls in place by evaluating and correcting current procedures. They'll also help ensure the accuracy of financial statements and that your company resources are correctly used.
The cost of hiring a team to help you with internal controls varies, and prices will increase as their services do.
Many outsourced finance and accounting companies provide recommendations for internal controls – which aren't very expensive.
These teams can help you implement the controls through consulting projects. Implementing a single control costs a few hundred dollars, while putting an expertly-crafted system in place costs over a thousand.
How Do I Direct My Employees?
Education and training are the keys to ensuring your employees understand the importance of internal controls and follow them correctly.
The training should be comprehensive and include the what, how, who, and why of fraudulent activity.
First, teach your employees exactly what fraud looks like. Not just in general, but in their daily job responsibilities, too.
Give them examples of how their specific job duties prevent fraud, like when warehouse employees check purchase orders against inventories to ensure accuracy.
In this way, you're showing your employees how important they are to securing your company's welfare and their livelihoods.
As for the who, your employees should know that anyone at any level of a company can commit fraud. Use data to make a "profile" of a fraudster to show that they aren't always hardened criminals and that sometimes they're the person they least expect.
When they know who can commit fraud, they're less likely to stick to stereotypes and overlook the suspicious behavior of higher-ups.
The why of fraudulent activity is something every employee should know. It's not just a vindictive, criminal employee looking to swindle the company of its cash. Sometimes an unhappy person believes they deserve more money or rationalizes it with a real-life problem like sales deadlines.
When employees know why someone commits fraud, they're more likely to recognize suspicious behavior before it turns fraudulent.
Once they're educated about fraud in the workplace, your employees will have a greater understanding of internal controls and be more inclined to follow them.
Ensure their importance in preventing fraud and how their livelihoods will be protected by it.
With your employees' participation in internal controls, you can protect your company's assets and maintain its financial stability.
Take Control of Your Company's Safety
If you're dealing with fraud or ready to prevent it at your company, ROARK has the accounting and finance professionals to support you.
To protect your business and build a solid internal controls system with our support, get in touch with us to discuss our solutions. It's part of our Finance & Accounting as a Service and can be as intensive as needed.
Whether you need to improve your procedures or create a new system, our team has the tools and training to help you make it happen.
We're happy to help – let's get started!