SMEs: how to tackle fraud
Steve Caine, director, Ernst & Young’s Global Investigations & Dispute Advisory practice (GIDA), explains why SMEs should bother with fraud risk.
The fraud headlines may have been grabbed by the likes of Enron and Parmalat, but smaller companies are arguably at greater risk of being ripped off.
This risk of fraud should, in theory, force every owner manager to take responsibility for their companies’ defences and ensure they have strong controls in place, no matter what their size. A major fraud may be damaging for large companies, but can be totally life threatening for SMEs.
Think about the effects. Think about the bottom line and consider what might be easier, generating sufficient new business to create £500,000 of additional profit, or preventing an avoidable loss of £500,000.
Think about the disruption – experience shows time and again that the disruptive effect on the business is under-estimated, not just in terms of the sheer effort required to investigate a fraud but the psychological impact as well. And think of reputation – your fraud might not make CNN but can you be sure it will not be talked about in your own market?
In order to minimise fraud risk you must first stop thinking that you are immune to that risk. Once you are over that hurdle it is worthwhile understanding some basic facts about fraud:
- The perpetrators of fraud are likely to be within your organisation. Recent research from Ernst & Young showed that insiders committed 85% of company frauds
- Fraudsters are usually at management level – Managers commit 55% of all company frauds
- Internal frauds tend to be bigger than external frauds, according to research by The Bank of International Settlements
So who commits fraud? A useful framework is provided by the “fraud triangle” – developed by the Association of Certified Fraud Examiners – that looks at the factors that allow fraud to take place.
Many fraudsters have personal motives, such as greed, which are difficult for any business to do anything about. Business pressures – typically variations on the theme of getting results, also motivate fraudsters.
I recall the FD of an Italian subsidiary of a UK head office – turnover about €50 million (according to the misstated management accounts at least!) – who felt the need to overstate critical monthly new business figures because of the unyielding expectations of head office.
Businesses of all sizes have their own culture. It is often too easy to overlook these cultural factors. An easy step to take is to ask the question: what is our culture and might it be conducive to fraud? You will then be in a position to reshape it.
An advantage of SMEs over much larger businesses is the comparative ease with which the culture can be instilled across the business.
Fraudsters often seek to justify what they are doing and diminish the consequences. It is easy for them to do this if they can convince themselves that their business leaders might do the same.
In many larger companies I have worked with the tone from the top, in support of sound business ethics, is not always adequately demonstrated – it costs nothing to relay that message.
Senior management within an SME, is often afforded greater opportunities to communicate directly with the rest of the business – and as an owner manager you should think about your responsibility to your business and your team to communicate the company’s culture to ensure it does not become a hot bed for fraud.
It’s true to say that most frauds take place because of the inadequacy of prevention and detection controls. The most effective anti-fraud controls cover the entire business process.
SMEs may not have the resource for such an ambitious implementation of controls. The more practical alternative is to identify and focus on the areas of principal risk. Some indicators of this include:
- Where the high value is being received and generated in the business e.g, payroll and procurement.
- Where segregation of duties is low e.g, risk takers and record takers are the same persons.
- When and where is senior management less apparent e.g, outside normal office hours, in far flung locations.
Can you improve fraud detection?
The answer to this question is almost certainly yes. Here are three low-cost suggestions to this end:
Recruitment: People commit fraud. Are you inviting fraudsters or potential fraudsters into your business? Independently substantiating the key data in candidates’ CVs and probing unexplained gaps is not onerous and identifies those candidates who struggle with the concept of honesty.
Red flags: Clues to fraudulent activity are provided by apparently unusual circumstances (red flags) and remaining mindful of these may indicate areas where you might usefully do further investigation. These red flags are not always obviously linked to financial or business processes. Examples of such red flags include:
- Persons with lifestyles disproportionate to their known means (just remember how low are the odds of winning The Lottery).
- Persons who hardly ever take time off (as the cat may get out of the bag if they are not there).
Whistle-blowing hotline: this is a mechanism which allows honest employees to report their concerns in confidence can be a highly effective tool in both the detection of fraud and as a disincentive to fraud.
What if you suspect fraud?
Generally, you are under no immediate obligation to report your suspicions to the police. Be aware that when the police investigate reported suspicions, they are unlikely to have the same priorities as you have as a business. On the other hand, a public prosecution demonstrates your intolerance of fraud.