According to the results of the study which was prepared by the Association of Certified Fraud Examiners (“ACFE”) and issued in 2014, enterprises with fewer than 100 employees were more likely to have fraud cases reported to the ACFE. The total losses from fraud in large enterprises were slightly higher than the total losses of small enterprises as shown in the following diagram:
According to the ACFE’s studies, the most common types of fraud include:
- Theft of cash;
- Claiming fictitious charges; and
- Theft of assets.
The main reason for thefts in small and medium-sized enterprises is due to the employees by themselves, as, by virtue of the nature of their work, the trust among employees increases and the control and accounting factor becomes weaker on the basis that they are members of a single family.
What makes enterprises vulnerable to fraud?
There are many factors that help make enterprises vulnerable to fraud, including but not limited to:
- Lack of adopted policies and procedures that leads to opportunities for fraud.
- The same employee performs several tasks, which helps them hide their illegal activities.
- Over time, employees become like a single family and controls over their activities become lesser due to trust.
- Lack of awareness and experience of staff in detecting fraud.
How can enterprises get help to overcome this phenomenon?
Internal auditors are responsible for informing their clients about the risks of fraud and how to avoid them and mitigate their effect in order to avoid losses arising therefrom.
The following are the top 9 points to be discussed with management in SMEs:
1- Accounting duties and cash transactions shall not be assigned to one employee:
For the small size of enterprises and few transactions carried out therein, only one employee is usually assigned to register the accounting transactions, receive cash from customers, deposit same in banks and make transfers among the various accounts of the enterprise. Assigning one person to perform these duties increases the possibility of fraud or theft, and the management cannot easily detect such theft or fraud. It is therefore recommended that there should be at least two different people, one of whom shall be assigned to register while the other person shall be assigned to withdraw, deposit and transfer.
If the cost of employing more than one person to perform these tasks is high for the enterprise, it may be advisable to contract with an independent accounting office to carry out accounting transactions on behalf of the enterprise, ensuring proper segregation of duties.
2- Ensuring that staff is well known to the Management:
Because of the small size of the enterprise, the few number of staff who has existed since the establishment of the enterprise for a period that may extend for several years, the employer may feel embarrassed over time to investigate the information and facts about his staff, and may easily appoint some employees who have relations with current employees that are trusted by him. It is worth noting the all employees’ circumstances, previous history in work and daily life shall be well known. With little time and effort in performing background check of employees, the enterprise may save a lot of money that could be wasted in case of any fraud.
3- Ensuring that an adequate internal control system exists :
Regardless of the size of the enterprise, the management shall set effective controls to reduce the risks of fraud such as:
- Set controls over access to financial statements and accounts.
- Set controls over access to warehouses in order to avoid theft and help identify any deficiencies and persons involved.
- Emphasize the need to adopt all major financial transactions by two different people such as:
- Payment of expenses;
- Signing of cheques; and
- Payment of employees’ salaries and benefits and other accounting activities.
- Use audit trail to track transactions.
4- Continuous monitoring of bank accounts :
In comparison to all steps taken to prevent and detect fraud attempts, this is the easiest method in implementation.
Currently, most banks offer highly secured and confidential online banking service, allowing the enterprise to track and monitor accounts anywhere, anytime. This step helps giving the management an accurate idea about all transactions performed on the enterprise’s accounts and the possibility of identifying any attempts to manipulate the deposited or withdrawn balances or amounts.
The following items shall be highly considered:
- Loss of certain cheques numbers or their numbers are not in serial.
- Receive transfers from unknown entities.
- Transfer of funds to enterprises or unknown persons (not related to the enterprise).
Informing staff that the management has controls to keep track of enterprise accounts will significantly help reducing the attempts of fraud and theft.
5- Continuously review high-risk areas:
Management should continually review and audit high risk areas. The main areas to be monitored include:
- Inventory management system; and
- Accounting transactions.
The management should inform employees that the business will be audited and reviewed, without informing them of its timing. Random checks helps detecting fraudulent attempts or frauds.
Therefore, specialized consulting firms could be hired to carry out such audit and review.
6- Train the staff to prevent fraud:
It is important that the enterprise’s employees, especially those in departments that are most vulnerable to fraudulent attempts, shall be aware of the following:
- Identification of frauds
- Methods of preventing frauds
- Reporting suspicious cases either from their colleagues or from clients
It is recommended that enterprises train and educate staff how to identify fraud red flags. Moreover, it is also recommended that a whistleblowing system should be established in case staff has any doubts about fraudulent transactions. So that the reporting person is not identified to maintain his privacy and to encourage him to report any doubts he may have.
enterprises should also develop a corporate code of ethics that clarifies that frauds are illegal and therefore anyone who carries out this type of activities will be held accountable.
7- Protecting the enterprise’s credit card data:
This step may seem obvious, but it is important to protect sensitive information and data such as the enterprise’s credit card numbers and not to mix them with accounts and personal cards. Using personal and enterprise’s accounts at the same time may lead to confusion among accounts and give a chance for fraud and manipulation.
Opening enterprise’s accounts and performing financial transactions through secure and reliable websites increases security measures and reduces the chances of electronic fraud.
8-Identify stakeholders :
It is recommended that enterprises shall create a database of key stakeholders (key customers and suppliers). This data should include:
- Official registered address;
- Contact name, phone numbers and mailing address; and
- Information of entities that have dealt with these stakeholders.
For further verification, the enterprise should answer the following questions:
- Has the enterprise ensured that the stakeholders’ operations are legitimate;
- Are the details of the stakeholders’ senior management available ; and
When the stakeholders’ enterprises were established and how many years of experience in their field of work.
9- Hiring independent experts:
In addition to the above, the enterprise may need further assistance and support in applying the necessary control procedures. It is recommended that an independent fraud expert may be hired to establish the bases and rules. At the same time, the auditor should carry out more thorough and comprehensive audit procedures to verify the accuracy of the financial statements.
Owners of small and medium-sized enterprises underestimate the risks of fraud, believing that they are protected. However, all studies show that these enterprises are at risk of fraud. Owners of these enterprises may feel it is shameful to discuss methods and steps to avoid and detect fraud. In this regard, internal auditor should increase awareness of fraud risks.