Fraud (Part II): How to Protect Yourself and Components of an Emergency Plan
In Part I of this series Ron Cox discussed the definition of fraud, who the fraudsters are both inside and outside of your business, the specific areas in your business that are being targeted, and the 10 Questions every business owner should be asking themselves. Now, in Part II, Ron will spell out the damage that can be done if businesses don’t take steps to protect themselves, explain what fraud experts do, and discuss what should be included in a Fraud Emergency and Communication Plan.
Many business owners are under the impression that fraud can’t happen to them. But I’m here to tell you they couldn’t be more wrong. As I discussed in Part I of this series, most businesses are targeted by fraudsters from both inside and outside of their business. And, as a business advisor and auditor, I have found that most leaders are not adequately equipped with a plan.
Fraud against U.S. businesses is at an all-time high. Every day you can turn on the news and hear a new story about a company’s sensitive data and assets being stolen or held at ransom. While all of that seems pretty grim, the good news is that there are experts who can help, and there are steps business owners can take to not only protect themselves, but to put a plan in place in case a fraud event happens.
The Cold, Hard Facts on Fraud
According to The Association of Certified Fraud Examiners’ (ACFE) 2014 Global Fraud Study, “a typical business loses a median of 5% of revenues each year due to fraud. On a global scale, this translates to losses of approximately $3.7 trillion, according to anti-fraud experts. In addition to lost revenue, there are also indirect costs, such as low employee morale, decreased productivity, ruined reputations, and tarnished brand images, all resulting from employee and employer fraud.”[i] The estimated real damage from insider fraud alone, to a business that makes $5 million in revenues, is $250,000.
Fraud Experts: What Can They Do?
- Evaluate the potential for the occurrence of a fraud event and the manner in which the business manages its fraud risk
- Consider the probability of significant errors, fraud, noncompliance, and other exposures when working with you and your business
- Analyze your data with a fraud detection program strategy by investigating your:
- Weaknesses in your cash processes and your banking structure
- Weaknesses in your IT structure and threats from outsiders
- High risk areas which are automated
- Emerging patterns in your cash outflows
- Unauthorized transactions
- Recommend how to strategically fix your business’s risk to a fraudulent event by creating a pro-active fraud emergency and communication plan
- Perform follow-up activities on the plan at regular intervals to ensure that any business changes which occur over time are covered by a revision to the existing plan
- Awareness training for you and your employees
Developing a Fraud Emergency and Communication Plan That Works
The purpose of this plan is to have a procedure on how your business is going to react to an actual fraud event. Procedures covered should be:
- The name of the employee (should be one of your high ranking employees) who will minimize reputational risk within your business. This employee will be classified as ‘in-charge’ of the event, the one individual who is the point of contact for all communications with employees, customers, service providers, lawyers, consultants, insurance provider, local law authorizes, and the public (news). Although it may take an entire team to address the extent of the fraud, your business must have “one voice.”
- The current list of significant, sensitive information and IT Systems. The purpose is to identify what has been breached and the length or depth of the fraud (a measurement of how deep the fraud reached into your business).
- A series of specific calculations or measurements of significant financial impact to your business which may include the total cost of the risk exposure and cost of non-compliance specific to your industry. A predetermined procedure on accounting for the event in total and future forecasts of the potential loss through time.
- Adherence to various legal requirements on the timeframe of when the fraud was found versus the time your business notified employees, customers, or other stakeholders in which the fraud reached.
- IT back-up service provider (get your business back to normal as soon as possible).
- Employees, Customers, and Third Party Service Providers (show them that you are transparent and how highly they’re valued by you). Keep them in the loop, but only when you know the actual facts. Do not state any assumptions, only state what you know.
- List of external Points-of-Contact that are on the team.
- Any other procedures that will require various duties in order to successfully execute the plan.
Now or Later
To a business leader, developing a Fraud Emergency and Communication Plan may seem like a low priority right now, but for any business it’s clearly a high priority. Don’t wait until you find yourself dealing with an actual fraud event – address it now!
Ron Cox is a Senior Consultant in our Finance & Advisory practice. He helps businesses that have been the target of fraud and fraudulent behavior by applying his experience in operations, finance, and audit. He holds various certifications from the Institute of Internal Auditors and has proven valuable to our clients in a host of industries.
 Quickbooks.intuit.com/r/trends-stat/fraud-statistics-every-business-should-know. 3/20/2017