So, you’ve closed on an M&A deal and you’re going to make this new asset part of your existing organization. Diligence revealed that this addition to your business will support your strategic...Read more »
How to Protect Yourself from Fraud: 10 Questions Every Business Owner Should Ask
This is Part I of a two-part series on fraud in the workplace.
The Definition of Fraud
According to the Institute of Internal Auditors, “fraud is any illegal act characterized by deceit, concealment, or violation of trust. These acts are not dependent upon the threat of violence or physical force. Fraud is perpetrated by parties and organizations to obtain money, property, or services; to avoid payment or loss of service; or to secure personal or business advantage.*
As a Business Leader you may say, “Fraud! It can’t happen to my business!” Unfortunately, you’re wrong. As a business advisor and auditor, I find that most businesses are targeted by fraudsters from both inside and outside of your business. I also find that most leaders are not adequately equipped with a plan.
No matter what your business’s size or industry, someone is targeting not only the business, but both you and your employees. Fraud against U.S. businesses is at an all-time high. I see it every day in the news, in which a company’s sensitive data and assets were stolen or are held at ransom. I find that business leaders don’t deal with it until some sort of actual fraud has been perpetuated against their business. Often too late, and forced to deal with the situation, the business leader is thrown into ’emergency mode.’ Working in emergency mode becomes a daunting and emotional task; you need to be prepared and pro-active on how you are going to react to an actual fraud event. You need to have a plan in place.
Insiders in your business:
- Third-party service providers (via contracts and agreements)
- Other leaders who report to you, such as your financial head
- Accountants with access to payroll and your banking data
- Information technology employees with high-level access to your confidential data, those who have access to your customers’ payment information and employees’ personal data
- Operational managers and staff
- Basically everyone with access to your assets, such as your cash, your clients, your inventory, and your proprietary data, all of whom you have given authority to directly or indirectly
Outsiders, external to your business:
- Hackers with ill-intent against your proprietary data stolen from your IT systems and held at ransom
The ‘insiders’ in your business have the higher probability and frequency of committing a fraud against your business than that of ‘outsiders.’ Make no mistake, hackers that hold your information ransom are very real and prevalent in today’s business world. If you aren’t prepared, you’ll have to pay them to get your information back.
Specific areas in your business that are targeted
The riskiest areas are – email accounts, bank accounts, credit cards, accounts payable, accounts receivable, general ledger, any type of insurance claims, inventories, and employees’ payroll information. You can’t stop the fraudsters, but you can protect yourself. Here’s how to start:
10 Questions you should be asking yourself:
- Do I know to what extent my business will suffer in a fraud event?
- Do I have a fraud emergency and communication plan in place that assigns responsibilities for fraud investigations which will mitigate any damage to the business’ reputation?
- Do I have a Fraud policy in place and is it frequently communicated to employees?
- Do I have a Code of Conduct policy in place and is it frequently communicated to employees?
- Am I performing both criminal and credit checks on key financial employees at least every three years?
- Do I have the right type of insurance for the business in the event of a fraud?
- Do I have a list of significant sensitive information and systems which are essential to the success of the business?
- Do I have appropriate back-up systems in-place for the type of business?
- Have I identified laws and regulations relating to fraud in jurisdictions where the company does business?
- Does my business’s fraud management program include partnering with an expert that specializes in fraud and in creating a fraud emergency and communication plan?
You may not be able to find fraud in your business, but it’s there, you just have to look for it. While you may not be able to find all instances of fraud, you can manage the risk of fraudulent behavior inside and outside of your business with proven risk management strategies and detection techniques. Fraud experts can help you be prepared and pro-active.
In Part II of this article, I will discuss fraud experts, how to create a Fraud Emergency Communication Plan, and the damage that can be done if businesses don’t take steps now to protect themselves.
Ron Cox is a Senior Consultant in our Finance & Advisory practice. He helps businesses that have been the target of fraud and fraudulent behavior by applying his experience in operations, finance, and audit. He holds various certifications from the Institute of Internal Auditors and has proven valuable to our clients in a host of industries. Contact Ron at 804-512-6994 or email@example.com. You may also view his profile here.
*Institute of Internal Auditor’s, International Professional Practices Framework, www.iia.org 3/17/2017