Most small-business owners don’t think fraud will happen to them. The truth is that a small business is more likely to experience fraud than a medium or large company. As soon as you have employees or contractors with access to your assets and financial records, it’s time to implement internal controls. Here are some of the most common fraud schemes that small business experiences and the internal controls that will help you avoid them.
What Happens: An employee or bookkeeper creates a fictitious vendor — often in the name of a friend or family member — and submits an invoice for nonexistent services. In another scenario, an employee conspires with a vendor to raise prices and they split the excess behind your back.
Internal Controls: Only sign checks to approved vendors. Keep a master list of these vendors on hand when you’re ready to approve invoices. Before you add a vendor to the approved list, perform some internet research or call the business line to verify its existence. Closely monitor vendors that are frequently increasing prices or getting more and more of your business.
What Happens: Employees sneak personal expenses into a business expense report or claim the same expense twice for double the reimbursement.
Internal Controls: Communicate to your employees up front about what kind of expenses can be reimbursed and what cannot. Require employees to submit the original itemized receipt for every item on an expense report — no copies allowed. This ensures you’re only reimbursing for each expense once. Double check the receipt dates, locations, and items purchased to make sure that all the details add up.
What Happens: Your bookkeeper steals a pack of blank checks and makes out checks to himself or others. Another possibility is that you sign a valid check, but an employee intercepts it, alters it, and cashes it.
Internal Controls: Keep blank checks and voided checks under lock and key. You can give your bookkeeper or accountant read-only access to your bank account, but you should be reviewing the bank statement every month for strange transactions. Keep an eye out for gaps in check numbers, which could indicate that blank checks have been stolen.
If you request it, most banks will provide you with an image scan of all endorsed checks from the month along with your monthly bank statement. Match the payee names and amounts on check images and make sure they’re consistent with the bank reconciliation.
What Happens: Your employee pockets a customer payment before it ever gets recorded.
Internal Controls: Because there’s no record of the sale in the accounting system or point-of-sale software, skimming is hard to detect after the fact. That means that prevention is key. If you sell goods at a retail location, invest in a point-of-sale system. It won’t allow your employee to give change without logging the transaction, and overrides require manager approval. A security camera — running or not — pointed at the cash register can also deter wrongdoers.
If your clients tend to mail in payments, open the mail yourself. You can also have customer payments sent directly to a P.O. box or a bank lock box for processing.
As your business grows, it’s tempting to hand off portions of your operations to a trusted contractor or employee. Until you have the resources to implement a full-fledged system of internal controls, try to stay involved in day-to-day operations. Anyone who has access to assets and can record transactions without approval has the opportunity to commit fraud, so be wary of giving too much control to any one person.