Well, this one is going to be no fun to write, but I think it is absolutely crucial for small-mid-sized business owners to understand…indeed it is important for all companies, but small- to mid-sized ones in particular are vulnerable, as I will go over here.
Small to medium size businesses are based on trust, they often operate with informal processes, and they often depend on some people in the organization wearing many hats, so to speak. These can all increase the risk of fraud occurring inside an organization, particularly so when they appear at the same time. If you own a small- to medium-sized business, and you are only ever going to read a single thing I write, let it be this post. Yes, I’m serious.
Official, concrete stats are a bit hard to come by, but Small Business BC conducted a survey that found 33% of BC businesses report being victims of fraud. If I told you that you had a 33% chance of being seriously injured in a car accident, you’d probably be a little extra careful each time you got in a vehicle. But for some reason, when business owners report one-in-three of them having experienced employee fraud, somehow only 5% perceive this risk to be high. Why the disconnect? Let’s discuss…
The “F” word that not many small businesses take seriously enough
If you read the except, you already know what F-word I am talking about. It is Fraud…it comes in many forms, and I have had the displeasure of helping uncover it multiple times, in multiple forms. So, what does “Fraud” mean for businesses? What does it look like, how is it perpetrated, and how can having a CPA like us involved help prevent it?
For an accountant, Fraud means essentially any unauthorized spending of company funds, or any unauthorized transfers of company property to other parties. Which is accountant-speak for a range of things, including but not limited to:
Direct theft of cash (especially in cash-heavy businesses and charities)
Fraudulent purchases made on company credit cards, bank cards, or vendor accounts (i.e. things paid for by the company, that the company never receives, that someone else gets the benefit of)
Unauthorized pay rate, hours, or benefit changes made to staff
Unauthorized expense reports or fraudulent mileage claims
Direct theft of company equipment/property (that was originally purchased legitimately)
Fraudulent vendor invoices slipped in and paid out via regular Accounts Payable process.
Customer fraud – counterfeit bills, bad cheques, or stolen credit cards
Contractor overbilling, advanced fee schemes & their failure to perform, etc.
Perhaps you are thinking to yourself “This could never happen to me! My staff would never do this!” But I regret to inform you that yes, it almost certainly can happen to you. Own and run a business long enough, and at some point in time, something along these lines is increasingly likely to happen to you. And despite what some small- to medium-business owners may think – that their small staff compliment, organizational atmosphere, and culture built on trust can protect them from this – it can’t, and it doesn’t. Why not?
Let’s discuss the Fraud Triangle
The Fraud Triangle – What is it?
It might sound like an exotic, mystical place like the Bermuda Triangle, but instead, it is a means of understanding how and why fraud occurs and what can be done to prevent it. Originally conceived of by well-known criminologist Donald R. Cressey, the fraud triangle is a model for identifying the existence of fraud as exhibited in three risk factors:
- Incentives,
- Opportunities, and
- Rationalization.
In the form presented, it is a means to show that all three factors must be present, or fraud cannot occur. It’s a guide for owners and managers to assess the possible areas in the organization where fraud risks might exist.
Opportunity
In my opinion as a CPA, this is the number one place that an organization can try and prevent fraud. “Opportunity” refers to the circumstances and conditions which ALLOWS FRAUD TO OCCUR. And from the organization’s viewpoint, this is the one component of the triangle that the organization has near complete control over.
What circumstances allow fraud to occur?
Weak internal controls:
- No segregation of duties, lack of appropriate supervision, poor process documentation, etc.
- An example is giving one person the authority to create vendors in the Accounts Payable system, and to be the person who receives and enters all vendor bills, and the one who processes their payment.
- This person could very easily make a “fake” company, enter bills for them, and pay them without the owner ever knowing.
- This is compounded if this staff member in question is not adequately supervised or have their work scrutinized.
Inadequate accounting policies:
- Lack of proper accounting policies and regular, detailed review of financial statements gives the opportunity to “hide” transactions or manipulate numbers
- Irregular processes, such as mileage claims being done only quarterly, reduces Mgmt’s ability to recall if the employee claim is correct and corresponds to the work done back 3+ months ago, etc. Makes it easy to manipulate the figures and inflate the claim.
- Lack of review of employee bank/credit cards, or minimalist review of expense reports by Sr Mgmt or from the bookkeeper, if they are essentially instructed to just record bills and pay them (which is more common than you might think)
Poor tone from the top:
- If upper management/owner tone is one that doesn’t seem to emphasize integrity, ethical decision making, and being honest, staff are likely to follow that lead.
- If staff feel that Mgmt act in dishonest or “shady” ways with vendors, customers, or regulators, it often is a sign that controls and processes and reviews are unlikely to detect fraud…meaning the opportunity is there for the taking.
Incentive/Pressure
This refers to an employee’s situation that might push them to committing fraud. Examples of things that may do this are:
Bonuses based on a specific metrics or results
- Bonuses based on aggressive or unrealistic financial metrics can incentivise employee fraud, by way of fake sales entries, managed costs (which are just hidden elsewhere), etc.
- Especially so if they have some control over how things are reported from lack of segregation of duties, per above
Personal financial pressure or incentives.
- I.E. staff that are highly indebted, those struggling with an addiction of some kind, etc.
- Lifestyle creep has occurred and they are living beyond their means, expecting their earnings to keep increasing at a set pace
External investor expectations:
- Less applicable to private companies but could still be a factor as private companies can still have groups of investors that expect results. Pressure to hit certain targets may incentivize staff to (knowingly or not) commit fraud to hit those targets
This component is a bit less manageable for the organization since this can arise entirely from a personal situation of an employee without the knowledge of the organization’s leadership. But that said, there are still things that can be done to reduce the presence of this risk factor.
For one, companies can make sure that they set reasonable goals with their staff, and that the staff have a meaningful amount of input in setting those goals.
- Staff that don’t feel massive pressure to hit unrealistic expectations, in terms of their production, sales, costs management, etc., are less likely to commit fraud against an organization.
- Use goal setting guidelines like SMART goals, a mnemonic acronym to help you set better goals for yourself and your team.
Incentive programs can also be more carefully designed at times, in a manner to think about the unintended consequences of an incentive program, as these can sometimes be an incentive for deception.
- I.E. in the restaurant industry, an incentive to keep food costs to a certain % of sales, might make the kitchen manager simply re-classify things they were already buying and needing, to be “bar supplies”, when previously they used to just call it Food Purchases. This lets them meet targets, without changing anything, and get some kind of bonus out of it. While it may not seem like outright fraud in the sense of stealing cash is fraud…it is still essentially additional pay, at the expense of the company, for not actually achieving the intention of the incentive – that is, overall food cost management.
Rationalization
This one comes into play in the way a person can justify it to themselves. It might seem small, but this is still an important factor for people to do before they knowingly commit fraud. And unfortunately, it is one of the hardest things for an organization to address.
Person feels slighted or wronged
- Clients, vendors, or staff that feel wronged may look to “correct” that wrong
- They deserve more money because they feel they are underpaid, undervalued for their length of service, etc.
Person feels that company culture/tone supports this type of thing
- If they feel that upper management does “shady” stuff like this all the time, they are more likely to do it themselves.
Person feels there is no other solution than to commit fraud
- This could come if a person is facing a layoff, but has immediate and urgent financial obligations they feel won’t be met unless they commit fraud.
Add up the three factors….
When these three factors are combined, the necessary conditions for fraud occurring are all present and the risk of fraud is increased for the organization. You have people that feels underpaid or undervalued, they feel the culture is one of under-handedness or where unethical behaviour is just part of doing business, they have financial obligations that are outgrowing their salary, and they have the ability to do things thanks to weak controls and oversight.
So how can having Boost CPA involved help prevent this?
Simple. While our services are not outright tailored to detect fraud – i.e. we are not specialists in fraud investigations – fraud is several orders of magnitude harder to get away with when a CPA is involved monthly. Part of our onboarding process with new clients is to review all their procedures for incoming bills and AP, who has access to bank accounts and credit cards, who makes expense/mileage claims and who reviews them, how the sales process works, etc.
By reviewing and updating the internal controls and accounting procedures/policies, reviewing the accounting entries, by monitoring the bank accounts and credit cards, and by generally reporting on business performance metrics, Boost CPA helps remove some of the risk factors from the Fraud Triangle. Without bogging down in accounting jargon for “why” this is…. we can just say that a person might be able to make one side of a transaction look “correct” to cover their tracks, but it is nearly impossible to make the other side of the entries also make sense. Eventually, the truth comes out, as my good friend and Canadian music legend Corb Lund famously has a fantastic song about. (Not actually friends with him, but I know all his songs, so that counts right? Corb if you’re reading, hit that “Contact Us” in the upper menu bar!)
Monitoring cash (actual physical cash) and preventing cash theft is still difficult as there is an inherent uncertainty around what we accountants call “completeness” of cash receipts. But this theft nevertheless still becomes a lot harder and more intimidating for a person to perpetrate, when they know that there is now a CPA working with the organization internally every month, that is in a better position to catch them doing so.
Sometimes, just the knowledge that someone else is watching, is enough to stop fraud in its tracks.
Closing thoughts
Writing this was always going to be a balancing act, because I don’t want to give the impression that every staff member is out to defraud you or your organization. Nor do I want to add to the increasing sense of general distrust that permeates our society so thoroughly these days…quite frankly we have enough of that, thank you very much.
Most employees would never dream of defrauding you. But I did want to raise the issue in general, because it is still a risk factor for small- to mid-sized organizations, and one that many are insufficiently prepared for, in my experience.
Having personally uncovered it a few times in my career, I can tell you that the shock and hurt felt by the owners/management is very real, and inevitably feels very personal, even if that was never meant to be the case. It never feels good to be cheated, or taken advantage of, and that is exactly what fraud often looks like. We trust some people too much, they have too much access to pieces of the company puzzle, and they can sometimes use this trust and lack of oversight to their advantage.
Looking to help protect your company from fraud, improve your business performance, and plan for the future? We are currently accepting client applications for monthly services, so reach out to us and book a consultation to see if we are a match for each other.