There is an increasing amount of damage caused by fraud in the business world. It is easy to perceive this as a risk that just affects larger organisations or that it simply ‘won’t happen to a business’ like ours. These assumptions are dangerous and can post great risk if adequate preventative measures are not established.
There is often no press coverage of small scale business frauds as they may not be considered newsworthy and the victim often won’t want to publicise their mis-fortune.
What types of fraud could be perpetrated against a business?
Unfortunately there are many types, which can come from very different sources including:
- Employees within the main workforce – can manipulate timesheets, expenses claims, collude with customers or suppliers
- Employees in finance functions – can process or authorise fictitious costs and payments, circumvent lax or inadequate systems, manipulate figures
- Suppliers – may deliberately overcharge for services provided or goods delivered
- Anyone with access to your business locations or access to IT equipment – can seek to extract or compromise data held by the business or steal physical goods
- Anyone with sending emails to your organisation – can try to trick their way to obtain access to view, steal, delete or compromise data
The above is just scratching the surface of the many ways that businesses can be attacked.
What is the impact on the business from fraud?
The consequences of fraud can affect many areas including:
- Directly affect finances – eg. theft
- Indirectly affect business performance – eg. downtime due to compromised/lost data or investigating breaches
- Reputational damage – eg. having to inform customers their data has been compromised
- Fines or claims against the business – eg. as a result of poor data protection
- Deterioration in staff morale/retention – eg. knock on effect in dealing with the above consequences is likely to be detrimental to staff motivation
What can I do to protect my business?
Thankfully there are many steps that can be taken to mitigate risks. Some are simple and inexpensive to implement whereas others can be more complex and costly. If nothing is in place already the following steps can help:
- Perform a risk assessment to look at the main areas of risk to your business – it is important to be honest about the potential impact and how likely a risk is to materialise
- For all bar trivial risks, document what safeguards are already in place and what shortfalls are identified
- Work on improving processes, documenting these and embedding them within the organisation to reduce or remove risks
- Create a culture in your workforce where staff feel comfortable highlighting problem areas and suggesting solutions. If this culture can’t be achieved then businesses are potentially missing many valuable opportunities to protect themselves simply because staff don’t speak up
Segregation of duties is key in ensuring that no individual(s) have too much control over specific areas – this is important not only for fraud prevention but also in case those staff are suddenly unavailable for any reason.
When bringing in new processes and controls it is important to demonstrate to staff that this is being done to help improve the business, not because you don’t trust anyone. Better controls actually help to protect staff from wrongful accusations when problems do occur.
Remember that if the business holds data that is vital to its operations or data that may be of interest to fraudsters (eg. personal information such as name, DOB, address, bank details etc) then it is essential that adequate steps are taken to protect this. Data protection laws have recently been strengthened and place a big onus on data holders with potential for eye watering fines for poor practice in this area.
Key points to remember:
- Be sceptical and remain vigilant at all times
- Ensure you understand all aspects of your business, especially where there are any weak areas that are more likely to be susceptible to fraud
- Have a documented plan to cover off main risks
- Provide adequate training to all staff
- Ensure your IT setup is adequate for your needs
- Keep a close eye on finances – spot checks of small transactions may help to identify regular ongoing frauds that can just ‘slip under the radar’ and a regular overview of business performance and trends can help identify larger scale problems
- Develop a good culture within the business around this area