| Fraud Often Takes a Bigger Bite Out of Smaller Companies As detailed in "Are You at Risk? Protecting Yourself From Fraud," small businesses owners often: - Don't have the same asset-protection procedures
- Lack sufficient staff for proper division of duties
- Aren't educated about fraud or controls
- May not understand or examine their financial information as closely as owners of large businesses do
In addition, the portion of small- and medium-sized companies' assets that are vulnerable to theft may represent a larger percentage of their total assets than those of the big companies. Small companies simply have more to lose — a “relatively” small fraud could put them out of business. Also, the owners of small companies tend to invest more of their own assets in their companies than do the owners of large companies because the latter generally can secure more financing. Do Some of What Large Companies Do to Protect Themselves Here are some measures large companies typically use to help protect their valuable assets: - Require drug tests for all job candidates and administer periodic “surprise” tests to employees.
- Keep all negotiable documents locked up and under supervision.
- Set passwords for all computers and individual users.
- Prepare annual budgets.
- Segregate duties so that no individual handles all aspects of any transaction.
- Perform timely reconciliations.
- Create detailed job descriptions.
- Insist that employees cross-train others to perform their duties while they are on (required) annual vacations.
These are by no means the only practices large companies use to protect their assets. Established anti-fraud techniques and procedures typically are referred to as “internal controls,” or simply “controls.” Here’s an overview of how they work. Policies, Procedures and Systems Beyond Fraud Not all controls are designed as anti-fraud measures. Anti-fraud controls are actually a large, synergistic subset of the policies, procedures and systems that support a fully-functioning business control system and ensure that “the right things happen and the wrong things don’t.” Management is responsible for establishing and maintaining an overall control system. The best controls help a company effectively and efficiently achieve its objectives and reduce its risk. Layers of Internal Control Because the overall concept of “internal controls” is rather complex, it is helpful to divide controls into the following more manageable layers: - The control environment, which encompasses these areas:
- The ethical “tone” set by management and expected of employees
- Documented mission statement, objectives, policies and procedures
- Company planning and budgeting
- Job descriptions and segregation of duties
- Appropriate training for employees
- Regular performance evaluations and clear disciplinary guidelines
- Risk assessment — The process of surveying current assets and controls and noting areas that present a risk to the organization. Risk evaluations should include:
- Assessing the control environment’s quality
- Identifying assets that could be vulnerable to fraud (listed in "Protecting Yourself From Fraud: Watch for Warnings Signs From Others")
- Prioritizing risk by determining the largest assets and those most vulnerable to fraud
- Anticipating situations that could disrupt operations
- Judging potential legal exposure
- Contemplating non-monetary hazards such as the potential loss of reputation, information, health and safety, employee morale and client goodwill
- Considering other “what-can-go-wrong” and “what’s-the-worst-that-can-happen” scenarios
Note: Risk assessment is something that most business owners aren’t good at and don’t even like to think about. Why? Because they typically are upbeat, positive people who draw on those qualities to create a vision and lead their businesses toward it. Normally, they want to insulate themselves from negative influences.
In the case of controls, however, negativity has its value. Protective armor can only be created in response to the perception of danger.
So how can you do risk assessment when you’d rather not think about it? Call in a professional who knows risk assessment processes and controls. If you can’t afford a professional, identify the best “worriers” in your life and hire them to do some real-life worrying on your behalf.
Just think: You can utilize their “black cloud” outlook and make them feel useful by encouraging them to envision the bleakest possible scenarios you could face as a business owner.
- Preventive controls — These are the policies, procedures, and warning systems designed to prevent the “wrong things” from happening. Generally proactive in nature, these controls may include:
- Assets properly secured
- Supporting documents required for expenditures
- Computer backup systems
- Segregation of duties (Note: This is also part of the control environment.)
- Timecards and supervisory approval procedures
- Established limits on employee credit cards
- Owner’s approval before paying a bill in excess of estimated costs
- Software warning that a bill was previously entered into the Accounts Payable system
- Detective controls — When something “wrong” occurs, these controls kick in to detect the problem and alert you to the danger. Examples may include:
- Alarm systems
- Reconciliations
- Analysis of financial results (e.g., comparing planned results against actual results)
- Internal conflict resolution processes
- Customer or vendor feedback
- Audits
- Quality of communication — The quality of an organization’s communications significantly impacts the effectiveness of its control systems. To be successful, the entire organization must be in touch with the overall control system’s various levels and objectives.
In the next articles, we’ll get into designing and monitoring controls to safeguard — and possibly augment — your valuable assets. Diane C.O. Gilson, CPA, CIA, is a Certified QuickBooks ProAdvisor and MasterBuilder ProAdvisor, author, trainer and construction accounting coach, as well as a frequent speaker at The International Builders’ Show and The Remodeling Show. Her firm, Info Plus Accounting PC/CPA, offers bookkeeping and support services to help construction companies do more accurate and timely job costing and run better management reports. Contact Gilson via e-mail, or call her at 734-544-7620. Earlier Articles in this Series - To read, “Protecting Yourself From Fraud: An Introduction,” Part 1 of this series, published Dec. 15, click here.
- To read, "Are You at Risk? Protecting Yourself From Fraud," Part 2 of this series, published Jan. 26, click here.
- To read, "Good Self-Defense Strategies Will Help Protect Your Business From Fraud," Part 3 of this series, published Feb. 9, click here.
- To read, "Lifestyles Can Be Red Flags: Know the Warning Signs of Fraud," Part 4 of this series published March 1, click here.
- To read, "Strange Behavior May Be Tip-Off to Possible Fraud ," Part 5 of this series published April 5, click here.
- To read, "Review Your Accounting Reports to Protect Yourself From Fraud," Part 6 of this series published May 10, click here.
- To read, "Do Your Financial Statements Add Up? If Not, Be Alert to Fraud," Part 7 of this series published June 7, click here.
- To read, "Protecting Yourself From Fraud: Watch for Warnings Signs From Others," Part 8 of this series published July 5, click here.
|
