Protecting your company from fraud has become time consuming and expensive for businesses. Most fraudulent activity can be caught by putting effective internal processes and procedures in place to minimize the chances for illegal behavior. Another important source of protection is your own employees.
If you want your people to detect and prevent fraud, they must first know what to look for, and then what to do about it. (Keep in mind this article will focus on preventing fraud, not on preventing theft.)
Let’s start with the basics: training
Train your employees so they understand company policies and procedures. Employee fraud can take place in many ways, but by far the most common involves accounting, accounts payable, and payroll functions. Employees who submit expenses reports are also prime sources of fraud, especially if your internal controls are weak. Make sure your people know and follow all rules and guidelines. Also, make sure they understand the repercussions of committing a fraud, including the possibility of criminal prosecution.
After an internal company review, put the following processes in place and train employees to follow these processes. Internal training should include:
- Create separate duties with checks and balances built in. Require multiple approvals for expenditures. Have multiple employees keep the books, handle payroll, make deposits, and reconcile bank statements.
- Cross-train employees to perform basic financial functions. Relying on one person to handle a financial process makes it easier for that person to commit fraud.
- Train employees to perform basic internal audits – outside of their normal work area. Oversight is a great deterrent.
Training for external sources of fraud, including identity theft
This type of training is not only good for protecting your business and your customers, but creating procedures to stop identity theft is the law. Visit the Federal Trade Commission’s website and view their article Fighting Identity Theft with the Red Flags Rule: A How-To Guide for Business for information on complying with the law.
Teach employees to watch for the following
- New account fraud – setting up accounts based on stolen identity or personal information
- Credit card fraud – using credit cards without authorization
- Check fraud – using checks without authorization, or using fake checks
- Phishing – fraudulent attempts to get personal or company information that can be used to perpetrate identity theft
- Identity theft – using another individual’s personal or financial information without his or her consent
- Invoicing for products or services that were never provided
- Invoicing for over-utilization of services (i.e. billing for unneeded services; the services were performed but were not needed or requested)
The key to providing effective training is to first determine what policies and procedures you wish to put in place. If you run a retail operation and you wish to prevent identity theft, for example, you may decide employees should verify two forms of identification before accepting checks or credit cards. If that is your policy, train your employees and monitor that they, in fact, consistently follow the policy. The same is true for internal controls; if you decide one employee should verify the accuracy of incoming shipments at the receiving dock, and another employee should double-check the accuracy of items received before placing them into inventory, train employees appropriately and then check periodically to make sure your policies are being followed.
Then establish set procedures for what employees should do if they suspect internal or external fraud. Your procedures for handling external fraud can be straightforward and should not require significant judgment on the part of the employee. For example, if a cashier suspects that a customer is attempting to use a stolen credit card, they should immediately notify a member of management before proceeding further.
With internal fraud, the actions taken may not be so clear-cut. Many employees will hesitate to accuse others of illegal or unethical behavior; create a climate of trust by establishing a confidential way for employees to share their concerns. Confidentiality protects the whistle-blower and the alleged perpetrator; if the accusations are unfounded, no one needs to know there were ever suspicions in the first place.
Protecting your business from fraud is critical in today’s world where the use of digital technology and connections to the internet have increased opportunities for crooks. You will have to invest in various security measures, but don’t forget that training your employees and creating a culture of awareness is an important step in your security efforts.