Is your business protected against fraud?
When Patisserie Valerie went into administration with a £40m black hole in its finances, the company said it was “a direct result of significant fraud”.
And they are not the only business to suffer at the hands of alleged fraudsters. Fraud costs the UK an estimated £190bn per annum, with businesses bearing the brunt of that.
How do you protect yourself and your business, especially when Cifas, the anti-fraud body who produced the Fraudscape report, found that employees play a large part in this. The report reads: “Dishonest action by staff to obtain a benefit by theft or deception was the most common type of internal fraud in 2018, accounting for 46%. The most prevalent form of dishonest action during the year was theft of cash from the employer.
The second most common fraud type was theft of cash from a customer, which rose to 22% in 2018 compared to 17% in 2017.”
Fraud can have a catastrophic effect on a business, especially a smaller business, and here at Jacobs Allen our Chartered Accountants and Chartered Tax Advisors can help you analyse areas of potential risk and mitigate the dangers.
What is fraud?
Fraud is a theft that involves deception, and a fraudster can fly under the radar for months or even years as they quietly manipulate the system.
There are several ways an employee could defraud a company:
- Inventory skimming – where items are taken from stock either for personal use or for resale
- Expenses fraud – one example of this may be falsely claiming for taxis using blank receipts or submitting a meal receipt from a previous event
- Fake invoices – submitting invoices with the name of a supplier, or of a completely fabricated one, but with the fraudster’s own bank details, or those of an accomplice
- Procurement – awarding contracts to a friend or relative, or someone who will ensure you receive a cut of the profits
- Misusing the company credit card – buying personal items with the company card.
By ensuring controls are in place, and that employees are supervised appropriately, you can protect yourself against this type of fraud.
How to reduce the risk of fraud
One of the simplest ways to protect yourself, and your business, is to ensure there is a ‘separation of duties’ which prevents anyone from being able to raise a purchase order, sign off an invoice and authorise payment.
Insisting that second person is always involved in that chain adds a level of scrutiny to the process and should mean that any irregularities are spotted. Empowering staff at all levels to challenge anything that seems out of the ordinary can be your best weapon in detecting fraud, but it means instilling a culture whereby nobody is beyond questioning and senior members of staff have to be prepared to provide evidence when requested to do so.
Documentation is another important consideration; insisting on receipts for each and every expense claimed, invoices for every payment and evidence of any decision concerning contracts will reduce the opportunity an employee has to act in a fraudulent manner.
Finally, careful and constant monitoring of cashflow, frequent account reconciliation and sound financial reporting will give you the best possible chance of spotting anything amiss at the earliest opportunity.
And if you do spot anything untoward then you need to be asking hard questions and demanding to see evidence to uncover the truth.
Internal controls
Cifas claimed that the majority (54%) of cases of fraudulent conduct by employees was detected by internal controls and audit.
Think about your own business, where could an opportunity arise and how could you detect?
In terms of inventory fraud, a regular stock take by an experienced manager or expert freelancer should allow you to detect patterns such as batteries being down but never any larger items, or packaging being discarded.
Expenses fraud can be trickier to detect but an automated system could highlight if additional miles are being claimed for a regular route, or if entries have been duplicated.
At policy level, you can also make it compulsory for expenses to have detailed and specific descriptions – claims for ‘miscellaneous’ should always be eyed with suspicion.
Payments made over the weekend or during holiday periods are a particular red flag. Fake invoices can be detected through separation of duties, while insisting postal addresses, a phone number, and details of any services supplied are included on invoices can make it harder for fraudsters.
You might also consider automatically reviewing invoices over a certain threshold value, which is not only a way of detecting fraud but might also act as a deterrent – and could identify excessive spending, therefore making your business more profitable.
The most important thing is to mitigate the risk of fraud in a systematic way – carry out a risk assessment of your business, talk to senior colleagues about the threats and how to minimise them, and feed policy changes down to all levels so everyone is aware that fraudulent behaviour will be identified.
Threats from outside
Over the past 12 months, cybercriminals have targeted businesses in various ways, leading to concerns about the damage they can do at all levels.
There could be a fairly innocuous email from HMRC, which looks official and even appears to come from a government email address. The email could offer tempting tax rebates, or suggest that your payment is overdue, or that your details need updating on the Government Gateway.
But these sinister scams could be phishing for bank details, or be attempting to infect your business’s computers with spyware, malware or ransomware.
If you have concerns, check the HMRC website for advice before clicking on any links or opening attachments.
Another external threat is that of phoney invoice, sent on spec, in the hope that some businesses are too busy to check details before paying invoices.
Scams like this are best countered through awareness, staff training and IT policies – research the latest scams, discuss them with your team and make sure your system has up-to-date malware and virus protection.