Small businesses have big challenge with internal controls
Small businesses face particular difficulties in creating effective internal controls that will minimize the possibility of fraud – and maximize the chance of detecting fraud before serious damage is done.
Small businesses – defined as having fewer than 100 employees – were the most victimized of any size business, according the 2014 report of the Association of Certified Fraud Examiners. Nearly 29 percent of all reported fraud cases in its study were small businesses, followed by businesses with between 1,000 and 10,000 employees at 28 percent.
The average loss was also high for small businesses – a median $154,000 per case, second only to the largest businesses of more than 10,000 employees, which had a median loss of $160,000 per case.
Internal control measures taken by large organizations don’t always work for small businesses. However, small business owners who are diligent can protect themselves from becoming the victims of theft.
One of the hallmarks of an effective internal control system is the segregation of duties within a company’s accounting or bookkeeping department. But for many small businesses, the bookkeeper is the accounting department. In many cases, it is simply not possible to split the various accounting functions among different people.
Thus, the kind of internal control structures recommended to thwart fraudulent schemes are simply not feasible or cost-effective for many small businesses.
Moreover, while many small business owners have a long relationship with their outside accountants, they may not realize that their accountant can assist them with more than just their taxes.
The small business owner may be unaware of the many simple and feasible steps that can be taken to minimize the opportunities for employee fraud.
In very small businesses, where there is no accounting function beyond a lone bookkeeper, the business owner must become the first line of defense, no matter how much trust he or she may have in the bookkeeper.
This requires that the business owners sign checks themselves or authorize payments by other methods. An easy deterrent is to have the business owner receive the bank statement directly, unopened, and review the cancelled checks and activity.
Where electronic access to the business’s bank accounts is available (and such access should be tightly restricted within the company), the owner should access the account online a few times each month to see whether there have been unusual or unexplained expenditures.
The owner should also be sure to require invoices or other back-up to support any payments for which approval is requested – and to be diligent about reviewing the backup and asking questions. The business owner truly is his or her own first line of defense when it comes to fraud prevention.
If the business is large enough to have more than one person involved in bookkeeping and accounting, then the various functions within the group should be rotated from time to time. This will serve notice on employees that any fraudulent conduct may soon be detected by a different set of eyes looking at the company’s checkbook or other accounting records.
It is also important to assure that bookkeepers take vacations and that another employee or the owner assumes responsibility for the bookkeeping tasks. This also serves as a deterrent to fraud and helps increase the chances that any theft will be detected before too much time passes.
The relationship between the business owner and his or her accountant can also be a key element in preventing and detecting fraud.
It is important for the business owner to understand precisely what services the accountant is providing and can provide. The owner should meet periodically with the accountant to discuss any changes in services that might be advisable because of changes in the nature or size of the business.
Many levels of financial statement services are not expressly designed to detect fraud so, in far too many cases, the accountant-client relationship is not documented by an up-to-date engagement letter that specifies both the extent and the limitations of the services provided by the accountant. This creates a great deal of room for misunderstanding, which can be detrimental to both parties.
An engagement letter – regardless of the extent of the accountant’s services – helps avoid dangerous misunderstandings by specifying the nature and limitations of the accountant’s services.
Keeping the letter current also enables the business owner to determine whether the cost of additional services may help minimize the danger and cost of potential employee fraud. While even a financial statement audit may not always detect a collusive scheme, accountants can help the business owner design and implement policies and procedures that will minimize the chances that a fraudulent scheme will go undetected.
For additional information or guidance related to this article, contact Allison Steiner at asteiner@vlcpa.com or 800.887.0437.
