Fraud is expensive, and can ruin a business – Matthew Gardiner looks at the danger areas, examines the case of a trusted employee milking a small business of thousands, and outlines checking systems that can be put in place to protect a business.
All businesses, large and small, run the risk of losing both revenue and reputation through fraud perpetrated by people associated with the business. Fraud can be such a significant cost that it can threaten the very survival of a business.
Statistics suggest the average fraud now costs a business around $250,000, with the annual cost of fraud in Australia estimated at more than $3.5 million. Other statistics suggest smaller businesses bear the brunt of a disproportionately large dollar loss from fraud, when compared with larger business.
Because fraud is a hidden cost, it can be very hard for business owners and managers to identify it, and stop the losses occurring. Any analysis of business results becomes extremely difficult, and other, false reasons for the poor performance of a business may be found, leading to incorrect remedial action ultimately leading to other problems.
Most frauds fall within one of three categories: asset misappropriation, including disbursements, skimming and cash larceny; corruption, being the use of position to obtain an unfair benefit; and financial statement fraud, involving the fraudulent reporting of financial information.
Within this, some examples of fraud that small and medium businesses are vulnerable to include:
Electronic banking: Many businesses now take advantage of the efficiencies offered by electronic banking without making sure the correct systems are in place. For example, paying bills online rather than by cheque may be quicker, but it means there is little or no paper trail, and also that the security check of an authorised signatory is skipped. Anyone with access to your bank details and password could perpetrate fraud against your businesses.
Financial statements: The misreporting of financial results can be difficult to monitor and check, particularly for businesses with a complex accounting and reporting system. Business owners often prefer to leave such matters to those they’ve hired to look after them, but keeping an eye on this is important.
Regulation, such as the Sarbanes Oxley Act in the US, similar legislation in Canada, and our own CLERP 9 in Australia, has been developed to prevent this area of fraud.
Preventing Fraud
All businesses should have in place a risk management plan to prevent fraud, or at least minimise the risk of it taking place. The cost of investigating fraud once it is found, together with the losses that can’t be recovered, in most cases far outweighs the cost of a prevention system.
An important step is understanding the nature and extent of fraud, including how fraud can be perpetrated and how to identify it. By focusing on fraud risk, business owners and managers are able to better consider how exposed the business is to fraud. One benefit of this approach is that it stimulates a more ‘fraud aware’ culture across the organisation, letting employees know the organisation is aware of fraud and is taking steps to prevent it. Reducing opportunities, enhancing accountability, improving detection and deterrence, all help to fraud-proof the business.
Major prevention initiatives include:
Recognition: Identifying fraud as a business risk, and putting in place systems to manage this risk, should help reduce the level of fraud. Simply communicating to staff that such systems are in place will help.
Tone at the top: The culture in an organisation can play an important role. Those in charge should set the example and make sure it is known that fraud, or any other illegal behaviour, will be immediately prosecuted.
Whistleblower mechanisms: A number of frauds are only uncovered because of a tip-off from someone in the organisation. In many cases, people within the business know that fraud is taking place but aren’t sure how to report it, whether to take it seriously, or even whether the activity is fraudulent or not. It’s therefore worthwhile setting up a process for people to report fraud or suspected fraud, and have protection. By defining and communicating what fraud is, organisations can make their employees aware of what is acceptable behaviour.
Other simple tactics for making it harder to perpetrate fraud include putting in place security measures such as passwords on computers and locks on cupboards; keeping records and financial information in a secure location; shredding any sensitive documents before discarding; checking the details of any potential staff, for example credit ratings or police records; and separating duties so one person isn’t responsible for all financial activities.
Tax Deductions
In some situations, the monetary losses resulting from fraud are tax deductible, provided there is a connection with income-producing activity or a business and the money is included in assessable income.
Situations where tax deductions have been allowed include loss of business profits as a result of theft by an employee and loss of investment earnings as a result of theft by an agent, theft of cash takings by persons unknown from the business premises prior to banking, and loss of cash takings as a result of theft while on the way to the bank. There are also expenses (such as accounting fees) relating to the fraud or theft where they can be regarded as management of tax affairs or satisfying regulatory requirements.
But there are also exceptions where tax deductions have not been available. These include loss of money given to an investment broker for purchasing shares, where the money was misappropriated by the broker and the shares never purchased; loss of business takings misappropriated by a sole trader’s spouse, where the spouse was not acting as an employee or agent of the taxpayer; and legal and investigation fees incurred by a partnership, relating to misappropriation of funds by one of the partners.
In general, whether a tax deduction will be allowed depends on whether the loss or expense was an ordinary incident of the taxpayer’s business or income-producing activity, whether the theft or fraud was undertaken by an employee or agent of the taxpayer, or whether the money lost had been included in the taxpayer’s assessable income.
However, business owners and managers should always keep in mind that the cost of preventing fraud by putting in place a few simple systems to reduce the possibility of fraud is significantly lower than that of trying to claim money back once it has taken place.
Fraud Case Study
Most frauds take place over a long period of time, by someone trusted, with small amounts involved that aren’t readily missed. This was the case with Smith Recruitment Agency, a business owned by Jack Smith and his wife Jill†.
While the business was in start-up phase, Jack looked after the invoicing and Jill managed the accounts but the business grew rapidly, employing 12 people. As part of the expansion, Peter was hired to take over the financial systems and thus free Jack and Jill to do business development work.
At first, Jack still kept an eye on the accounts but over time, as he became busier, he grew less involved and ended up simply signing the cheques that Peter put in front of him.
The consultants developed their own invoices for the work they undertook on behalf of clients, but Peter received and banked the cheques, looked after the BAS and tax, controlled the debtors register, and paid the wages and other bills. He was one of the most reliable members of staff, never sick and rarely taking holidays.
This continued for several years, and Jack sometimes confided in Jill that he felt they were on a treadmill, needing to develop more and more income without ever achieving the profit he thought they should. But this was the only niggle
in what was a profitable and solid business.
The first sign of a problem was when a new auditor came to look at the books, following the retirement of the old auditor. She was young and enthusiastic, and wanted to understand everything on the balance sheet.
She noticed a few problems in the accounts but at first thought that Peter had made some mistakes, as the sums involved weren’t large. But she soon realised that the ‘mistakes’ were happening at regular intervals, that they had been happening for a long time, and they were the same type of ‘mistakes’ over and over again.
What she discovered was that Peter had been altering the cheques coming in from customers, banking them to his own account and creating a paper trail by generating credit notes on the accounts receivable so both the customer and the company were none the wiser.
The auditor was concerned that such a high level of credit notes had never gone through the accounts, although Peter had explained them away as needing to be cancelled.
The auditor uncovered another fraud: Peter was double-paying some suppliers. He processed some invoices twice at different times, convincing Jack to make cheques out to cash on the basis that it was part of a deal he’d made with the supplier.
When Peter was confronted, he admitted to everything but refused to accept that what he had done constituted fraud. He believed that he had ‘only’ taken a few hundred dollars here and there (although the true sum actually came to hundreds of thousands of dollars over a five-year period) and he offered to pay the money back if it was all forgotten.
But the auditor convinced Jack he had a wider responsibility to ensure that this type of practice was punished. After all, Jack’s annual profit had been reduced on average by $20,000 a year and he had been struggling to get new business just to put money in Peter’s hands.
Jack reported Peter to the police and Peter was charged and jailed for fraud.
Just as importantly, the auditor convinced Jack to put in place a number of checks to help make sure it couldn’t happen again. These included:
- • going through the accounts at the end of every month to make sure incomings and outgoings matched;
- • undertaking unannounced random checks on matching cheques paid with the paperwork;
- • all cheques paid requiring two signatories;
- • drawing up a ‘fraud management policy’ so all staff understand what constitutes fraud and how it will be dealt with;
- • locking chequebooks and other financial information in a safe at all times when not being used;
- • keeping passwords on systems totally private and changing them regularly—particularly passwords required to access the business’s bank account;
- • using stamps such as ‘received’ and ‘paid’ on all relevant documents to ensure they couldn’t be duplicated.
* Matthew Gardiner is a partner with accountants and business and financial advisers, HLB Mann Judd Sydney.
† All names have been changed to protect privacy.