View PDF

Over the last year, it has become almost impossible to open a newspaper or business journal without seeing some mention of fraud. The recent scandals and fraud schemes that have headlined our newspapers have led executives and investors to the realization that internal fraud committed by management or employees can severely damage a company and even result in the collapse of major corporations. In an effort to boost investor confidence and improve corporate governance within organizations, the U.S. enacted the Sarbanes- Oxley Act of 2002 (the "Act"), mandating provisions aimed at strengthening corporate accountability and governance and affecting the fiduciary responsibility of both officers and directors of public companies. As directed in Section 404 of the Act, the Securities and Exchange Commission is requiring the management of public companies to report on the internal controls of their organization in their annual reports.

What does this mean for privately held companies and small businesses? First, even though the new regulations do not apply to non-public companies, privately held companies interested in going public or selling their holdings to a public company will have to conform to the new legislation. For example, many small and privately held businesses have loans to officers. The Act specifically prohibits any personal loans to or for any director or executive officers. These loans would have to be repaid before any initial public offering.

Second, officers, directors and investors have become more aware of the significant impact fraud can have on an entity. Good corporate governance within an organization may make a company more attractive to potential buyers, investors and other capital sources.

Finally, the risk of fraud, and the costs associated with it, exist in all organizations, not just public companies. According to a 2002 study by the Association of Certified Fraud Examiners ("ACFE"), fraud cost U.S. businesses $600 billion in 2001, equating to 6% of an organization's revenue. The study also showed that small businesses tend to be the most vulnerable to fraud; on average, small businesses lost $127,500 per fraud scheme compared to an average of $97,000 for the larger businesses.

The existence of fewer checks and balances in small business is a primary reason they suffer greater losses. The small number of employees leads to a lack of segregation of duties, basic accounting controls and a greater level of trust among owners and co-workers.

New, fast growing businesses are also at high risk for employee theft due to the lack of established policies and procedures. The result is weak controls and many opportunities for fraud to occur.

What are the risks and how can they be minimized?

Types of Fraud
There are three major types of fraud: asset misappropriation, corruption and financial statement fraud. The fraud schemes we have heard so much about over the last year at Enron, WorldCom and Tyco have all been cases of financial statement fraud. This type of fraud is the most costly per scheme, but it is the least common, occurring only 5% of the time, according to the ACFE. The study further showed that the most common type of fraud is asset misappropriation, occurring 86% of the time.

Asset misappropriation is the greatest threat to small businesses. It is defined as the theft or misuse of an organization's assets by management or an employee, which is most often the theft or embezzlement of cash. This can include skimming revenue before it is recorded on the books, stealing cash receipts, stealing inventory, payroll fraud and fraudulent disbursements.

Why Do Employees Steal?
Most experts support a theory called the fraud triangle. This theory states that in order for fraud to occur, three elements must exist. First, there must be a need by the employee. This could be a financial need from living beyond one's means, a vice (gambling problem, alcohol or drugs), or an unexpected crisis or event. Second, there must be an opportunity to commit fraud, usually due to lack of internal controls within an organization. Lastly, the fraudster must be able to rationalize committing the fraud, such as believing that the funds are only being borrowed, or that the employee is underpaid, therefore the embezzled funds represent part of the employee's salary. These employees believe that they can successfully perpetrate the fraud without being discovered.

Types of Employees
Employees can be placed into three major categories. The first category is your "generally honest" employee who has no intention of stealing from your organization, but will if the opportunity arises and there is a need for financial resources. This individual is your first-time offender who is the typical perpetrator of fraud. The thought of getting caught and possibly going to jail is incomprehensible for these employees. For this reason, the mere perception that a fraud scheme may be detected can many times prevent fraud from occurring. The second category is the "professional" fraudster who enters your organization with the intent to commit fraud and is always looking for opportunities. The "professional" fraudster does not fit the fraud triangle model discussed earlier. This individual does not need to rationalize his/her actions. Professional fraudsters seek out organizations with weak controls. By implementing strong control policies, a company can deter these professionals from ever entering their organization. The last category is the "honest" employee who would never steal from the organization.

Almost all victims of fraud make the mistake of believing that their longtime employees all fall into the last category of the "honest" employee and that it would never happen to them. The most likely person to commit fraud in your organization is the long-time trusted employee. This employee has been with the company long enough to develop relationships with vendors, to gain the trust of the business owners and other co-workers and to understand the weaknesses in the company's internal control structure.

Minimizing the Risk
By instituting strong internal controls in an organization, a business owner can minimize the opportunities to commit fraud. This will not only prevent the "generally honest" employees from committing fraud, but can also deter "professional" fraudsters from targeting your organization. In addition to strengthening internal controls, business owners need to set the tone within an organization and develop a climate that is hostile to fraud.

One of the requirements of the Sarbanes-Oxley Act is that all public companies implement a fraud hotline. All organizations, small, large and privately held, should have a fraud hotline. In the study by the ACFE it was found that the most common method for detecting fraud was through a tip from an employee, vendor or customer. By setting up a fraud hotline, organizations can cut their fraud losses by approximately 50% per scheme.

Until now, fraud has been one of the largest unmanaged costs to business owners. However, the recent events of Enron and Worldcom have led business owners to recognize the high cost of fraud and to take action to protect their organizations. This is reflected in a survey sponsored by Robert Half Management Resources that shows that 58% of private companies in the United States are evaluating their internal controls and instituting new practices. Of the CFOs surveyed who are implementing changes: 44% said they were reviewing or changing current accounting procedures, 36% were creating or expanding the internal audit function and 23% were hiring an independent firm for consulting work.