by Rob Joseph, Director, BeaconCFO Plus
What is one of the most common causes of loss for small companies?
A loss of internal controls.
The Association of Certified Fraud Examiners’ 2022 Report to the Nations found that anti-fraud controls at small businesses (defined as fewer than 100 employees), compared to larger organizations, had notably lower levels of implementation. For example, common controls like external audits of financial statements and a formal code of conduct were in place at only 53 percent of small businesses (compared to 90 percent of larger organizations). They also found that one of the top weaknesses was a lack of business owner review.
This leaves small businesses susceptible to loss due to fraud. The report showed small businesses had the highest median loss—$150,000—compared to a median loss of $138,000 for a larger organization. The monetary figures are similar, but the impact of the loss would be more significant at a smaller organization.
The key to preventing business losses is to have a plan in place to detect and prevent fraud at your company. There are a number of internal controls that address operational and financial risks. Our experienced fractional CFOs can help you put these controls in place within your organization.
1. Separation of Duties
Many small businesses with limited human resources often have a single employee exclusively responsible for multiple tasks in critical processes. The performance of these tasks in larger organizations are generally performed by multiple associates. A greater risk of error or fraud results when multiple tasks are managed by only one person.
Internal controls are enhanced when different people are responsible for authorizing and recording transactions, maintaining custody of related assets, and reconciling accounts. Sometimes employees outside the responsible department for various tasks need to be engaged, with each employee having specific job responsibilities defined in writing. Reassignment of specific duties within a process to other individuals can significantly help to mitigate risks.
2. Policies and Procedures
One of the most effective control tools is to have a well-written policy and procedure manual which helps to align business objectives and establish best practice operating procedures. Regardless of how simple or well known your business processes are, there is value in creating written policies and procedures for both management as well as employees.
The following common processes are important to define and document:
- Sales and accounts receivable
- Cash management and banking
- Purchases and accounts payable
- Payroll and human resources
- Financial statement closing and reporting
Documenting key metrics in these processes provides clear and consistent direction for the tasks to be completed and allows for specific roles to be assigned to associates. Further benefits result when a key employee leaves the company as it will be easier to train new and/or temporary employees with thoroughly documented procedures already in place. Documenting policies and procedures also confirms alignment with management’s expectations.
3. Documentation
Maintaining adequate supporting documentation is part of the foundation for developing an effective internal control framework within an organization. Absent supporting documentation makes it difficult to demonstrate that transactions were completed, procedures performed, and controls in place. Proper documentation can also make it easier to respond to questions from customers, management and auditors. Emphasizing the importance of maintaining proper evidence allows the management team to help reduce risks to customers, employees and the business.
4. Oversight and Review
Small business owners are often so involved in the strategic goals and development of their business that there is not enough time to ensure basic internal control monitoring procedures are in place. Proper oversight is essential to the internal control framework and an important aspect of fraud prevention and detection.
Each business must define the review of key metrics (e.g., sales, expense accounts, cash reports, variance reports, payroll summaries) and other data on a daily/weekly/monthly basis to help identify problems that may exist. Other benefits of knowing the pulse of your business’s performance keeps associates alert to being questioned about daily activities and provides valuable information for key decision making.
5. User Access Rights for Information Systems
Employees are often granted more access to information systems than they actually need to perform their responsibilities. Providing excessive access can expose the business to additional risks that are unknown to management.
Employees should start with limited access to information systems rights only needed to perform functions that are essential to their own work. As their workloads expand, additional access rights may be granted.
User rights should be reviewed at least annually and preferably more frequently to align the business purpose for the access granted to each user. While requiring more time and effort, this approach can enhance the system of controls and security in place.
Our Fractional CFOs Offer Risk Management Solutions
Although small businesses may have limited resources, following these strategies can serve to prevent and detect fraud and mitigate operational and financial risk. A forward-thinking virtual CFO can help guide your business in the right direction and provide protection against fraud and other risks. If a lack of internal controls is a concern for your business, please reach out to our team to schedule a consultation. One of our experienced CFOs will talk to you about your concerns, answer questions, and help you better understand how our outsourced CFO services can be an asset to your organization.