Business fraud is a scary term, and nobody thinks it can happen to them. Business fraud can be committed by employees, or can be committed against the business as a whole. In either case, this is a serious issue and it is crucial that business owners be aware and mindful of types of fraud in business.
Different Types of Fraud in Business
Payroll fraud occurs when an employee uses the payroll system to steal money. In most cases, it occurs via the regular payroll stream of the business cycle. Common instances of payroll fraud include:
- Payroll payments to fake employees or ex-employees
- Payroll payments to current employees which are in excess of their routine pay, by way of inappropriately increasing hourly rates, or submitting fake timesheets for hours not worked.
- Issuing bonuses that are not authorized by management/ownership.
Avoid payroll fraud by:
- Separating the duty of processing payroll and having someone else review the payroll prior to payment.
- Outsource your payroll to a third party.
- Use software to process your payroll in-house and perform non-routine reviews the hourly rates and employees listed as active.
Inventory fraud occurs when the inventory system is used to steal physical inventory. In most cases it occurs when policies around inventory management are not implemented. Common instances of inventory fraud include:
- Inventory being removed from the business site without authorization – for personal use or resale.
- Fake/ forged inventory purchase orders are produced and submitted for payment.
Avoid inventory fraud by:
- Implementing inventory controls around such as secure storage, inventory counts and using work orders to justify the use of inventory.
- Implement controls to approve submission and payment of all purchase orders which includes approval before ordering and before payment.
Cash skimming occurs when cash and company funds are deliberately stolen from an employer. In most cases it occurs in businesses with a lot of cash payments or fundraisers, and when employees have access to incoming cash payments and online bank accounts. Common instances of cash skimming include:
- Stealing cash from the company out of petty cash funds, cash sales, fundraisers or other time cash is changing hands. The cash never reaches the company’s bank account.
- Unauthorized online transfers from company bank accounts.
Avoid cash skimming by:
- Implement controls surrounding handling of cash transactions.
- Compare inventory changes to sales reports.
- Implement controls over online banking access and set up notifications for transactions.
Credit card and expense reimbursement fraud
Credit card and expense reimbursement fraud is one of the most common types of business fraud and occurs when company credit cards or expense reimbursement processes are abused. It frequently occurs when companies hand out company credit cards for upfront purchases. Common types of credit card and expense reimbursement fraud include:
- Use of credit cards to pay for expenses that are not considered business expenses.
- Submitting for reimbursement for expenses that are not actual business expenses.
Avoid credit card and expense reimbursement fraud by:
- Limit credit cards being issued to employees and implement policies for use and review of all purchases.
- Review expense reimbursement requests closely.
Phishing and Business Email Compromise
Phishing and business email compromise is a type of fraud that happens to the business and does not occur by employees. It frequently occurs while performing online activities whether it be visiting websites or receipt of email. It can also occur by text or phone call. It almost always occurs with a sense of urgency in the messaging and appears to come from a legitimate source (ie: current coworker or client). Common types of phishing and business email compromise include:
- Receipt of email which contains a request to send funds to a specified vendor.
- Receipt of email which urgently instructs the recipient to send sensitive information.
- Hacking of a company system to change e-transfer instructions for future customer payments.
- Receipt of email to trick you into clicking a malicious link via threat that you must update software, update personal HR information with the company or fill in company surveys.
Avoid becoming a victim to phishing and business email compromise by:
- Appropriately training your staff on email safety and awareness
- Backup your software information and upgrade your software updates and virus control.
- Reduce personal and business information posted online to various websites.
- Use an email filter to pre-scan incoming emails.
- Implement multi-factor authentication on all systems.
When is the last time you revised you company’s internal controls and segregation of duties? Are they current enough to withstand the tests of current fraud and malicious activities? Fraud is a topic that nobody likes to talk about, and nobody thinks their business could become a victim of fraud.
At Accent, we can help businesses with the review and implementation of internal controls and safeguards to avoid these common types of fraud. If you would like to know more, please contact our office for trusted advice and personal service.