How Hiring an outsourced CFO Can Stop Internal Fraud

Author: Larry Chester, President

How Does Corporate Fraud Happen? 

Today, corporate fraud happens all too often. Within small to medium-sized businesses, fraud is particularly common. In fact, businesses with fewer than 100 employees experience roughly double the rate of internal fraud than larger companies.

Internal fraud can regularly be traced back to loose policies around oversight, financial processes, and payment protocols.

Small and midsize businesses (SMBs) can open themselves up to fraud vulnerability when their internal checks and balances are not strictly adhered to. According to the Journal of Accountancy 2018, “in small businesses, there is a 29% chance that the owner or an executive is the one who will commit fraud.”

A combination of overstretched resources, lack of oversight, and misplaced trust create the perfect environment for fraud in SMBs. 

Incremental Acts of Fraud

Internal fraud can act as a gateway to other forms of corporate fraud. Because of the insidious nature of fraud, it’s important to set a tone of professionalism and establish an environment of oversight. If employees sense that the Accounts Payable (AP) team is harried and barely scraping by, it can be tempting to test the waters on an expense report.

Reliance Upon Outside Audits 

It can be tempting to rely upon an annual audit to catch fraud.

An annual review, however, can reveal 12 full months of losses that may or may not be recoverable. At CFO Simplified, we know what internal controls to look for in a company to identify areas of potential, or in the worst-case current fraud, and stop it in its tracks.

When a company brings in a fractional CFO, the new eyes can reveal opportunities for growth and vulnerabilities that went previously undetected. 

Having a CFO at the helm, especially a new one who is looking critically at all transactions and processes, plays an important role in making sure that every financial transaction will be highly scrutinized. 

Processes and controls are integral to preventing fraud. Weaknesses in internal controls account for nearly half of all corporate fraud schemes. Many company owners allow for executives and stakeholders, for example, to sign their own checks (those made out to themselves).  This loose oversight and lack of correct financial processes is the kind of environment that can leave the door open to abuse and fraud. 

Strategies to Control Internal Fraud

Basic controls every business should have in place to prevent expense fraud include:

Strict Payment Protocols

Small businesses can often operate without formal processes, but as the company grows, this can become problematic.

Every business should establish a payment policy that ensures that no executive or employee signs a check made out to them.  That no payment is authorized by email and that there are clear protocols for authorizing payroll changes any electronic payments or other payment types.

Corporate Cards

While it may seem counterintuitive to give employees access to credit, having visibility is often worth it. Your AP team can review all transactions and statements, which offers much more insight than self-reported transactions from employees’ personal cards or cash expenses.

Corporate cards also allow companies to set credit limits, forcing employees to communicate formal requests when they need access to more funds.

Email and phone protocols, codes, and safeguards

One of the ways in which fraud is allowed into an organization from the outside is through email fraud.  Phishing schemes are more sophisticated than the days of the Sudanese prince who asks for your routing number.  We have seen cases of 5:15 PM Friday emails requesting immediate emergency sign-off on a payroll change that were, in fact, phishing schemes.  

Set clear protocols that a cell phone call from a recognized number must be made to ensure that the real CEO is in fact requesting a special change and make sure to never, ever make an exception. 

Have Your Bookkeeper Take a Vacation

In fact, make everyone take a vacation.

If an employee or officer of the company refuses to go on a vacation, look very closely at their access to money and their oversight. There are countless stories of employees who never left their desks only later for the employer to discover it was not diligence that kept them so late at their desk and “forced” them to give up vacations,  but a means of covering  their own frauds.

As you and your team plan for the future of your company, consider the controls you have in place, the structure of your reporting, and the security you are currently using to keep your data and employees safe.

Are you worried about your business’s data security going forward into 2022? Read more about The Data Security Two-Step— Technology and People on our blog now.