So here’s a scary statistic: For small businesses with fewer than 100 employees, the average
damage from employee fraud tallies up to $200,000. The numbers are actually lower for large businesses…why? Because large businesses put systems in place to prevent fraud or mitigate the damage when it happens.
This week Sandy Sullivan, CFE, Senior Vice President/Fraud Management for Frost Bank spoke to the Meetup group of Austin Business Owners I sponsor. She pointed out that large companies are less likely to hire the same person to do three different jobs without backups or auditing capabilities. One of the most common types of fraud, for example, happens when you have the same person writing checks, handling bank deposits and reconciling the accounts. When a business sets up a system like that, it creates an opportunity to steal and all the person needs is an incentive. Sadly, incentive to steal isn’t hard to come by. Sometimes, all the employee has to do is convince himself you’re not paying him enough or you take too many vacations and leave too much work for him, and suddenly stealing seems like a reasonable rationalization.
Another common fraud perpetrated against small businesses happens when somebody is in charge of all the payroll functions. It’s too easy to create fake employees and timesheets and funnel that “pay” into an account you set up. Or, when an employee is terminated, the payroll administrator can keep generating timesheets and redirect the ex-employee’s “income” into a personal account.
But employees can get creative with their fraud. Sullivan talked about a scenario in which an employee was responsible for dealing with all the finances and collecting the mail. The company got loads of offers for new credit cards. On the company’s behalf, she applied for all the cards, racking them up with personal purchases. Since she received the statements, she was able to pay the bills and reconcile the books as she pleased.
What’s even scarier is that when you create a system without checks and balances, you can wind up putting your customers in jeopardy. If someone in your company uses your customers’ personal information to steal from them—and you haven’t created a system to prevent that from happening—you can be an accessory to the crime.
So what can you do to protect yourself? First, as I mentioned in a recent blog, create a culture of ethics. If you’ve got a bakery and it’s customary for employees to “break” a few cookies as they’re working—so they can eat them—you’ve got a culture that invites larger thefts.
Secondly, make sure you’ve got checks and balances systems and that everybody knows what the cost of ignoring that is. One retailer had a rule that only managers could approve returns. The manager didn’t want to be always running downstairs to approve them, so she gave carte blanche for employees to approve them. Seven thousand dollars of false merchandise returns later, both the thieving employee and the manager were fired.
Thirdly, nobody wants to go through the hassle and emotional drain of prosecuting an employee who has stolen from you. But do it anyway. Many businesses are ripped off by people who have drifted from company to company, stealing and never being reported to the authorities. If you got ripped off, chances are that if the person’s previous employer had reported his behavior, you would have been protected. A background check would have revealed it. Don’t pass this person on to another business. And consider this: By not prosecuting the person you’re signaling to other employees it’s safe to steal from you.
It would be great if you could just trust your people radar. Bottom line is, you can’t. So protect yourself with systems that not only protect you, your business and your customers, but also help avoid temptation for the people who are better off without it.