Fraud is pandemic. Online or offline, in your office or in your own home, there are attempts to defraud you of your hard earned money all the time. As an SME owner you may be aware of attempts at fraud in your business with clearly visible signs that something is going on that is not right, but you may also not be aware of attempted fraud and one strategy for preventing financial and emotional losses from fraud is to be aware of the threats and risks that your business faces.
SMEs are at risk from outsider and insider fraud. Screening out unethical potential employees through behavioural interviewing and background checks is a start at preventing fraud, but even good employees can change. Personal circumstances change such as debts and divorce or other misfortunes can beset an employee in your SME causing them to change their behaviour and be at risk of committing fraud. Every attempt at fraud has warning signs that fraud is being planned or ongoing.
A behavioural event is the first sign of fraud and this warning sign can be verbal or non-verbal. One case in Thailand involved a Thai manufacturer on alibaba.com. A European client placed his first order after a few emails back and forward. The deal required a 50% deposit, about 3000 USD, but the bank details for transfer were not in the same name or company name so the buyer walked away. Another case in Malaysia involved a money transfer to a company that did not exist and, after some initial due diligence, the buyer decided not to proceed. In Vietnam a client examined a company’s original records and found that fraud was being conducted by submitting misrepresented documents, including company capacity profiles, when bidding for construction contracts under projects. The company had intentionally changed the date of establishment from 2006 to 2002, and in its bid documents the SME had doubled the value of two contracts and misrepresented the value of another, augmenting it to VND183 billion ($8.06 million). Verbal warning signs of fraud may include tip-off phone calls or people asking too many questions. Recognising signs of fraud from outside or inside your SME business involves being alert to warning signs and training your staff to be alert to them as well.
The motivations of fraudsters are usually financial gain but could also include sabotage by a competitor or even revenge or business jealousy. Motivations are hidden and usually only emerge after a fraud has been committed. How motivated fraudsters are in committing fraud depends on what they have to gain and how likely they are to get away with the fraud without being caught and punished. In order to protect your business from fraud a smart business owner will need to identify the critical infrastructure of her business and its vulnerabilities and then devise strategies how to better protect them. Start by assessing what aspects of your SME are most important to your business. Critical infrastructure could be anything from your private safe to a key employee or even a holiday weekend. One SME in Bangladesh was defrauded on a Friday because that is the weekend day in Bangladesh and no external reports were received on what is a normal working day in other countries. Why not make a list of your businesses critical infrastructure then start to examine their vulnerabilities. Figuring out how to protect your critical infrastructure may be easier than you think. Try assigning a trusted employee to a key area such as your accounts department or set up a 24/7 telephone line that employees or even outside stakeholders can call.
There are known threats and unknown threats to your business. Profiling threats to your business by building up a big picture of who or what could try to defraud you is a first step in preventing fraud. Assessing the risk of these threats to your business from not important to high risk is a second step. Once the warning sign of fraud has been correctly recognised it is essential that effective actions are taken to mitigate and report this fraud. Your personal risk competencies to report fraud or suspected fraud then becomes key to protecting your business. Many employees may be timid or turn a blind eye when they see fraud being committed as they may be afraid of being admonished or being branded as a trouble maker. As a business leader it is your challenge to build confidence in your staff to be proactive and report fraud. Creating clear reporting lines is the final step and building the personal risk competencies of staff can be achieved through a process of awareness training and coaching. One Australian SME hired an information security architect to develop and implement a security awareness programme that would equip its employees with the knowledge they need to make sound security decisions. “I created a security roadmap, and one of the key areas we wanted to focus on was our people,” said the security expert. The goal was creating a risk-aware corporate culture: “It’s about reducing our risk,” explained the expert adding, “Information security now is through the people. We wanted to make them a preventive measure for us.”
Why not start an awareness campaign against fraud in your business. A first step is to establish a Risk Awareness Function in your top management. This function should be visible and approachable to all staff. In the case of suspected fraud in your business, staff should know who to talk to and how to report with confidence. Celebrating honesty in the work place is another strategy that you can use. In one SME business in Indonesia an employee found a large amount of cash lying in the office washroom. When she handed this in to the head of security he informed the CEO and a dinner was held to openly thank the employee for her honest actions. Creating a culture of confidence in honesty, without fear of being admonished, will help your business cope with fraud. Even if your business has not been touched by fraud yet, it is probably a matter of time before an incident occurs.