Fraud Prevention: 7 Acts of Internal Control for Small Businesses
Fraud does not discriminate. Organizations of all types, sizes, and location have always faced fraud. According to a report published by ACFE 2018, private companies in Asia-Pacific suffered the most considerable median loss at USD 310,000 because of occupational fraud.
In the report, it was also found that while the smallest and largest organizations had equally significant median losses, small organizations were likely to be more significantly impacted by such loss compared to their larger counterparts.
In Indonesia, according to law No. 20 of 2008 on Micro, Small and Medium Enterprises, small organization or business is a stand-alone productive economic enterprise committed by an individual or business entity that have net assets of more than Rp.50.000.000,- (fifty million rupiah) up to Rp. 500.000.000 (five hundred million rupiahs), not including the land and the building for business.
There are some prevalent characteristics in small businesses that make them vulnerable to fraud, one of which is that businesses often blindly trust their employees. According to the ACFE’s 2016 data, 30% of fraud incidents were committed by employees or non-owners. The characteristic leads the companies to have a lack of internal control that gives opportunity for employees to exploit the weaknesses they know. According to The University of Iowa, internal controls are policies or procedures that are put in place to safeguard an asset, provide reliable financial information, promote efficient and effective operations, and ensure policy compliance.
Beside the characteristic of ‘blind trust’, providing adequate and proper internal controls can be very challenging for small businesses due to limited resources in operation. However, having a minimum set of internal controls is better than having none. The more internal controls are implemented, the less the chance for companies being exposed to fraud risks will be. There are seven basic acts of internal control that can be implemented by small businesses:
1. Limit access. Physical assets of small businesses are often far too accessible. Therefore, make sure you give access to a safe-deposit box, cash, customer database, and other assets only to a person whose job is related to the assets.
2. Organize the division of labor. Having more than one person to be in charge of one task is challenging for small companies due to the limited number of employees. However, your companies can still implement such internal control for particular transaction or every major decision. For instance, in purchasing a large number of goods or refunds, your companies can require two signatures as transaction requirement.
3. Set up CCTV
4. Create pre-numbering receipts.
5. Collect cash and receipts every day
6. Have regular reconciliation of bank statement
7. Know who you hire. Make sure you know who your job candidates are by conducting background check.
While implementing such acts of internal control, it is highly recommended that you, as an owner or a co-owner, set a good tone from the top, which is basically behavioral examples that leaders set for their employees to follow. An example of a good tone from the top is being transparent in communication about every update on things going on in a company. Under such culture, employees are unlikely to think that secrecy is acceptable.