Nearly 1 in 5 small businesses have been defrauded by an employee at some point during their trading history, causing signifincant loss and in some cases have destroyed a business. It is those on the inside of your business who can often do the most damage, due to their access to your key assets and familiarity with your processes (and how they might be bypassed).
Your employees represent your company’s values and give it an identity. Their ethics and behaviours are a big part of your reputation, so you need them to be honest and professional to protect your name as well as your revenue. Unfortunately, some people are able to abuse trust and take advantage of their employers, seeing an exploitation opportunity as well as an employment opportunity.
To stop your business being attacked from the inside, you need to make sure you really know your employees and the threats they can bring.
Internal threats can come in many forms - they can include one of your employees submitting false travel and subsistence claims, misusing the company credit card, or colluding with suppliers to manipulate contracts and falsify invoices. In fact, a rogue employee could target any of your assets if they see an opportunity and are motivated to act fraudulently.
It’s not just the intentional actions of your employees that could put your business at risk. A lack of awareness from your staff in areas such as information security, for example, could allow others to commit fraud against your customers (the Information Commissioner’s Office suggest that 80% of all data breaches involve staff in some way).
Click on the links below for more information on specific types of employee fraud
- Procurement fraud
- Travel and subsistence fraud
- Personnel management
- Exploiting assets and information
- Payment Fraud
- Receipt Fraud
- False Accounting
There are simple things you can do to begin to protect yourself from threats within your business. It’s not about distrusting your staff; instead just make sure you really know them.
One of the simplest things you can do to reduce the chances of internal fraud is to make sure you know who you are employing in the first place. Always ask for at least two independent references when taking on new staff and verify their personal information and background wherever possible. Be thorough and keep chasing these references – however long it takes is time well spent. More detailed information on what you can do when employing staff is provided by the Fraud Advisory Panel.
Anti-fraud policy statements
Setting the tone from the top is crucial in deterring employee fraud, and adopting an anti-fraud policy statement is one way of communicating a strong fraud prevention message to your staff. Such a statement provides clear guidelines for preventing, detecting and dealing with fraud, and can help to establish a zero tolerance culture to emphasise that fraud is completely unacceptable. The Fraud Advisory Panel has produced useful guidance on what this should include, in addition to a template policy that you can adapt and adopt for your business.
It’s good management practice to monitor your employees’ performance and understand what makes them tick, but this routine procedure can also unearth internal threats to your business. Fraudsters’ behaviours can often betray their crimes, so it’s a good idea to keep an eye out for members of staff who are acting out of character. This can include things like a sudden change of lifestyle or unexplained wealth, reluctance to take a holiday or promotion, or being scornful of systems and controls.
More often than not there are simple explanations for these behaviours, but it is sensible managerial practice to be alert to the possibility that those acting out of character could be up to no good. Remember, even long-serving employees could be tempted to commit fraud under certain circumstances, so it is equally as important to watch out for any strange behaviour in those you think you know well.
Processes and controls
To understand where you may be targeted by an internal fraudster, it’s important to first know where your valuable assets are. Once you’ve identified them, you’ll need to think about how to reduce the chances of those assets being defrauded or stolen by rogue employees, and then build controls into your routine business processes. Ways of doing this will vary depending on the business and asset, but will include things like managerial oversight of finance processes, ensuring that one person cannot transfer high value assets by themselves or without sign-off, regular checks and audits of your assets, and restricting access to key assets to only those who need to use them.
Further detailed advice on how to manage and mitigate the risk of staff fraud is available from the Chartered Institute of Personnel & Development (produced in association with CIFAS)