Business fraud can do massive damage to a SME, not only financially but also to its reputation. It can be defined as a knowing and wilful act of dishonesty by a perpetrator designed to bring them some benefit, usually financial.
Perpetrators can be customers, suppliers, employees, contractors and, of course, the various email and internet-based attempts to extract money or information, such as its database of customers, from a company by activities generally known as phishing and hacking.
What is the Fraud Triangle?
The Cressey Fraud Triangle was devised by American criminologist Donald Cressey and explained the three factors that need to be present to make a business vulnerable to fraud: Opportunity, Pressure and Rationalisation.
Opportunity is about weaknesses in your business processes that lead a potential fraudster to believe there is a low risk of being caught.
Pressure can come from such things as a financial or emotional source, such as debt, a gambling habit, addictions, or overwhelming bills, or perhaps a sense of injustice in the perpetrator, such as an employee who does not believe they are treated fairly.
Rationalisation is about the perpetrator finding justifications for their fraudulent behaviour such as “just borrowing” money or items for a short time, or that it is acceptable to take money from a big corporation.
Use the Fraud Triangle to protect your SME from business fraud
You can use the Fraud Triangle as a tool to establish whether, and where, your SME may be vulnerable to business fraud and to then establish protocols to minimise the risk.
The elements needed for your business to minimise the risk of business fraud are not only about personal behaviour but also about separating various functions – who is responsible for carrying out various elements of the business process. It is not uncommon in a small business for people to have to multi-task, but wherever possible tasks should be separated and assigned to different people and especially those that relate to money.
For example, having a single person responsible for administration, book keeping, order processing and invoicing, or to have the same person responsible for managing accounts payable and accounts receivable will make your business vulnerable to fraud.
A business fraud protocol is also about defining expectations for excellent record keeping and checking mechanisms and making it clear that should be actually acted upon, not simply written down somewhere.
Once clear guidelines are set about how people are expected to behave and are provided in writing to everyone in the business, you should also require a written signature to ensure they have been read, understood and accepted.
If a fraud is subsequently identified the perpetrator will not be able to rely on the defence that they were not informed that such action was a problem.
You should be alert to any “alarm bells”, such as a change in a person’s behaviour where they have otherwise seemed to be reliable. This can include misplacing files, regularly working late, paying undue attention to a specific customer, never taking holidays or owed time off and refusing help with projects.
You should also have a system of checks in place, this isn’t about reconciling the pennies but monitoring and regularly checking cash payments and receipts, purchase orders, invoices, discounts, credit notes and write-offs, and using ratios to track margins and trends.
Having a business fraud protocol is not enough on its own. You should also build regular scrutiny of records and transactions into your business processes.