How to Identify and Mitigate Business Fraud Risks in 2023

MONDAY, OCTOBER 16, 2023  

Fraud happens more often than expected. 43% of businesses have dealt with some type of fraud in the past five years.

Many of our clients are business owner-managers, and part of being in that position requires them to place a significant amount of trust in the leaders that surround them. Unfortunately, we come across instances of fraud every few years, ultimately leading back to the common theme of someone taking advantage of that trust. Understanding the most common circumstances that allow fraud to occur and how to best position your company to mitigate this risk is important.

We recently learned of another case of fraud. Our client, the owner, paid for some business expenses on their personal credit card and asked their controller to reimburse them, which they immediately did by way of e-transfer.  Our client quickly realized that the controller had the ability to perform e-transfers out of the company’s chequing account without the involvement or approval of any other individual in the organization. After looking through the transactions from the bank account, it was apparent that the controller was siphoning funds for themselves. This led down the rabbit hole and resulted in the discovery of fraud using company bank accounts and corporate credit cards.

This is just one example of what is becoming a more relevant issue today.  Here are a couple of the top types of fraud our clients should look out for:

1.           Employee Fraud

Employee fraud most frequently originates in the accounting and finance department since they have the access to the banking and financial records.  Common examples include:

  • Forging a company cheque

  • Using a company card personally

  • Using company property or equipment personally

  • Kickbacks and overbilling

  • Manipulating payroll

  • Electronic transfers from the bank account to the employee’s accounts

Mitigating these risks requires some modest level of segregation of duties (even in smaller organizations) and ensuring that ownership carefully monitors bank account activity and is the only authority that can make payments. Entrusting others with payment authority is allowable in some circumstances, but should be supplemented with controls around this, likely in the form of owner oversight. It is best to perform system walkthroughs of your primary financial functions, and to document areas of weakness where fraud may occur, personnel accountability, segregation of duties and oversight to ensure that there are constant controls in place.

2.           Cyber Fraud

In addition, having mindfulness to cyber fraud is important.  Engaging a tech firm specializing in reviewing your cyber controls is likely the place to start.

The best way to mitigate cyber fraud is by ensuring that your IT infrastructure is secure. Hiring an independent firm to do a security audit of your organization may be the best way to ensure an additional knowledgeable perspective augments your internal resources.

If you have any questions or would like assistance in your review of internal controls, reach out to one of the RMR team.