In this article, Syft Analytics will investigate the most common red flags that could alert you to fraud so you know what to look out for in your company.
Fraud has been in the news a lot recently... Between the fallen unicorn, Theranos, and the collapse of FTX, we seem to be surrounded by large-scale scandals. But fraud isn't limited to multi-million-dollar enterprises. It's pretty insidious - even in smaller businesses. So, it's critical that you know what the tell-tale signs are.
We are very committed to helping smaller businesses detect potential fraud and nip any fraudulent activities in the bud. That's why we introduced our Anti-Fraud feature set and have built dedicated courses on Fraud and the Anti-Fraud tools on Syft Campus. In this article, we will take a look at some of the most common red flags that could alert you to fraud so that you know what to keep an eye out for in your own organization.
Fraud can have devastating consequences for businesses, especially small businesses that cannot afford to lose their hard-earned profits. This is why the sooner fraud is detected, the better. No one wants to get to the point where they've lost so much money that the business goes insolvent. As Linda Rossouw, Business Growth Solutions Specialist, writes in her article on fraud red flags:
"Realistically, companies cannot prevent all occurrences and forms of fraud, however, they could apply various detection techniques to cultivate an awareness of warning signs that could point to fraud, known as red flags."
This article is largely informed by the red flags identified by Rossouw, with some suggestions as to how you can combat these different vulnerabilities with the help of educational tools and software. We will address three main types of red flags:
Red flags in your accounting;
Red flags in staff behavior; and
Red flags in your technological systems.
Let's dive in.
If something looks a bit off in your books, it may be the result of an innocent - albeit potentially costly - mistake, or it may be the result of fraud. This is why it's vital that you remain vigilant in auditing your books. A few unusual discrepancies or fluctuations you may want to be on the lookout for include:
Financial statement discrepancies;
Frequent adjustments or restatements of your financial statements;
Unusual transactions, data patterns, or trends; and
Let's take a look at each of these in turn.
If your revenue suddenly or unexpectedly changes and you can't seem to find a logical explanation for this, then you may want to investigate further. Perhaps someone has crooked the books to inflate your sales numbers, recognizing certain items as sales when they were not in fact sales. As Investopedia states in an article on detecting financial statement fraud:
"Tell-tale signs of accounting fraud include growing revenues without a corresponding growth in cash flows, consistent sales growth while competitors are struggling, and a significant surge in a company's performance within the final reporting period of the fiscal year."
Investopedia cites the shocking fraud case of Enron back in 2001 as an example of a case where a firm committed "egregious accounting fraud" using shady accounting.
Financial statement discrepancies
If you notice inconsistencies for comparative numbers across your profit & loss, balance sheet, and cash flow statements, this may be a sign that someone has been messing with those numbers and you should investigate this ASAP.
Frequent adjustments or restatements of your financial statements
If your financial statements are being altered or restated multiple times, this may suggest that someone in the company is trying to cover their crooked tracks or maintain a specific financial result. Major red flag alert!
According to the Association of Certified Fraud Examiners (ACFE), financial statement fraud is the least common type of fraud in the corporate world, constituting about 10% of detected cases. However, when this type of fraud does occur, it is the most costly, resulting in a median loss of $954,000!
Unusual transactions, data patterns, or trends
If you notice any transactions that look unusual or identify data patterns or trend flows that are out of the ordinary, either by not fitting within the usual business model or by being incredibly complex, you may want to dig a little deeper to see what's really going on.
Embezzlement is defined as the misuse or theft of company funds or property. This happens when an employee steals or misappropriates company funds for their own purposes. Some common examples of embezzlement and employee theft include:
Voiding transactions at the cash register and keeping the money for themselves;
Pocketing cash payments from fundraisers;
Cashing customer checks;
Misusing an expense account;
Misusing employee discounts;
Stealing small sums of cash over a long period of time;
Stealing office supplies or equipment;
Faking vendor payments;
Stealing customer credit card data; and
Collecting extra money from the expense account by first charging the expense to their company credit card and then requesting reimbursement as if they had paid for it from their own account.
These are things you will want to catch before they go too far. Is there something strange going on with the business's receipts? Have receipts been diverted to written-off customer accounts or to personal bank accounts? Is your accounts receivable looking a bit sketchy?
This is part of why we have tools to detect the use of duplicate accounts and contacts or dormant accounts and contacts in our Audit tool. Cleaning up any duplicate or dormant contacts or accounts can make it more difficult for employees to embezzle money into their own account through old supplier contacts.
Oftentimes, people who commit fraud have certain behaviors that may indicate their criminal activities. And, no, I don't mean anything as obvious as blatantly talking about corruption or embezzlement. It's more subtle things like refusing to take annual leave or delegate tasks. Why would someone be reluctant to take time off or to unload their plate at work? Is this because they're workaholics or control freaks or is it because they're worried that they won't be able to oversee their fraudulent activities?
Alternatively, if one of your colleagues appears to be living it up with a flashy new car or other very expensive lifestyle habits, you may wonder if they've been maxing out all their credit cards or if they've suddenly come into a lot of money? Did a wealthy relative recently die, did their partner get a promotion, or are they stealing money from the company?
If you start asking a colleague about financial matters within the organization and they become strangely defensive or secretive, this may also indicate that something is afoot. Equally, if they have a very close personal relationship with a vendor or other external party, this could indicate collusion or a conflict of interest.
None of these behaviors are necessarily evidence of fraud taking place, but they are certainly worth investigating even if it turns out that, yes, your colleague's millionaire grandmother just died and that's why they decided to buy a new Mercedes. Better safe than sorry.
The Fraud Triangle
In addition to these signs, you may want to consider the Fraud Triangle, a notion conceived of by criminologist Donald R. Cressey in the 1970s. Cressey outlines three key conditions that lead to higher instances of occupational fraud:
If someone is under a lot of pressure, whether that be due to a sick child they are caring for or an addiction, then they are more likely to look for ways to find some extra money. If you sense that someone is under a lot of pressure or is suffering from an addiction, it may be a good idea to find ways to help them, perhaps offering resources for rehabilitation or counselling.
However, it's important to note that every person finds themself under pressure at certain times and that doesn't make everyone a fraudster. Pressure alone isn't enough to turn someone into a criminal; there needs to be an opportunity for them to act and a way in which they can rationalize their actions. These are the sides of the triangle that support fraud taking place. If it's very easy to steal change from the till or abuse the company card, then someone is more likely to do so than if there are measures put in place to make such actions difficult.
Unfortunately, it's difficult to stop someone from rationalizing their actions as just. They may think that fraud is a victimless crime, but they couldn't be further from the truth. Fraud impacts everyone in an organization, especially a small organization. The best thing that you can do to protect your business is to limit the opportunities for this behavior and to try foster an ethical working environment.
As our technology becomes more sophisticated, so too do our criminals. Today, there are an abundance of opportunities for cybercrime and this is one of the biggest threats that businesses must protect against. A few technological red flags would be:
Unusual or unauthorized access to financial systems or other sensitive company data;
Unusual electronic transactions;
Strange emails asking you to click on dubious links or download attachments; and
Social media messages from unfamiliar people asking you to click on links or download attachments.
It's incredibly easy for fraudsters to get hold of sensitive company data if you don't have the right protections in place. If you haven't encrypted your data or made sure to implement strong passwords across all your accounts, then you are vulnerable to attack. This is why it's vital that you train your staff on the risks of cybercrime, as well as ways to identify spurious emails or messages and ways to strengthen their passwords. It's also worthwhile to implement firewalls and to encourage your employees not to work on public WiFi networks.
Pro tip 💡: To learn more about keeping your financial data safe, read our article here.
According to the 2023 Global Ecommerce Payments Fraud Report conducted by Cybersource, phishing, pharming, and whaling attacks are the most prevalent fraudulent attacks and merchants cite increasing challenges in managing e-commerce fraud over the past few years. What exactly do these strange terms mean though?
Phishing (pronounced "fishing") is when someone attempts to steal your money or even your identity by getting you to reveal personal information such as credit card numbers, bank information, or passwords on websites that pretend to be legitimate. Criminals will usually pretend to be from reputable companies - such as your bank - or else they will pretend to be your friends or colleagues.
Pro Tip 💡: Microsoft's support page dedicated to phishing (linked in the bullet point above) suggests that you be wary of urgent calls to action or threats, first time or infrequent senders, bad spelling or grammar, generic greetings, mismatched email domains, and suspicious links or unexpected attachments as these may all be signs that someone is trying to phish your information.
Pharming is a type of cyber-attack that redirects users to fraudulent websites or manipulates their computer systems to collect sensitive information.
Whaling is a specific type of phishing attack that targets high-profile employees such as the CEO or CFO so as to steal sensitive company information. A whaling attacker will often try to manipulate this person into authorizing a high-value wire transfer to the attacker. The reason this is referred to as whaling and not just phishing is because of the size of the attack. Because of how targeted these attacks are, they are often more difficult to identify than your typical phishing attacks. However, there are steps you can take to protect against these attacks, including training employees on how to identify false email addresses, requiring multi-step verification for wire transfers and access to confidential or sensitive information, and introducing data protection policies.
The good news is that businesses are beginning to work more proactively to curb fraudulent attacks by using an array of fraud detection tools and focusing on more secure payment methods for customers.
Now that we've considered some of the red flags you should be aware of when it comes to detecting fraud and ways in which you can make it more difficult for fraud to take place, I thought we could turn to something a little bit more positive. While fraud is widespread and there's no guarantee that you won't encounter it, there are a lot of ways to know that your firm is in a good position to defend against it.
If you work to instil an environment of honesty and integrity within your organization where fraud is taken seriously, you are taking a step in the right direction. The tone of the top is very important when it comes to setting the tone for the rest of the organization. Employees need to know that if they see any suspicious behavior, they are safe to report it to their superiors.
Next, you want to make sure you have thorough controls in place, that these are well communicated within the business and that you educate your staff on the risks of fraud and how to prevent it from taking place. Remember, if you remove the opportunity for fraud to take place, the Fraud Triangle comes apart.
Latest news, events, and updates on all things app related, plus useful advice on app advisory - so you know you are ahead of the game.