Business fraud, also termed occupational fraud, is the act of stealing money or company assets by means of a scheme or deception. Often the perpetrator conceals the crime with false documentation or some other method to give an appearance of legitimacy to the fraudulent transactions. A perpetrator usually violates an existing internal control mechanism that would otherwise prevent or expose the crime. Effective fraud prevention tools depend on the enforcement of internal controls.


Following an audit in 2009, Merrill Lynch announced that the company had understated their losses in 2008 by $500 million. Auditors Deloitte and Touche said that Merrill Lynch "had not maintained effective internal control over financial reporting." The failure of internal controls remains the reason behind losses, whether they are the result of "ineffective" management or fraudulent conduct. The importance of effective internal controls was a primary reason for legislation like the Sarbanes-Oxley Act of 2002. Section 404 of the act requires public companies to file regular reports on the effectiveness of their internal control mechanisms. Yet, in the post-Enron and post-financial crisis environment we live in, stories like the one noted above persist. These illustrate failures on the part of management to maintain internal controls. The lesson is the same for small business owners: Monitor internal controls.

An Achilles Heel

The American Institute of Certified Public Accountants refers to management override of internal controls as "The Achilles' Heel of Fraud Prevention." Managers who have authority to override internal controls can render a fraud prevention program ineffective and undermine the integrity of an audit. In its 2012 Report to the Nations, the Association of Certified Fraud Examiners overriding internal controls were a weakness in over 19 percent of fraud cases reviewed. Over 18 percent involved internal controls that were lacking in management review and 9 percent illustrated a failure on the part of management to set an appropriate attitude or tone to internal control matters. Clearly, management problems can be seen as a contributing factor in over 46 percent of the reported incidents reviewed by ACFE. In addition, managers were perpetrators of fraud in over 34 percent of cases.

Building Blocks

The foundation of an anti-fraud program are the internal controls that any small business owner can almost take for granted. Yet a lack of internal controls are cited as a weakness in 35 percent of frauds in the ACFE 2012 survey. Necessary controls include the regular reconciliation of accounts, separation of accounting duties, counter signatures on large disbursements, monitoring payable accounts and identification of vendors -- the list goes on. So, if internal controls are building blocks, what holds the whole thing together and makes it work?

Making Controls Work

ACFE has found that nearly 50 percent of all fraud investigations begin with a tip. This is why ACFE recommends that small business incorporate some type of confidential reporting mechanism as part of an anti-fraud program. The other necessary components are a commitment by management to ethical conduct and the inclusion of employees in anti-fraud training. Adopt a code of ethics and state the intention to prosecute fraud to create that expectation in the minds of employees. These are recommended by ACFE as the most cost-effective anti-fraud programs for small business.

Additional Considerations

Creation of a positive environment that rewards honesty and does not tolerate dishonesty starts at the top. Small business owners should consider ways to reward employees, such as an employee assistance program. Demonstrated commitment to employees can be returned in increased loyalty and attention to the best interests of your business.