The average company in the United States loses 5 percent of its revenue to fraud each year. The losses come from padded expense reports, understated sales, sophisticated billing schemes, and other fraudulent business behavior.

It usually takes 18 months to discover fraud inside a company and anyone can commit business fraud—males and females, managers and employees, college and high school graduates. Approximately 80 percent of all fraud inside companies is perpetrated by people between the ages of 31 and 60. And 70 percent of the time a fraudster acts alone.

People choose to commit business fraud because they rationalize their behavior by telling themselves they’re just borrowing money from the organization or that they’ve done a good job and deserve the extra “bonus” payments. There could be other reasons that lead to feelings of financial pressure which lead an otherwise honest employee to commit business fraud.

Management obviously can’t control the economy, but it can fight business fraud by developing and deploying a robust and rigorous system of internal controls. There are three types of internal controls essential to preventing and detecting business fraud – preventative, detective and corrective.

Preventative Controls
These are controls which are intended to keep bad things happening.  They are simple and common sense controls such as:  criminal-history background checks on employees, spending limits on company credit cards, a preapproval process before purchases are made, strict adherence to budgets, and a gamut of password-protection controls. Another often overlooked control is segregation of duties which ensures no one has unilateral authority over a single transaction cycle. Segregation of duties can be a challenge in a small business where there are few employees so it is essential the owner take an active role in reviewing write offs, bank reconciliations and controlling checks.

Detective Controls
These are controls designed to identify errors or fraud as transactions occur.  Management can implement these controls by periodically performing a reconciliation of the books, inventory counts, or surprise cash counts.  Most of today’s accounting programs can help by generating variance reports, budget-to-actual analyses, or exception reporting—all to help potentially identify whether business fraud is taking place. These controls are easy for a small company to implement.

Corrective Controls
These are controls implemented after an error is uncovered.  If the error was intentional, corrective controls could include forfeiting a company credit card, termination, or litigation, sending a clear message to employees that inappropriate activity and business fraud will simply not be tolerated.

It’s important to note that no matter how much companies may trust their employees, trust isn’t a control. In a small business the line between employee and friend can become very blurred which unfortunately can lead to fraud but trust combined with good controls can mean a happy ending for all.