Preface: Maybe It’s Time We Get Back to the Basics

LARRY WAS THE CHIEF FINANCIAL OFFICER for a company with annual revenues of $75 million. He worked his way up through the company over a period of 10 years to attain this prestigious position. Unfortunately, external financial pressures in his life led him down the path of compromise and ultimately to prison. As his struggles intensified, Larry rationalized that he would only “borrow” the money from the company; he would, of course, pay it back once he got past these financial pressures. “I’m not committing fraud. I’m not stealing. I’m just borrowing,” he constantly told himself. Since Larry had risen through the ranks over a long period, his superiors trusted him. Because of their level of trust, Larry was virtually unaccountable to the system of checks and balances that existed over the disbursement process. By the time the fraud was discovered, Larry had misappropriated over $1.3 million from his employer through a simple disbursement fraud scheme.

Larry’s story is true. It is based on only one of my numerous experiences investigating fraud cases over the span of 30 years. Sadly, this same story occurs often in today’s business environment. Fraud has become too easy, too frequent, and too costly for the small business community. If we consider the fact that in the United States fraud costs approximately $5 to $6 billion annually, we begin to understand that occupational fraud, or internal fraud, is not a small problem. So what can we do to reduce these occurrences? We must install a properly designed, properly functioning anti-fraud program specifically tailored to every individual company that exists. This is not a new concept. However, just because we possess the knowledge that something needs to be done doesn’t mean we are doing it. In fact, my experiences indicate that it isn’t being done at all.

ANTI-FRAUD PROGRAM DESIGN FOR THE SMALL BUSINESS

“I know I need better internal controls. I just don’t know how to go about it.” For the past 30 years, I have heard board members, chief executives, accountants, and other employees utter this statement. In most cases, this occurs right after fraud has already been committed within their company.

The guidance in this book is directed to the small business community, specifically to those businesses not subject to the complex provisions of the Sarbanes-Oxley Act. Anti-fraud program design issues for small businesses are unique, with their own problems to consider. For example, small businesses most likely don’t have 25 people in their accounting departments to naturally create a segregation of duties that helps deter fraud. A small business requires additional procedures to prevent fraud from occurring within departments comprised of very few people. Thus the purpose of this book is to address these issues in the small business community. So who or what is considered a small business?

SMALL BUSINESS DEFINED

What is the literal definition of a small business? Is it the mom-and-pop grocery store around the corner? The not-for-profit organization providing services in your community? Perhaps the local bank or credit union, your city or county government, or even the manufacturing plant just outside of town? If you spend any time researching the definition of a small business, you will see quickly that the term small business is defined according to various parameters: total assets, total revenue, number of employees, or a combination of two or all of these factors.

The U.S. Small Business Administration (SBA) defines a small business as “one that is independently owned and operated, is organized for profit, and is not dominant in its field.”1 For size standards, the SBA classifies the business into specific industries and then applies the criteria of number of employees or annual receipts. In fact, a business can have up to 1,500 employees and be considered a small business. This definition excludes the not-for-profit organizations, city and county governments, and school districts, just to name a few. While not specifically defining a small business, the National Federation of Independent Business (NFIB) states that its membership spans the spectrum of business operations ranging from sole proprietors to firms with hundreds of employees. According to the NFIB, the typical member employs 10 people and reports gross sales of about $500,000 annually.2 U.S. Census Bureau information indicates that employers with fewer than 500 employees account for as much as 99 percent of our nation’s businesses. In considering all of this information, the one fact that becomes clear is that there is no agreed-upon standard definition for what qualifies as a small business.

Given these definitions and the variety of criteria used to formulate them, I submit that the term small business can refer to any business, from the mom-and-pop grocery store to the manufacturing plant just outside of town.

The Public Company versus the Nonpublic (Private) Company

Given this general understanding of the definition of a small business, we can then further classify our nation’s businesses into two categories: public companies and nonpublic (private) companies. The technical aspects of the definitions of each category are somewhat mind-numbing and do not represent the focus of this book; therefore, I will spare you the details. Generally, a public company is one whose stock is traded on an open stock exchange or over the counter in the stock market and has financial accountability to the stockholders and to the U.S. Securities and Exchange Commission. The nonpublic company does not have the same nature of accountability as generally defined for public companies.

Why the Distinction?

Consider that you are the owner, a board member, or a management employee of a small business not classified as a public company. Whether you have one or a thousand employees, you can, and most likely will, experience internal fraud in your company. Internal fraud is fraud that is perpetrated against the company by an employee or in collusion between an employee and an external party. Because the risk of fraud exists in any company of any size, the need for an effective and efficient anti-fraud program also exists.

We Get It; We Need to Try to Prevent Fraud—So How Do We Do This?

Since the passage of the Sarbanes-Oxley Act (SOX) in 2002 and the resulting creation of the Public Company Accounting Oversight Board, public companies have had the benefit of volumes of information about internal controls and anti-fraud program design. SOX and its requirements are detailed and, unfortunately, complex. As a small business owner myself, I can get overwhelmed quickly when considering all of this information and guidance. The complexity of SOX can frustrate even the savviest small business owner.

It is my belief that the problems associated with how to design an effective and efficient small business anti-fraud program are unique. Even small businesses with just one employee can implement certain practices to accomplish an effective program. SOX really doesn’t address these issues for small businesses. It really shouldn’t have to; that is not its purpose. What we need is a practical guide for the design of an anti-fraud program with all of the complexity of SOX stripped away. What we need is something we will refer to as simple practicality.

Maybe it’s time we get back to the basics. Maybe it’s time we get back to the commonsense aspects of running our businesses and protecting our assets.

Accordingly, the focus of this book is to provide information regarding the design of an effective and efficient anti-fraud program for the company or business that is not subject to the Sarbanes-Oxley Act.

THE ANTI-FRAUD PROGRAM STRUCTURE

As we discuss designing an anti-fraud program unique to your small business, imagine the familiar metaphor of building a structure—a house in this example. We are going to build an effective and efficient anti-fraud program step by step using a commonsense blueprint. Remember, simple practicality.

Any reliable building process begins with the architect’s blueprints, laying the foundation and the floor, which we will cover in Chapters 1 through 5. Specifically, these chapters address the issues of the anti-fraud environment and the fraud risk assessment process.

Chapters 6 through 9 represent the process of raising the walls and building on the properly laid foundation. These chapters provide specific control activities that can be implemented to safeguard company assets.

Chapters 10 and 11 represent the process of installing the ceiling. Chapter 10 addresses the steps necessary for the proper documentation of the anti-fraud program, and Chapter 11 addresses the issue of communication (a companywide anti-fraud training program) for the workforce that includes specific training regarding the contents of the anti-fraud program.

Chapter 12 represents the routine maintenance of the expertly finished structure. Once completed, every structure needs to be repaired, repainted, rewired, and so on, from time to time. In this chapter, we address the issues associated with monitoring your business...