Small companies are not doing enough to prevent fraud and theft in their business.
That's the result of a study by Bank of the West and Harris Interactive. While 95 percent of the 803 small businesses surveyed take at least some steps to prevent fraud, not enough is being done in several key areas:
• A mere 18 percent use two-person controls for financial matters (as in, two people must sign all checks).
• About 48 percent secure documents from theft through locked files or password protection.
• Only about half make regular checks of their financials or their inventory.
• Only 40 percent conduct background checks of potential new employees.
• Just 16 percent have a fraud policy.
The study found that less than a third of the small businesses surveyed had insurance to cover employee fraud, despite the fact that at companies with fewer than 100 employees, median loss from each instance of employee fraud has been estimated at $120,000.
The challenge of preventing fraud in a small business is daunting: Inventory, identity, vendor and financial fraud can all occur while an entrepreneur's back is turned.
But every fraud protection comes at a cost -- a higher information technology budget or a slower payment process, for example.
In developing fraud protections, small business owners must always walk a fine line between putting proper procedures and protections in place and avoiding overburdening operations.
Anti-fraud policies and procedures won't work if they are not followed consistently by all employees. So beyond passwords and two-person controls for payments, entrepreneurs also must create a workplace in which the goals of employees and employer coincide. In such a workplace, the temptation to steal from the company is minimal and the responsibility for protecting company assets is foremost in the minds of employees.
-- Ann Dugan, email@example.com
Business workshop is a weekly feature from local experts offering tidbits on matters affecting business. To contribute, contact Business Editor Brian Hyslop at firstname.lastname@example.org.