Small businesses must guard their online financial transactions with extreme care and ensure their reports are reviewed regularly to avoid multimillion-dollar disasters, a new report has warned.
The harsh warning comes as part of a review by accounting firm Warfield & Associates, which found $398 million was stolen in 89 cases of employee fraud between 2001 and 2012.
It echoes similar findings from KPMG’s own Fraud Barometer reports. The most recent report found the average value of each fraud case over the previous three years had risen to a massive $1.8 million.
Warfield & Associates partner Brett Warfield says the new report showcases a significant number of cases where businesses had been ripped off through Electronic Funds Transfer systems.
“We believe that if one lesson is learnt from this research, it is that organisations must ensure the controls over their EFT are regularly reviewed by those with a good understanding of how the systems can be manipulated,” the report states.
In fact, 43 of the 89 cases occurred because of this. Warfield points out that with the growing number of accounting employees using these systems, the likelihood of this occurring in smaller businesses continues to grow.
“A number of businesses in our study were SMEs that suffered tens of millions of dollars in theft,” he told SmartCompany.
“And in SMEs, not only will they be using EFTs, but they’ll be using all types of bookkeeping services and outsourced bookkeeping, and this is an issue that can come up.”
The report shows there were 18 cases of fraud involving an employee transferring money electronically to their own bank account, and eight involving sending money to their own accounts and the accounts of third parties.
One of the biggest frauds of the past few years involved a bookkeeper at electronics chain Clive Peeters who transferred millions to her own bank account over several years.
Earlier this year, construction firm Hastie Group suffered a similar disaster.
Warfield says there are plenty of opportunities for fraud to occur.
“Organisations have moved away from using cheques as a mode of payment. Payroll is usually now all through direct credit.”
“What’s unusual is that more people are seeing potential weaknesses in the system. Those doing the transactions can see all the financial information they need to take money. It’s a very high-risk area.”
There are practical precautions a business can take, he says. Firstly, everyone who has signatory authority on an account needs to have proper understanding of the risks.
“They need to have two different independent people processing the actual EFT transactions. And it’s critically important they don’t share passwords.”
“Sometimes people may go away and they leave a password for people to use. It’s important that doesn’t occur and that people aren’t sharing passwords.”
The next precaution is for businesses to regularly converse with their bank about their financial history and track down any unusual transactions.
“Some of these businesses in the report were turning over millions of dollars, and they weren’t aware of who they were paying, who was doing the review, and so on. They were just very lax.”
“You need to be aware of your finances, and you need to be doing reviews often.”