By Yaw Appiah LARTEY, Nii Asafoatse ABBEY & Ewurakua ABRAHAM
Small and medium enterprises (SMEs) are vital for economic growth, especially in developing countries, but are particularly vulnerable to fraud.
A report by the Association of Certified Fraud Examiners (ACFE) 2024 highlights that smaller budgets and revenue make SMEs more vulnerable to the impact of fraud compared to larger organisations[1].
Small businesses are at higher risk of fraud due to their limited resources, relatively informal processes and lack of anti-fraud technology. To protect themselves, businesses can conduct a Fraud Risk Assessment (FRA), as recommended by the Chartered Institute of Management Accountants (CIMA)[2] and the Committee of Sponsoring Organisations (COSO)[3]. This assessment helps identify and manage fraud risks efficiently, even with limited resources.
This article will discuss how FRA can help small businesses in Ghana combat fraud. Future articles will cover additional components needed for a comprehensive fraud risk management programme for SMEs. Let’s start by defining fraud and its impact on SMEs.
Understanding fraud and its impact on SMEs
Fraud is a deliberate act of deception for personal or financial gain that harms others. Three main elements trigger fraud: pressure, opportunity and rationalisation. Opportunity arises from weaknesses in processes or systems that can be exploited for financial gain. Pressure can be driven by factors like greed, addiction, debt or financial stress. Rationalisation involves justifying fraud through reasons like “I’m doing it for my family”, “Everyone does it” or “I deserve it”.
SMEs face various types of fraud, including payroll fraud (such as timesheet manipulation and unauthorised wage increases), data breaches due to limited IT resources, use of fake currency, supply of fake or wrong products, incomplete supply of goods, cyber fraud and billing fake items. Many SMEs do not prioritise fraud risk assessment due to cost and lack of awareness among owners. While the financial losses from fraud can be significant for SMEs, the non-financial impacts can be equally devastating and have long-lasting consequences. These include:
-
Reputational damage: Fraud can erode trust with customers and stakeholders, leading to a loss of business and loyalty.
-
Distraction from core business: Dealing with fraud can divert time and energy away from focusing on business growth and development.
-
Difficulty attracting new customers: Negative information about fraud can deter potential customers from engaging with the company.
How businesses benefit from an effective FRA
Conducting a thorough fraud risk assessment is essential for a robust fraud risk management programme as it encourages a business to take a proactive approach to managing fraud. The assessment should cover key areas relevant to the organisation’s size, complexity, industry and objectives. Regular updates to the risk assessment are necessary to stay abreast with evolving fraud risks and vulnerabilities specific to the organisation.
A comprehensive fraud risk assessment should pinpoint the types of fraud the organisation is most vulnerable to, potential locations of fraud occurrence and methods of perpetration. Prioritising identified fraud risks based on their significance and likelihood is crucial, followed by implementing appropriate mitigation programmes and controls. This detailed approach enhances risk intelligence, promoting a well-informed, balanced and adaptable risk management strategy.
Areas for enhancing performance in fraud risk assessment may include:
-
Connecting risks to specific control measures
-
Involving personnel across all levels
-
Addressing the risk of management overriding internal controls
-
Conducting assessments for key business units and regions
-
Performing detailed assessments at the level of specific fraud schemes.
