Most experts would agree that the best way to minimize fraud at any company, including a construction business, is to take a holistic approach. As the owner, you must set the tone at the top regarding a zero-tolerance, fully vigilant approach to stopping fraud. Then you need to permeate the organizational culture with strong values, ethics and controls.
Identify risk
The first significant challenge is understanding where and how you’re at risk for fraud. Be specific and realistic. Your vulnerabilities aren’t necessarily the same as those of similar-sized businesses or even of your close competitors in construction. You may, for example, already segregate duties in your purchasing department, while your competition may have stopped with password protections.
Examine your risks objectively. The question isn’t whether your long-time bookkeeper would embezzle funds; the question is whether he or she could. When assessing threats, consider both internal and external opportunities for malfeasance and how employees at any level of seniority could work alone or in concert to exploit them.
Once you’ve performed a thorough review of your construction company’s existing practices, consider the overall costs of your primary risks — including the consequences and long-term impact of letting them go unaddressed. Recognize that risk management is more than buying insurance; it’s working to ensure that you don’t need insurance because you’re taking steps to close gaps that fraudsters could exploit.
Build defenses
Next, turn your attention to preventive strategies. If you don’t have a written code of ethics and business conduct, now’s the time to develop both. As mentioned, fraud prevention begins at the top — with a clearly communicated commitment on the part of ownership and management. It isn’t enough that you have a code of ethics; you must be seen following it.
Then look at your internal controls. Did you consider fraud prevention when you designed them? If not, re-evaluate the controls with an eye on closing possible loopholes. Policies to consider implementing or reviewing for efficacy include segregating financial and accounting duties while duplicating sensitive tasks such as double-signing checks over certain amounts. You should also regularly reconcile bank accounts and perform both internal and external audits that include fraud detection measures.
Of course, you shouldn’t go it alone. Train trusted in-office supervisors or managers to spot fraud and do the same for on-site project managers. It’s important, however, that you don’t allow employees to create and manage fraud policies all by themselves. For instance, if your IT staff devises its own security measures, someone outside the department should determine whether the measures are appropriate and being followed adequately.
Allocate resources
Once you’ve determined your areas of risk and ways to address them, you may discover that you can’t do everything at once. If so, set priorities so you can allocate resources optimally.
Understand that not all risk is created equal. Some risk has the potential to cause damage that would ripple throughout the company but, viewed objectively, is highly unlikely to occur. Fraudulent financial reporting, for example, can ruin a business. However, as long as your financial statements are properly generated and regularly audited by a third party, it’s more difficult to perpetrate today than it was decades ago.
Other potential problems may do less damage, but there’s a much better chance that they’ll happen. An overworked bookkeeper with a heavy mortgage could easily, for example, exploit operational loopholes to embezzle money. In deciding how best to allocate your fraud prevention resources, assess the probability of different risks, rather than simply their size.
Finally, set up a continuous monitoring system that will allow you to track and adjust controls as changing circumstances require.
Remain vigilant
Fraud risk management can’t be a one-time or even once-in-a-while activity. Construction business owners must constantly evaluate their existing controls, comparing them with legal, regulatory and best practice standards. Don’t let your guard down!
The content featured in this article originates from our bi-monthly Contractor Newsletter. Subscribe below and stay in the know.
