Small businesses can learn from Sarbanes-Oxley

Small businesses are more likely to be hurt by the impact of theft than larger, more structured organizations. According to the Association of Certified Fraud Examiners, the average organization loses approximately 6% of sales to fraud that is primarily internal in nature. To smaller, privately held, organizations that can have a huge impact says Bill Dolphin, Asset Control’s Vice President and Compliance Officer. But, there is much that all businesses can learn from Sarbanes-Oxley, regardless of whether or not they are required to comply.

Smaller organizations, explains Dolphin, tend to rely on trust more than larger, more structured companies. Audit programs may be less formal in nature or non-existent and employee screening may be less of a priority. In short, business owners sometimes operate under a false sense of security that often accompanies a familiarity with employees who may be long term. The thought may be, “I know my folks – we’re like family”. Or, “I’m on top of my numbers, I’d know if something was wrong”, says Dolphin. This thought pattern spells trouble and can create an environment where losses may occur. The fact is that fraud, when it occurs in smaller organizations, typically goes on for extended periods of time and is conducted by long-term, trusted employees at higher levels. It’s often discovered by accident.

Many business owners, executives and managers pride themselves in developing a work climate where employees feel trusted. Dolphin readily admits that organizations depend on trust to function. However, says Dolphin, a true “Climate of Honesty” is one where there is a balance between trust and oversight. Where we find problems is when there is a lopsided reliance on trust without any verification going on. Frequently, executives will tell us that they are not sure how to construct this balance without creating an environment where employees feel distrusted. What they are missing is that honest employees are often uncomfortable in overly “loose” work environments. During investigative interviews employees will often tell us of their level of discomfort with weak policies or controls, Dolphin points out. “The hang up about employees feeling distrusted exists mostly in the minds of executives.”

So what can businesses learn from Sarbanes-Oxley?

• Do a risk assessment and analyze opportunities for fraud. Sarbanes-Oxley guidelines address the need for internal controls that specifically target opportunities for fraud. Once potential risk areas are identified and prioritized, build appropriate controls to address them. Professional fraud investigators, such as those employed by Asset Control, Inc. can assist small businesses with the risk assessment process.

• Develop audit steps to ensure that the controls you put in place are functioning. If your company does not have a full-time internal auditor, this responsibility can be outsourced. This is a more effective practice than assigning this function to your bookkeeper or Office Manager.

• Review policies and procedures to make sure that company policy supports a climate of honesty. Have a written code of conduct that employees are required to sign at time of hire and yearly thereafter. Your code of conduct should tie in with your written policies and procedures and both should be consistent your expectations of an ethical work environment. When developing a code of conduct it is best to involve employees from various levels within the organization. By doing this you will achieve a better finished product.

• Conduct background checks and exclusionary list (OFAC) searches on all applicants and current employees. Many employers are still unaware that the law requires an OFAC search on anyone with whom you develop a financial relationship. Employment is a financial relationship.

Sarbanes-Oxley is a terrific blueprint for building a solid climate of honesty, whether your company is required to comply or not. Whether it’s through employment background checks, our Sarbanes-Oxley compliant tip-line, our audit experience, or our investigative services, Asset Control can assist in reducing your organization’s exposure to fraud.