In the recent past Small and Medium Enterprises have
experienced phenomenon growth in terms of size and profitability. The top 100
event (organizations with turnover of Ksh 70M -1 billion) in Kenya and other
East Africa countries continues to attract new entrants and a select group has graduated
to Club 101 (salves >1 billion). Experts on SME hold that one of the main
aspects that such organization should manage carefully is cash/liquidity, and
that profits must be measurable in cash terms. While this is not in dispute,
the big picture is all about risk management. I.e. what risks should such
organizations manage in order to survive? Is it about customers, working
capital, expansion, skills, complexity of organization, strategy, vision etc.?
As these organizations grow, they increasingly become
complex, hire a large pool of employees, venture into new markets, new products
and deal with numerous other third parties. While the public only sees the
outcome of such expansion, i.e. increasing sales, profits and the profile of
the organization, most of these firms struggle internally in managing various
aspects of their operations. In most firms, governance structures are non-existence
or weak, policies and procedures are non-existence or basic while management structures
are not in line with the size of such organizations. A combination of the
aforementioned increases the likelihood and impact of various risks.
This article explains how such organizations can deal
with the risk of fraud. Fraud Risk Management is about how an organizations
prevents, detects and responds to the risk of fraud. Established organizations
have well laid fraud risk management programs which they apply to manage such risks.
However less attention has been paid to practical ways SME’s can manage fraud
risks in a cost effective manner without increasing complexity.
Fraud risk management focuses on three aspects
mainly:
Prevention
– what can SME’s do to prevent fraud from happening, these include aspects such
1) understanding the specific fraud risks they face, 2) Having policies and
procedures for various processes – these help to define accepted procedure and
what can be defined as fraud and misconduct. Simple procures for example those
related to hiring can prevent the organization hiring related parties or people
with questionable reputation or background. 3) Putting in place controls to prevent such
frauds, for example where an SME uses cash as its main mode of payment, it can
reduce cash theft and elated fraud by adopting mobile payments, cheques or bank
transfers. 4) Ensuring a continuous monitoring of frauds and designing controls
that deal with emerging fraud threats
Detection –
If fraud was to happen, how would it be detected? Such aspects include: 1)
Periodic audits focusing on risk areas such as cash, assets and procurement. 2)
A reporting line – providing staff with a means of reporting any suspected
fraud.
Response –
Once fraud has happened, how does the organization react? SMEs may not have the
resources to conduct detailed investigation but of importance is for management
to demonstrate a sense of urgency and ruthlessness in dealing with such cases.
The idea is to set the right example that such behavior is not tolerated in the
organization
Above all, governance of SMEs dictates whether risk management
is effective or not. SMEs do not require a large Board of directors or a
complicated structure to manage risks, but owners need to understand that given
the increasing risk of fraud, they must alert and in control of all aspects and
processes in the organization. As such organization grow, they will have to appoint
individuals and assign clear roles and responsibilities to ensure that such
risk is reduced. Ultimately the goal should be to have peace of mind about the
existence of organization tomorrow and not on making a profit today….
The next article will identify common fraud schemes in SMEs,
their causes and how to manage them
