Like most business owners would be, Eric Ersher and David Elias, co-founders of the Southfield, Michigan, soup franchise Zoup! Fresh Soup Co., were caught off guard when they learned that a trusted employee had been stealing from them. The general manager of their second store, which opened in 1998, had made off with $50,000 over a period of 10 months before Ersher, 43, and Elias, 41, caught up with her. "We were shocked to find out what she'd been doing for so long," says Ersher. "It was not a good day."
Though employee theft plagues businesses large and small, companies with fewer than 100 employees continue to suffer disproportionate losses, according to a 2006 report by the Association of Certified Fraud Examiners. The median loss last year for these businesses was $190,000, or 26 percent more than for companies with 10,000-plus employees. "The problem lies with small businesses not being very prepared to deal with fraud," says John Warren, general counsel for the ACFE in Austin, Texas. With smaller accounting departments and far fewer resources, he notes, these companies believe they can't afford the kinds of checks and balances and security systems big companies use to safeguard their coffers. But in fact, there are a number of relatively inexpensive steps entrepreneurs can take to help make their businesses more secure.
- Create checks and balances. "The person who handles incoming receipts should not be the same person who takes the deposit to the bank," says Warren, who advises splitting up tasks as much as possible. Also, always have a separate bank statement delivered to your home for your review. Ersher now opens all statements before they go to accounting, and he has instituted a paper trail that requires each store manager to submit a weekly summary reconciling the various data sources for each day--cash deposits vs. daily sales report, comps, gift certificates and so on--and calculate any variances. "That puts the onus back on the manager to assemble the information," says Ersher. "It's kind of self-policing."
- Use the element of surprise. "No matter how sophisticated the control system is, if it's the same thing all the time, it becomes easy to get around," says CPA Gary Zeune, a nationally recognized speaker on fraud and founder of The Pros & The Cons, a speakers' bureau of former white-collar criminals who educate companies on white-collar crimes. Change it up with spot audits, and if you've set the red-flag variance limit at $5,000, for example, randomly select items at lower amounts and ask for explanations.
- Turn on the controls. Many accounting software packages include security features, but business owners often don't realize they're there. And many homegrown packages don't have controls at all, says Ralph Summerford, a CPA and certified fraud examiner. "Some programs allow you to go in and void transactions or change a payee," he says. "We see a lot of that."
At Zoup!, the rogue employee was able to get into the company's custom-designed point-of-service system to change amounts and pocket the cash. Today, the company's proprietary web-based POS system includes stringent controls: Employees can only access screens they are authorized to see, for example, and only managers can assign drawers, run current day reports and pull data from the intranet. "It was expensive to develop, but now that it's in place, we're saving money," says Ersher, noting that at $10,000, the cost of POS hardware and software for each new store is half as much as it used to be, and they don't have to worry as much about fraud.
- When embezzlement does happen, take action. Ersher and Elias opted to prosecute, both civilly and criminally. The thief went to jail, and they won the civil judgment--but they didn't do it for the money. Says Ersher, "We wanted people to know how we handle this sort of thing."
- Hire smarter. You can significantly cut your odds of getting taken simply by doing thorough background checks on all prospective employees. "And what's the best way to prevent somebody from stealing from you?" asks Zeune. "Don't hire them in the first place."