Protecting Your Small Business

Safeguarding Your Business

Establish Internal Controls

  • Limit electronic access to financial information or sensitive documents.
  • Develop policies that control how financial transactions are made and implement review and authorization procedures.
  • Do not regularly login with an "Admin" account other than for required administration of other users.
  • Utilize Dual Control and Dual Approval for any functions that move money out of the account (for example, ACH or Wires).
  • Review and reconcile accounts daily.

Secure and maintain computer systems

  • Maintain appropriate network user access security if computers are networked.
  • Ensure up to date firewalls, anti-virus software and spyware prevention software are in place for all computers.
  • Apply computer operating system patches and updates.
  • Maintain the physical security of computers and limit access to computers that are used for sensitive functions.
  • Do not download or install software from unknown third parties.
  • Do not open email or email attachments from an unknown source.
  • Limit Internet access on business computers to business requirements.

Restrict access

  • Rotate duties so that no one person is responsible for all financial tasks.
  • Personally review your bank statements and restrict access to financial documents, checks, credit cards, and cash.

Supervise and monitor financial transactions

  • Adequately supervise all employees who take part in business finances.
  • Continually review wires, transfers, payroll and business checks, or use an automated monitoring system.

Adequately screen employees

  • Conduct thorough background, credit and criminal checks.
  • Always check references and verify education and employment history.
  • Conduct regular performance reviews.

Utilize CPAs

  • Consider hiring an outside firm or CPA to conduct audits of your business finances. An independent audit can facilitate early detection of fraud and help identify weaknesses and areas for improvement.

Conduct regular and unscheduled internal audits

  • In addition to regular examinations of inventory and finances, unannounced audits can deter fraud.
  • Perform periodic risk assessments.

Implement an anonymous reporting system

  • Make it easy for employees, customers and vendors to confidentially report suspected fraud. Create a written ethics code or fraud policy that states what actions are prohibited, how to report suspected fraud, and what the consequences are when it occurs.