From equipment theft to padded time to cyberattacks, contractors are vulnerable to a variety of fraud schemes. According to the Association of Certified Fraud Examiners, the median loss due to internal fraud is $200,000 for construction companies — significantly higher than the $125,000 for all industries.
Many factors make businesses in the sector rife for fraud — and owners may not be able to control all of them. For example, no one person can physically monitor multiple job sites, particularly if they're geographically distant. What you can do is establish and enforce antifraud policies and procedures that make theft difficult, if not impossible. Your internal controls should address the following issues.
Some of your business's greatest vulnerabilities lurk in your accounting department. It's important that you segregate duties so that no one employee — no matter how long-serving and trusted — assumes responsible for everything. Even good people can be tempted to steal when given free rein to your accounts. So, the person who writes checks shouldn't also reconcile bank statements. It's also good policy to require dual signatures on checks and to limit wire transfer authorizations to a select few managers.
If you rely on performance bonds or use a line of credit, annual financial audits should be standard practice. Consider adding monthly financial reviews. They can help uncover anomalies sooner before fraud losses pile up. Schedule time each month to review bank statements, canceled checks, credit card statements and payroll reports. Reconcile billings with general ledgers. Keep an eye out for unusual numbers of customer or vendor adjustments, or extra employees.
Protect your business from unscrupulous vendors (or employees colluding with vendors) by periodically reviewing supplier lists and spot checking their federal Employer Identification Number, physical addresses, phone numbers and websites. If you come across suspicious names, compare their addresses to employee addresses. If they match, a worker could be stealing from you.
To ensure you get what you pay for, request receipts from subcontractors for all materials or equipment delivered to job sites. Confirm quantity and quality or brand directly from the supplier. Conduct onsite inspections to make sure the correct materials and equipment are being used. Also, to mitigate false claims or misrepresentations by subcontractors, include a right-to-audit clause in contracts and exercise that right to request written documents confirming all claims and representations subcontractors promise you.
Perform a Cybersecurity Assessment
Automation, electronic banking and mobile access to systems are now commonplace, making cybersecurity a clear and present danger. Isolating IT vulnerabilities and implementing and maintaining a robust security protocol is no longer optional — it's mandatory.
Identify the critical data — particularly personally identifiable worker and customer financial information — stored on your network. Then perform an audit of your data controls, including financial procedures, insurance, firewalls, antivirus software and backup procedures to confirm they're effective at protecting information. You might, for instance, perform daily backups of critical data and regularly test reset processes. If you find weaknesses, remediate them immediately.
In addition, carefully vet subcontractors and suppliers before granting them access to any of your systems. Keep in mind: Retail giant Target's infamous 2013 data breach was perpetrated by tricking an HVAC contractor to download malware.
Use Other Tools
Fraud rarely occurs in a vacuum. In many cases, the thief's coworkers or an outside party have some information — even if it's only a suspicion. To encourage tips, make a confidential hotline or web portal available to employees, vendors and customers. Publicize the hotline and make sure you follow up on tips you receive. Communicate outcomes such as termination or prosecution to send the message that you take fraud seriously.
Background checks can help you head off problems before they start. Conduct them on every new employee, subcontractor and supplier. For subs and vendors, include a review of financial statements, credit history and solvency. Although it's best to use a licensed investigator, you can start informally with an online search. Look for red flags such as tax liens, lawsuits, legal judgments and violations. Another red flag is subsidiary companies that mask the identity of their principals.
Fraud can happen when contractors aren't paying attention to the many theft opportunities the average construction business offers dishonest workers and others. For help establishing strong internal controls that address your company's specific risks, contact us.