Why small business CFOs must build ethical awareness
After two years of COVID-19-driven economic turmoil, many companies, especially small- and medium-sized enterprises (SMEs), are running low on cash and hope. As a result, the incentive to cut corners, including ones requiring questionable ethics, has never been greater. Chief financial officers, known for demonstrating strong professional ethics, must play a leading role in navigating these challenging times. CFOs must support their CEOs, cross-functional partners, boards, and owners by shining light on the ethical blind spots and helping protect against potentially severe errors in judgment.
Higher Risk of Fraud
According to the Association of Certified Fraud Examiners’ (ACFE) 2020 Report to the Nations, many fraud risks are higher in small businesses (fewer than 100 employees) than in large organizations. Indeed, the risk of billing fraud is two times higher, payroll fraud is two times higher, and check and payment tampering is four times higher. But why?
Unfortunately, a few SME owners, CEOs, and other leaders play in the gray or aren’t concerned by the ethics of their business practices. Being an idealist, though, I believe such individuals are the exception. Instead, I think the higher risk of fraud and unethical business practices is primarily due to a lack of awareness and the unique challenges faced by SMEs.
CFOs and their teams of finance and accounting professionals are traditionally known for integrity and trust. We start building ethical awareness in the classroom and solidify this awareness by joining professional organizations that require adherence to their respective ethical codes, such as the IMA Statement of Ethical Professional Practice or the AICPA Code of Professional Conduct. Indeed, if we don’t abide by these codes and participate in ongoing ethics training, we will lose our certifications. Professional ethics is in our DNA and is continually reinforced along the way.
Our cross-functional partners are experts in their respective fields. They drive the operations, from developing business leads and sales to delivering products and services. Too often, though, they don’t think about the financial side of the house, and they lack the CFO’s heightened ethical awareness, especially if not subject to a formal code of conduct within their profession or the company. As such, they may experience moral blind spots or gaps between their intended and actual behaviours.
The management team and other employees wear multiple hats; some, but not necessarily all, are within their areas of expertise. The founder or CEO, possessing a strong personality and high self-confidence, may not be open to feedback. The board of directors, if dominated by the founder or CEO, other internal leaders, and personal friends, may not provide adequate oversight.
Many policies are undocumented, if they exist at all, opening the door to inconsistent application and favouritism. Vendor and customer relationships may become chummy or overly casual over time. Conflicts of interest may go unnoticed.
Also, there tends to be minimal internal control in small companies. Segregation of duties challenges is the norm. Many policies are undocumented, if they exist at all, opening the door to inconsistent application and favouritism. Vendor and customer relationships may become chummy or overly casual over time. Conflicts of interest may go unnoticed.
Finally, lower pay often makes it challenging to hire and retain highly qualified, experienced talent. Unfortunately, by their nature, SMEs face a variety of unique challenges that increase the risk of fraud and unethical business practices.
What to Do
CFOs should take a leading role in building their organizations’ ethical awareness and addressing its unique challenges, including consideration of the following:
Tone at the Top: Define the organization’s values, operating philosophy, and standards of conduct, expressing the expectations in value statements, ethical codes, company policies, and communications. Moreover, the CEO, CFO, and other leaders must walk the walk to ensure consistency between their actions and those expectations.
Code of Conduct: To significantly increase ethical awareness, formally document the company’s business code of conduct, train employees on how it applies in real-life situations, and require them to acknowledge that they understand and follow it.
Governance: Appointing a board of friends is poor governance and will likely hurt the organization in the long term. Instead, appoint directors with the expertise and independence to effectively challenge management, provide oversight, and act as a sounding board, especially when related subject matter expertise is lacking internally.
Documented Policies: Policies require clarity, communication, and consistency. Key policies should be documented. If formal policies don’t exist, prioritize where to start (e.g., policies regarding segregation of duties, a delegation of authority, conflicts of interest, travel reimbursement.). Then refine these policies as needed over time (e.g., policies impacted by advances in technology and the transition to remote/hybrid work should be revisited).
Segregation of Duties: Analyse roles and responsibilities and then address the highest risk areas. Consider investing in cross-training (e.g., cross-train your payroll associate and require the back-up to run payroll at least quarterly).
Internal Controls: Establish tighter controls, especially in high-risk areas such as cash, payroll, and customer billings. To mitigate check and payment tampering risk, for example, address segregation of duty concerns, use check logs, leverage your bank’s positive pay controls, and review account reconciliations promptly.
Financial Reporting: Ensure financial closings are completed timely and accurately. Leverage closing checklists. Lock prior periods once the close is complete. Perform detailed reviews of the financial results, including variance analysis. Issue reports promptly and ensure management has an understanding of them, including their accountability. Finally, consider investing in a quality CPA firm to audit the financial statements rather than using an individual family friend practitioner to prepare reviewed financials.
Vendor and Customer Relationships: Consider having multiple touchpoints for each significant vendor and customer relationship to avoid the development of unhealthy relationships. In addition, clarify policies regarding accepting gifts from or giving gifts to such partners. Finally, clearly define conflict of interest policies and require disclosure of all pertinent personal relationships.
As the finance chief, you are the arbiter of ethical and effective business practices. You must shine the light on your organization’s potential ethical blind spots, fostering accountability throughout the organization, up to and including the CEO, cross-functional partners, and the board.
About the Author
J. Stephen McNally, CMA, CPA, is Chair of IMA's Global Board of Directors for the 2021-2022 fiscal year. He is also chair of IMA's Governance Standing Board Committee, the IMA Europe Board, and the ICMA Board of Trustees. In his role as Global Board Chair, Steve oversees all Global Board committee work, presides over all Global Board meetings, and works closely with IMA’s president/CEO to ensure that staff and the Global Board are engaged and achieving IMA’s strategic plan.