Article by Irene I. Papadopoulou*

Small and medium-sized enterprises (SMEs) are the main body of the Greek economy and an integral part of its production mechanism. The Greek economy has pinned its hopes on growth and gradual release from the long-term economic crisis on innovation, new technologies in e-commerce and talented human resources, sectors in which SMEs are investing, as confirmed by relevant research.

In their efforts to raise their stature, SMEs need to set up the right governance system, depending on their size and activities, to set medium-term development strategies and fortify themselves against risks that, if ignored, could be fatal. their viability.

One of the sensitive points of Greek SMEs is their inability to deal with fraud cases that are detected after they are committed, either internally, by their staff and executives, or by external sources, ending up bleeding the corporate property.

In order to have a better picture of fraud cases, the role of corporate governance and proposals for dealing with fraud risks in the Greek media, it is advisable to understand the magnitude of the companies we are talking about, which also determine their subsequent policies.

Which companies are characterized as small and medium (SMEs, MμE)?

For companies within the European Union, the criteria for the definition and distinction of SMEs, as provided for in the 2003/361 / EC recommendation of the European Commission, are the number of employees, the turnover and the total assets.

The current criteria until retirement are:

  • Very Small: number of employees from 0 to 9 and turnover or asset value from € 0.01 to € 2 million.
  • Small: number of employees from 10 to 49 and turnover or asset value from € 2 million to € 10 million.
  • Medium: number of employees from 50 to 249 and turnover or asset value from € 10 million to € 43 million.

Since the beginning of 2018, the European Commission has been consulting on the revision of SME discrimination criteria, as the above criteria have been in force since 2003 and certainly need to be reviewed. The results of the consultation are expected in the coming months.

According to the European Commission’s annual report for the period 2017-2018, very small businesses in Europe account for 93.1% of all businesses and 93.3% of non-financial enterprises. The percentages of Greek small and medium enterprises follow those of European companies.

Greek businesses are basically family and small, and their management is usually made up of members of the same family.

The most common cases of fraud in the media

Small and medium-sized enterprises around the world are exposed to all forms of fraud that plague any type of business, but are more vulnerable than larger businesses.

The purpose of this is not to make extensive reference to the types of corporate fraud, but to highlight what is most common in SMEs. In random order, the following are analyzed:

  1. Payroll fraud The payroll fraud is very common because most small businesses do not have security flaps and owners do not have the knowledge to handle these programs.Salary fraud has many forms. For example, they may be paid more for a specific employee than they actually are, or they may be required to pay a fee. Another case exists when an employee who is paid with a commission on sales declares incorrect sales.
  1. Cash theft Cash in a strange way often “disappears” in small businesses. This can happen either by not registering the collection in the books or by the natural loss of cash from the cash register.
  1. Check tampering This is the issuance of checks to non-existent beneficiaries either in the name of an employee or in a virtual business. In all cases, the company employee is involved in the fraud.
  1. Online banking This is the transfer of money to incorrect bank accounts. Cybercrime has never been so sophisticated, and SME owners are unscathed in fraudulent technology.
  1. False invoicing There are often two cases of fraud:
  • Receipt of a virtual invoice from a “manufactured” supplier, under the responsibility of a company employee.
  • Receipt of a regular invoice but transfer of money from a company employee to an account that does not belong to the supplier.
  1. Email for third party fraud (invoice email / CEO fraud) This is the case when email fraudsters impersonating company suppliers or the CEO advise guiding the transfer of money to alternative accounts.
  1. Revenue skimming In this case, when selling a product or service, the customer pays the cashier, who does not issue a receipt for collection. If it is also a retail sale, then the sale is not proven without proof, therefore it is not registered in the books and the income.
  1. Cyberfraud SMEs are particularly vulnerable to such scams, as they move very slowly in the development of secure electronic systems and security loopholes and are usually not known for sharing accounting responsibilities in terms of e-transfers. payments and entries.Investigations in England into the victims of the cyberattack have shown that the cost of such fraud in the media is more than £ 1,000 per incident, and more than 50,000 jobs have been lost due to necessary cuts made by businesses to cope with the cost of cyber attacks.
  1. Bribery – Here we have the usual phenomenon for the Greek data of the payment of a person who usually holds a “key position” in a public organization, in order to facilitate the business either bureaucratically or to avoid unbearable fines and penalties from tax or other infringements.

How is corporate governance related to fraud cases?

By definition, corporate governance refers to all these processes and methods by which an organization is directed and controlled.

The corporate governance defines the structure of the company, the strategy to be followed to achieve the goals, identifies the risks and how the company will manage them, while providing the opportunity for those interested to monitor the performance of management.

Companies that enforce corporate governance rules make good use of available resources, achieve effective internal organization, gain competitiveness, and ultimately promote healthy development through transparency policies. When there are structures, procedures are in place that ensure that those interested in the organization are not wronged by the actions or omissions of its administrators.

To achieve a corporate governance, management must have the freedom to manage without hindrance, but be controlled for the effectiveness of its management.

It is well known that in SMEs the roles of shareholder, management and managing director are often identical and not distinct. Especially in family businesses, where the issue of succession of the first generation from the second is raised, there are issues of difficulty in prioritizing responsibilities, differences of perception and lack of experience, especially among younger executives.

The main weaknesses as well as the responsibilities of the corporate governance in relation to fraud cases are focused (divisive or cumulative), mainly on the following:

  1. Inability to develop and implement a culture of ethical professional behavior at all levels of the company’s staff.
  2. Inability to set hierarchical levels in decision making and in approving payments for purchases – expenses – investments.
  3. Participation of board members in fraud scandals.
  4. Lack of information and training on fraud risk management.
  5. Inability to design, operate and supervise an adequate internal control system.
  6. Inability to be recognized by the members of the company in its environment (know your suppliers, know your clients, know your employees).

Especially the governance of small and very small family businesses is much more vulnerable to fraud, as:

– The younger generation taking part in the management of the business and expected to succeed the previous one is usually protected and not prepared for the succession.

– Talented executives outside the family are not used.

– Roles, responsibilities and decisions are concentrated in one person and are taken unilaterally, without control.

– Very small businesses do not invest in upgrading and security of their electronic systems, due to cost.

– The unconditional and limited confidence shown by the commanders in the staff.

Measures that can be taken to improve corporate governance

The best prevention for an SME in matters of fraud is to implement appropriate administrative structures, provide incentives for management to act within predetermined limits and make it clear to the business environment that there are no opportunities or tolerance for inside  fraud development.

The main measures that an SME can take to improve its governance in the direction of avoiding fraud are:

  1. Design and operation of an adequate internal control system, which assesses the vulnerabilities of the business and the potential risks of fraud.
  1. Participation in the administration of independent members of the Board of Directors, the selection of which must be proven by transparent procedures.
  1. Continuous training of the members of the Board of Directors, the Audit Committees (where they exist) and the executives of the company regarding their role and the recognition of data of fraud, as well as their confrontation.
  1. Adoption of a corporate governance code (mainly by medium-sized enterprises) that is applicable, flexible and easy to evaluate, both in the current closed and historically closed.
  1. Planning tailored to the operations of the regulatory body, with a rating of approval, which promotes internal communication and cooperation, especially in family businesses, in which the healthy relationship between members of the same family must be regulated.
  1. Creation by the administration of a code of ethics with a clear development of the business culture, the limits of professional conduct and the measures that will be taken in case of derogation. The code must be known to all staff. In small businesses, this code may be oral but transmitted to its members through regular meetings with management, in the context of healthy corporate communication.
  1. Written commitments from the members of the board of directors on confidentiality in corporate matters during and after their departure from the company.
  1. Utilization by the management of the enterprises (mainly of the medium) mechanisms of annual control and certification of their internal systems in matters of compliance with national or even international legislative provisions for the prevention and suppression of fraud.
  1. Develop scenarios for remedial practices in emergencies and plan activities to continue.
  1. Securing assets that are deemed vulnerable to fraud.
  1. Exchange of the members of the administration who approve payments for purchases – expenses – investments.
  1. Proper succession decisions in leadership when it comes to small or medium-sized family businesses. Prior to succession, newer members are required to be trained in their skills and abilities, as well as in financial management techniques.
  1. An appropriate balance must be struck between the needs of the business and the requirements of the family, in family-type businesses, so that corporate culture and corporate pursuits are not canceled out by individual or family interests.
  1. The company should know when to seek help. When there are suspicions of possible fraud, the management of an SME should not overestimate its capabilities, but communicate with experts to detect possible criminal activity and substantiate the category of possible responsibilities. Let’s not forget that once the fraud is detected, the company already has some costs, which, if the appropriate actions are not taken, are easy to grow.

Each business must be judged individually, based on its type, its structure, its size and its weaknesses in terms of fraud, in order to implement appropriate measures at the government level.

*Irene I.Papadopoulou is Director of Quality & Risk Management committee CPA, CFE, MBA, Partner of SOL CROWE
Source :