How Creative Agencies Can Protect Themselves Against Business Fraud

Every business owner worries about the threat that fraud poses to their business, and business fraud statistics certainly validate these concerns. According to the Association of Certified Fraud Examiners’ (or ACFE) Occupational Fraud 2024 Report, it’s estimated that businesses lose 5% of annual revenue to fraud.  

Creative agencies experience fraud just like any other business category, and agency owners often struggle to determine how to prevent fraud from impacting their operations. Even as tech savvy as agency owners tend to be, stopping threats takes a deep understanding of the different forms of fraud.  

In this blog post, I highlight the most common types of business fraud and how to put measures in place to stop these attacks in their tracks.  

Types of Business Fraud and Scams 

This is certainly not an all-inclusive list; however, I’ve created a list of the most common types of fraud and scams marketing agency owners should be watching out for. The main categories include internal fraud threats and external fraud threats. 

Internal Fraud Threats 

Let’s dissect common internal fraud threats the creative agency industry experiences. 

Fictitious Vendors 

The first internal fraud threat we are covering includes employees setting up fictious vendors, which is possible when a business lacks internal controls. The employee enters their own bank account details in the vendor profile and sends “payments” to these fake vendors. All creative agencies want to intrinsically believe that their employees have sound character, but trust is a terrible internal control. External pressure can encourage employees to make poor decisions.  

To overcome this threat, I suggest a division of roles. This means that the same individual won’t be responsible for issuing, depositing, and recording payments. For example, an office manager might issue checks, a controller records the payments, and the agency owner reconciles and reviews them. Or, if you don’t have the bandwidth to do so, you might consider hiring an outside financial team, like virtual CFO teams, to oversee the reconciliation. 

Another way to prevent this type of internal business fraud involves the use of positive pay. Positive pay is a bank offering provided to business clients where a business sends the bank a list of checks to expect. This list contains check numbers, dollar amounts on each check, and the payee. If a check that does not match the information on this list is brought to the bank, the check is refused effectively stopping the fraudulent check from causing any harm to your business bank accounts. 

Credit Card Abuse 

Unfortunately, company credit cards can be abused by employees. While agency owners expect their employees to use company credit cards for business purchases only, employees can still choose to use cards for personal purchases.  

However, expense platforms, like BILL, can be used to better keep an eye on employee purchases. I’d also recommend that weekly expense reconciliations are completed to monitor for any unauthorized transactions.  

Clay Kniepmann, Forensic, Valuation, and Litigation Principal, sees several mistakes when it comes to bank reconciliations and advises businesses to avoid a common error: “Companies don’t always carefully consider WHO is performing the bank reconciliations. The person who performs bank reconciliations should not be the same person responsible for bookkeeping or issuing payments, as this would be akin to checking your own homework.”  

Payroll Fraud 

Another way employees commit business fraud is through the siphoning of agency cash to pay “phantom employees.” Similar to the act of creating fictitious vendors, professionals in charge of payroll can create fake employees and input their own account details into the employee profile. Then, the phantom employee is paid an unauthorized salary or bonus.  

Thankfully, this form of fraud can be prevented through oversight by a third-party payroll vendor or even a payroll team coworker performing a review.  

External Business Fraud Threats 

Cybersecurity Threats 

Phishing attacks are common fraud threats that can cause large scale damage if not avoided. A scammer poses as a real company and sends someone on your team a link to a document or PDF attachment that appears innocent. Often, the document or PDF appears to come from a vendor requesting payment or even a client requesting services.  

In reality, the attachment or link contains malware that infiltrates your computer system and steals sensitive data. Other popular phishing scams request sensitive information like bank account details from you or your team.  

Zero trust policies are essential for preventing phishing attempts. Zero trust policies are cybersecurity approaches that require technology users to be authenticated, authorized, and verified by company technology. Any users that are not authenticated are to be regarded with high suspicion. As an example, any email sent from outside of an organization is regarded with suspicion. Links and attachments found in these emails should not be opened if the email sender can’t be verified or authenticated.  

It’s always considered best practice to contact a vendor or client directly if an email is suspicious or contains cybersecurity red flags. Train employees on the risk of cybersecurity threats and how to watch out for them.  

Additional Fraud Prevention Strategies 

While we’ve already covered fraud prevention strategies specific to individual fraud threats, there are still a few additional tactics that you should implement to beat fraudsters. These controls are also helpful to prevent financial and accounting errors that might happen accidentally.  

Financial Audit Procedures and Fraud Examinations 

Audit procedures help prevent accounting scams. I recommend hiring an experienced audit professional to conduct a fraud risk assessment and help set up effective internal controls. Auditors are also equipped to look for signs of fraud that may be taking place within your agency. Hiring external auditors is helpful for small businesses that don’t have the staff numbers to enable proper checks and balances. 

Also, businesses of all sizes should consider keeping CFOs from direct access to cash. It’s unfortunate, but true, that CFOs are in a better position to hide fraud they commit themselves compared to an employee at an associate level who has their work checked frequently for accuracy.  

In the case that a CFO needs access to petty cash, ensure that another staff member must provide final approval to validate the authenticity of the business need.  

Review Processes Periodically 

Setting up effective financial policies and procedures is an essential first step to beating business fraud. However, it’s equally essential to review fraud prevention procedures on a regular basis. Scammers consistently take advantage of new technology, meaning new measures may need to be taken to avoid new types of fraud that haven’t previously existed. Procedure reviews can also uncover areas where current processes are failing and may need to be optimized.  

Identifying common vulnerabilities within your marketing agency should be your first step to stomping out fraud. The next step is to enforce fraud prevention strategies to combat the threats you’ve uncovered.  

If you aren’t sure where to start with your fraud prevention strategy or find yourself concerned that you may be a fraud scheme victim, reach out to our fraud and forensics team for a free consultation. 

Request a Consultation
View all Blog Posts

Our firm provides this information for general educational guidance only and does not constitute the provision of legal advice, tax advice, accounting services, investment advice, or professional consulting of any kind. The information provided herein should not be used as a substitute for consultation with professional tax, accounting, legal, or other competent advisers. Before making any decision or taking any action, you should consult a professional adviser who has been provided with all pertinent facts relevant to your particular situation. Podcasts posted by Anders CPAs + Advisors are not intended to be used and cannot be used by any individual or business, for the purpose of avoiding accuracy-related penalties that may be imposed on the taxpayer. The information is provided "as is," with no assurance or guarantee of completeness, accuracy, or timeliness of the information, and without warranty of any kind, express or implied, including but not limited to warranties of performance, merchantability, and fitness for a particular purpose. Please note that some content may be generated using artificial intelligence and is intended for educational and informational purposes only. In no way does listening, reading, emailing or interacting on social media with our content establish a professional relationship.