Skip to content

Prevent fraud at your construction company with a holistic approach





Most experts would agree that the best way to minimize fraud at any company, including a construction business, is to take a holistic approach. As the owner, you must set the tone at the top regarding a zero-tolerance, fully vigilant attitude toward criminal or unethical acts. And you need to create an organizational culture that features strong values, ethics and internal controls.

What are your specific risks?

The first significant challenge is understanding where and how you’re at risk for fraud. Be specific and realistic. Your vulnerabilities aren’t necessarily the same as those of similarly sized businesses or even your close competitors in construction. It all depends on how proactively you’ve addressed fraud prevention in the past and what new threats may have arisen.

Examine your risks objectively. The question isn’t whether your long-time bookkeeper might embezzle funds; the question is whether anyone in that job or another could steal from you. When assessing threats, consider both internal and external opportunities for malfeasance and how employees at any level of seniority could work alone or in concert to exploit them.

Once you’ve performed a thorough review of your construction company’s existing practices, consider the overall costs of your primary risks — including the consequences and long-term impact of letting them go unaddressed. Recognize that risk management is more than buying insurance; it’s working to ensure that you don’t need insurance because you’re taking steps to close gaps that fraudsters could exploit.

How can you better protect yourself?

Next, turn your attention to preventive strategies. If you don’t have a written code of ethics and an updated employee manual, now’s the time to work on both. As mentioned, fraud prevention begins at the top — with a clearly communicated commitment on the part of ownership and management. It isn’t enough that you have a code of ethics; you must be seen following it.

Then look at your internal controls. Did you consider fraud prevention when you designed them? If not, re-evaluate the controls with an eye on closing possible loopholes. Policies to consider implementing or reviewing for efficacy include:

  • Separating financial and accounting duties among two or more employees,
  • Duplicating sensitive tasks, such as double-signing checks over a certain amount,
  • Reconciling bank accounts,
  • Performing internal audits, and
  • Engaging an impartial external auditor to review your financial statements.

You don’t have to do it all yourself. Train trusted in-office supervisors or staff to spot fraud and do the same for on-site project managers. At the same time, don’t allow employees to create and manage their own fraud prevention policies. For instance, if your IT staff devises its own security measures, someone outside the department should determine whether the measures are appropriate and being followed adequately.

Which resources do you need?

Once you’ve determined your areas of risk and ways to address them, you might discover that you can’t do everything at once. If so, set priorities so you can allocate resources optimally.

Remember, every risk isn’t created equal. Some threats have the potential to cause damage that could cripple the company. But, viewed objectively, these types of threats are unlikely to occur as long as internal controls are in place. Fraudulent financial reporting, for example, can ruin a construction business. However, if financial statements are properly generated and regularly audited by a third party, malfeasance is usually difficult to hide.

Other potential problems may do less damage, but there’s a much better chance that they’ll happen. For instance, an overworked bookkeeper with a heavy mortgage could, with relative ease, exploit operational loopholes to embezzle money. In deciding how best to allocate your fraud prevention resources, assess the probability of different risks rather than simply their severity.

Finally, set up a continuous monitoring system that will allow you to track and adjust controls as changing circumstances require.

Who can help?

Fraud risk management can’t be a one-time or even once-in-a-while activity. Construction business owners must constantly evaluate their existing controls — comparing them with legal, regulatory and industry standards. We can help you establish strong internal controls and develop effective processes for monitoring your financials.

© 2022


Most experts would agree that the best way to minimize fraud at any company, including a construction business, is to take a holistic approach. As the owner, you must set the tone at the top regarding a zero-tolerance, fully vigilant attitude toward criminal or unethical acts. And you need to create an organizational culture that features strong values, ethics and internal controls.

What are your specific risks?

The first significant challenge is understanding where and how you’re at risk for fraud. Be specific and realistic. Your vulnerabilities aren’t necessarily the same as those of similarly sized businesses or even your close competitors in construction. It all depends on how proactively you’ve addressed fraud prevention in the past and what new threats may have arisen.

Examine your risks objectively. The question isn’t whether your long-time bookkeeper might embezzle funds; the question is whether anyone in that job or another could steal from you. When assessing threats, consider both internal and external opportunities for malfeasance and how employees at any level of seniority could work alone or in concert to exploit them.

Once you’ve performed a thorough review of your construction company’s existing practices, consider the overall costs of your primary risks — including the consequences and long-term impact of letting them go unaddressed. Recognize that risk management is more than buying insurance; it’s working to ensure that you don’t need insurance because you’re taking steps to close gaps that fraudsters could exploit.

How can you better protect yourself?

Next, turn your attention to preventive strategies. If you don’t have a written code of ethics and an updated employee manual, now’s the time to work on both. As mentioned, fraud prevention begins at the top — with a clearly communicated commitment on the part of ownership and management. It isn’t enough that you have a code of ethics; you must be seen following it.

Then look at your internal controls. Did you consider fraud prevention when you designed them? If not, re-evaluate the controls with an eye on closing possible loopholes. Policies to consider implementing or reviewing for efficacy include:

  • Separating financial and accounting duties among two or more employees,
  • Duplicating sensitive tasks, such as double-signing checks over a certain amount,
  • Reconciling bank accounts,
  • Performing internal audits, and
  • Engaging an impartial external auditor to review your financial statements.

You don’t have to do it all yourself. Train trusted in-office supervisors or staff to spot fraud and do the same for on-site project managers. At the same time, don’t allow employees to create and manage their own fraud prevention policies. For instance, if your IT staff devises its own security measures, someone outside the department should determine whether the measures are appropriate and being followed adequately.

Which resources do you need?

Once you’ve determined your areas of risk and ways to address them, you might discover that you can’t do everything at once. If so, set priorities so you can allocate resources optimally.

Remember, every risk isn’t created equal. Some threats have the potential to cause damage that could cripple the company. But, viewed objectively, these types of threats are unlikely to occur as long as internal controls are in place. Fraudulent financial reporting, for example, can ruin a construction business. However, if financial statements are properly generated and regularly audited by a third party, malfeasance is usually difficult to hide.

Other potential problems may do less damage, but there’s a much better chance that they’ll happen. For instance, an overworked bookkeeper with a heavy mortgage could, with relative ease, exploit operational loopholes to embezzle money. In deciding how best to allocate your fraud prevention resources, assess the probability of different risks rather than simply their severity.

Finally, set up a continuous monitoring system that will allow you to track and adjust controls as changing circumstances require.

Who can help?

Fraud risk management can’t be a one-time or even once-in-a-while activity. Construction business owners must constantly evaluate their existing controls — comparing them with legal, regulatory and industry standards. We can help you establish strong internal controls and develop effective processes for monitoring your financials.

© 2022

Emil Estafanous, CPA, CFF, CGMA