Associate Partner
Audit & Advisory (France)
France: Fraud, a Major Challenge for SMEs – #1 Anticipate, Secure, Alert
- Fraud exposure rises sharply as 69% of companies report attempted attacks
- SMEs remain particularly vulnerable, facing average losses of €62,755 per confirmed case
- Simple prevention, rapid investigation and targeted remediation can significantly limit impacts
Julius Wunderle
Partner
Auditor, Certified Fraud Examiner, Certified Tax Advisor
Write to us without obligation:
Get in touch now
According to a recent survey, 69% of companies have experienced at least one fraud attempt during the past year. Yet, the risk remains widely underestimated, particularly by SMEs, where the average cost of confirmed fraud reaches €62,755, excluding numerous indirect impacts such as legal fees, restructuring costs, reputational risks, and more.
Too mature to rely solely on informal controls, but not large enough to implement complex and costly systems, SMEs are particularly vulnerable to internal fraud, even when they belong to an international group.
However, simple preventive measures, an effective response plan, and regular external support can significantly reduce the impact of fraud on a company.
1. Fraud
- Internal fraud, or occupational fraud, refers to any intentional act committed by an employee, executive, or manager to divert company resources for personal gain.
- Asset misappropriation is the most common method, accounting for 89% of cases. It includes cash larceny, inventory theft, payments to fictitious suppliers, falsified expense reports, or salary payments to ghost employees.
- Financial statement manipulation, though less frequent (5% of cases), is by far the most costly type of fraud. It includes understating expenses or liabilities, overstating revenues or assets, or recording accounting adjustments to meet performance targets.
Criminologist Donald R. Cressey’s model identifies three key elements behind fraudulent acts:
- Pressure: A personal or professional financial need (debts, costly lifestyle, unrealistic targets) that drives action.
- Rationalization: A moral or psychological justification used by the perpetrator (“I deserve this,” “Everyone does it,” “I’ll pay it back later”).
- Opportunity: Weaknesses in internal controls that enables fraud.
While the first two factors are largely beyond a company’s control, companies can act on the third factor by reducing opportunities through prevention.
2. The Context
SMEs often operate in an organizational middle ground: too mature for informal controls, yet not large enough to deploy structured systems. This creates fertile ground for internal fraud. Common vulnerabilities include:
- Limited segregation of duties: The same person can initiate, approve, and record a transaction.
- Informal processes: Approvals are given verbally, workflows managed in Excel, external review is rare.
- Trust-based culture: Close-knit teams may resist controls perceived as intrusive.
These structural characteristics call for proportionate and tailored prevention strategies.
Beyond structural vulnerabilities, SMEs now face an amplified fraud risk due to Artificial Intelligence, especially as cybersecurity budgets are often limited. Malicious uses of AI are numerous and include document fraud (fake invoices, purchase orders, supporting documents), financial statement manipulation (falsified reporting), identity theft and deepfake technology (e.g., simulating an executive’s speech), phishing attacks aimed at data theft, and more. In France, 52% of companies have already experienced a cyberattack involving AI techniques in the past twelve months.
3. Prevention
Prevention requires an integrated approach combining awareness, controls, and monitoring:
Ethical culture and staff awareness
- Train employees and executives on fraud risks, warning signs, and best practices.
- Formalize a code of conduct with clear rules and communicate potential sanctions.
- Encourage cross-department communication to break silos and strengthen collective oversight.
Operational controls and supervision
- Restrict access to certain tools and software based on roles.
- Reinforce internal controls through cross-checks, monitoring sensitive flows, and ensuring traceability.
- Secure payments by segregating critical tasks and applying the four-eyes principle.
- Use data analytics and reporting to track key indicators and detect anomalies.
- Conduct targeted fraud audits with regular reviews by experts to test system effectiveness.
Conclusion
Internal fraud is not a theoretical risk. It is a real threat for most companies, and SMEs are no exception. While it cannot be completely eliminated, its impact can be contained through a three-step approach: 1) prevent to reduce opportunities, 2) investigate quickly and discreetly to contain damage and preserve evidence, and 3) remediate to strengthen controls, prevent recurrence, and restore stakeholder trust.
Our teams are at your disposal to discuss and answer any questions you may have. Please do not hesitate to contact us.
For more information, don’t miss our upcoming webinar in 2026.