Fraud and Internal Controls
Knowing when to check your checks and balances
Over the past decade, business owners have become quite privy to the dangers and signs of fraud schemes. While credit card alerts and vendor screenings have become almost second nature, business owners often overlook one of the most common sources of fraudulent activity — their employees.
From high mortgage debts, climbing costs of living, budget cuts, and increasing costs of health care, there’s a clear (potential) motive for employees to turn to fraudulent behavior. A 2016 study by the Association of Certified Fraud Examiners revealed that a typical organization loses 5% of annual revenue to fraud, with the median loss being $120,000.
So what can you do to protect your company? Having a strong set of internal controls is the most effective and efficient way of protecting yourself against those looking to skim money off your bottom line. This does not need to be a complete internal control evaluation and implementation, but evaluating key transaction cycles and putting controls in certain key steps can go a long way to mitigating the risk of employee theft.
10 Signs There May be an Issue:
- Unexplained variances between budgeted and actual costs
- Large liabilities related to unexpected contracts
- Employees living beyond their means or making sudden big-ticket purchases
- Abnormal changes in account balances
- Unusual write-offs or questionable transactions
- Shortages in cash, investments or other assets
- Abnormal employee behavior (increased complaints, secretive about job function, unwillingness to cross-train, refusal to use vacation days, diversion of scrutiny under audit)
- Infrequent or late financial reports
- Accounting staff is behind more than 3 months on preparation of monthly bank reconciliations
- Unexplained inventory shortages
Even if your company has a squeaky-clean fraud history, it’s a good idea to have the right controls in place to prevent attacks from happening in the future. There are two categories of controls: passive and active. Passive controls exist to prevent someone from having the opportunity to commit fraud, while active controls prevent the possibility of fraud to occur.
Types of Passive Controls:
- Audit trails and traceable trails
- Review process and procedures
- Focused or surprise audits
- Rotation of personnel
Types of Active Controls:
- Segregation of duties and functions
- Physical asset control (locks, check out systems passcodes, etc.)
- Document matching
- Signatures, signoffs, and document countersigning
- Passwords and PINs for mobile devices and computers
It’s important to remember that internal controls are a process, not a means to an end. They must be properly communicated, remain consistent and always stay enforced. In order to work effectively, internal controls must be persistently followed by every employee, manager and even owners. If your employees believe that someone is paying attention, then the chances of them attempting fraud will be moderated.
10 Best Practices to Implement Now:
- Use payee positive pay
- Have Automated Clearing House (ACH) Protections
- Utilize direct deposit for payroll
- Daily reconciliation of bank accounts
- Implement vendor verification procedures
- Have controlled access to all payments and processing areas
- Separation of powers: Ensure that the person reconciling the bank accounts is different than the check signer, and be sure the person preparing daily bank deposits is different than the person posting customer payments to the general ledger
- Have as few bank accounts as possible: Be extra cautious if your organization has multiple bank accounts and know the business flow of each
- Question accounts that you are unaware of or may not know a lot about
- Set up an anonymous way for your employees to alert you if they have concerns or suspect fraud
While these best practices are a great start to building a strong safeguard, it’s a good idea to leverage a third party to review your business and uncover potential problems. If you’d like to find out more about how an internal audit can help strengthen your company’s infrastructure, one of our internal control specialists is here to help. Contact us at 925.271.8700 or at email@example.com.