Over the past decade, business owners have become quite privy to the dangers and signs of fraud schemes. While credit card alerts and vendor screenings have become almost second nature, business owners often overlook one of the most common sources of fraudulent activity — their employees.
From high mortgage debts, climbing costs of living, budget cuts, and increasing costs of health care, there’s a clear (potential) motive for employees to turn to fraudulent behavior. A 2022 study by the Association of Certified Fraud Examiners (ACFE) revealed more than $4.7 trillion is lost annually to occupational fraud worldwide.
So what can you do to protect your company? Having a strong set of internal controls is the most effective and efficient way of protecting yourself against those looking to skim money off your bottom line. This does not need to be a complete internal control evaluation and implementation, but evaluating key transaction cycles and putting controls in certain key steps can go a long way to mitigating the risk of employee theft.
10 Signs There May be an Issue
- Unexplained variances between budgeted and actual costs
- Large liabilities related to unexpected contracts
- Employees living beyond their means or making sudden big-ticket purchases
- Abnormal changes in account balances
- Unusual write-offs or questionable transactions
- Shortages in cash, investments, or other assets
- Abnormal employee behavior (increased complaints, secretive about job function, unwillingness to cross-train, refusal to use vacation days, diversion of scrutiny under audit)
- Infrequent or late financial reports
- The accounting staff is behind more than 3 months on the preparation of monthly bank reconciliations
- Unexplained inventory shortages
Even if your company has a squeaky-clean fraud history, it’s a good idea to have the right controls in place to prevent attacks from happening in the future. There are two categories of controls: passive and active. Passive controls exist to prevent someone from having the opportunity to commit fraud, while active controls prevent the possibility of fraud to occur.
Two Categories of Controls
Types of Passive Controls:
- Audit trails and traceable trails
- Review process and procedures
- Focused or surprise audits
- Rotation of personnel
Types of Active Controls:
- Segregation of duties and functions
- Physical asset control (locks, check out systems passcodes, etc.)
- Document matching
- Signatures, signoffs, and document countersigning
- Passwords and PINs for mobile devices and computers
It’s important to remember that internal controls are a process, not a means to an end. They must be properly communicated, remain consistent and always stay enforced. In order to work effectively, internal controls must be persistently followed by every employee, manager and even owners. If your employees believe that someone is paying attention, then the chances of them attempting fraud will be moderated.
10 Best Practices to Implement Now
- Use payee positive pay
- Have Automated Clearing House (ACH) Protections
- Utilize direct deposit for payroll
- Daily reconciliation of bank accounts
- Implement vendor verification procedures
- Have controlled access to all payments and processing areas
- Separation of powers: Ensure that the person reconciling the bank accounts is different than the check signer, and be sure the person preparing daily bank deposits is different than the person posting customer payments to the general ledger
- Have as few bank accounts as possible: Be extra cautious if your organization has multiple bank accounts and know the business flow of each
- Question accounts that you are unaware of or may not know a lot about
- Set up an anonymous way for your employees to alert you if they have concerns or suspect fraud
Third-Party Help for Fraud and Internal Controls
While these best practices are a great start to building a strong safeguard, it’s a good idea to leverage a third-party to review your business and uncover potential problems. If you’d like to find out more about how an internal audit can help strengthen your company’s infrastructure, one of our internal control specialists is here to help.