Fraud: Awareness. Controls. Testing.
Sandra Baptist
UK Certified Accountant | Int’l Business Strategist | High-Performance Trainer | Helping CEOs and Leaders get productivity, No B.S. results and profitability | Revenues are temporary ? Profits are forever?
Fraud is a common threat to all businesses. No matter the size or its financial status, fraud and fraudulent behaviour can occur in any organization. Therefore all employees, owners, directors and managers must first of all be aware that fraud can occur in their company organisation. Internal controls must be set up and must be followed and finally the controls must be tested and tested regularly.
There are two types of frauds which can occur in a business: internal fraud and external fraud.
In an attempt to control and prevent the likeliness of internal fraud occurring in a business, all temptations to commit fraud must be removed. In doing so, the owner and management of the business must consider:
i. The opportunity for feedback from your staff whether being negative or positive,
ii. To reward staff fairly,
iii. To check all references and learn to see what is written ‘between the lines’ or seems to be omitted,
iv. To segregate duties in all areas of their business.
For external fraud (shoplifting, credit card fraud, cheque fraud, scams and break-ins), following suit to internal fraud, strong internal controls will help to prevent it. The internal controls should be visible and, where appropriate, visible to staff and customers (e.g security cameras on the cash register). Any offers that appear from an unknown supplier should be carefully checked and also be aware of fax-back offers and internet officers.
In every typical system of internal controls, basic controls exist. The most relevant basic controls are grouped into three categories: physical access, job descriptions, and accounting reconciliation.
The first of which being physical access includes measures such as:
i. The practice of locking doors, desks and filing cabinets. This will ensure that unauthorized personnel, either within or outside the organization, cannot gain access,
ii. Utilizing employee IDs and passwords, computer security systems (e.g access cards that record time of entry and of exit). Any system should provide the owner with audit reports of the activity,
iii. The equipping of electronic surveillance systems, which should include as much new innovation, such as biometrics (including, for example, iris scans and voice recognition), that the business is able to afford.
The second basic control which is job description, when it is very specific, is a very effective fraud prevention tool. An effective job description, which reduces the chances of fraud or fraudulent behavior is one which consists of:
i. What exactly is expected of each employee
ii. A reflection on the importance of the division of duties, segregating all duties, especially the sensitive ones. If there is at any point you, the owner or management, realize an employee is performing duties outside their job description that is a major red flag.
iii. A specification stating that all employees must take annual leave regularly. This is a very effective preventative tool because an employer is more likely to discover perpetrators running an ongoing fraud scheme when they are removed. The need for formal job descriptions is often underestimated by business owners, normally being considered as ‘more useless paper’. At other times, owners create job descriptions but then ignore them. This attitude invites trouble.
The third basic control which, in corresponding to its position, is the third most important basic control. It is accounting reconciliation and analyses.
Regular, appropriately performed accounting reconciliations will highlight discrepancies that can point towards fraud and will make it difficult even to the extent of being impossible for persons within the business to conceal fraudulent behavior.
To achieve this, it is necessary that your Accounting Department perform regular accounting reconciliations such as Bank reconciliations (for all accounts), accounts receivable reconciliations (both month to month and general ledger to sub-ledger) and accounts payable reconciliations (again, both month to month and general ledger to sub-ledger).
Additional controls that could be implemented to prevent fraud are:
i. Consistent and strong supervision. If there are instances where a manager or supervisor actually takes charge of or alters the work of a subordinate, this is a problem. In fact, override itself is a red flag, as it suggests that the manager or supervisor may be engaged in fraud or the concealment of one. Good supervision consists of fraud awareness, and approval, review, double checking and re-doing.
ii. Fraud Awareness. Supervisors must be alert to the possibility of fraud whenever an unusual or exceptional situation occurs, such as complaints from suppliers or customers, discrepancies that don’t make sense, or accounting reconciliations that don’t balance. If a manager’s mind is closed to the possibility of fraud during an unusual or exceptional situation, the risk of the fraud continuing unabated increases greatly.
iii. Approval, review, double-check and re-doing. This is going beyond the typical approval function. A more thorough review, double-checking employees’ work and re-doing some tasks may be necessary and should be approached diligently.
If you require assistance setting up your internal controls or testing your internal controls, at PACCS Inc. we offer Internal Audit and Consulting services. Schedule a 15-minute discovery session so we can determine how we can assist you.