Importance of Internal Control System in Preventing Fraud

One of the issues that has been frequently discussed among internal audit professionals in recent years is fraudulent transactions in businesses. Undoubtedly, the effect of large-scale company scandals in the matter's gaining importance is quite large. After the financial losses caused by the scandals in question, the issue of what can be done to prevent fraud in businesses has entered the agenda of all relevant parties and studies on this subject have increased.

In many academic studies conducted after the company scandals, it has been shown that one of the main reasons for the scandals is the absence of internal control mechanisms that will enable companies to control risks, or the existence of major malfunctions and deficiencies in the existing internal control systems. As a matter of fact, the Sarbanes Oxley Act (SOX), which came into force in the USA after the scandals and brought radical changes to the corporate governance practices of companies, brought important rules for the effective operation of the internal control system in companies and significantly increased the responsibilities of company boards of directors, senior management and independent auditors.

Internal control system is accepted as a basic requirement for today's businesses. Factors such as the growth of businesses, the complexity of their activities, and accordingly the error and fraudulent transactions can be counted among the reasons that underlie this requirement. Due to these factors, it does not seem possible for business managers to control and/or manage business activities without establishing an effective internal control system.

As everyone knows, internal control can be defined as all kinds of policies, procedures and rules established/developed by senior management in order to achieve the financial and operational objectives of the company and to provide reasonable assurance on these issues. Today, almost any business, large or small, has a internal control structure. Sometimes it is formally designed, sometimes it is not officially established or ruled. Regarding that, in many businesses, control activities such as authorisation mechanisms, segregation of duties, physical protection, access procedures, etc. are in place.

On the other hand, there are a few basic principles that should be considered while designing internal control activities in businesses. These are:

? Segregation of duties: The most sensitive point in segregation of duties should be the protection of assets, registration and approval/authorisation functions within the enterprise.I gave many examples in my post so I won’t go in detail.

? Correct Authorisation and Approval : Each transaction must be carried out by obtaining the approval of the competent authority. This is important in all levels of the organisation.

? Adequate Documents and Records: Documents such as invoices, order slips, product delivery minutes, and accounting records are proofs of the realisation of transactions, and they must be stored in a computer and/or outside in a certain order. The importance of supporting documents is an integral part of the internal control system.

? Independent Controls: It refers to the independent control of the duties and processes by third parties from within or outside the enterprise. This can be done by external auditors in financial level or internal auditors in operational and financial details.

? Physical controls over assets and records: Business management needs to regularly monitor access to computers, buildings, warehouses and accounting systems.

To summarise, it can be said that internal control activities structured within the framework of the above-mentioned principles will contribute to preventing fraudulent transactions that may occur in all financial and non-financial business processes of enterprises. Because the internal control system will minimise the negativeness and uncertainties that may be encountered in these processes by connecting the ways of doing business in the enterprises to certain principles and rules. In addition, performing all transactions according to certain rules will bring business discipline within the organisation. This, in turn, will help the business to operate in a desirable way, protect assets, reduce cases of fraud and corruption, and increase compliance with laws and regulations.

The internal control system is not something that can be established once and then left to its fate. In order for the system to provide the expected benefit, the system should be monitored by the top management at frequent intervals. If there is a professional team working on behalf of internal control, they can perform these observations and monitoring activities on behalf of the management. For this reason, businesses need to constantly review their existing controls in order to identify risk factors and to minimise the negative effects of risks on activities, and revise them when necessary. When this process is done correctly and on time, risks, errors and fraud will be minimised.