Fraud and Internal ControlsApril 24, 2015
Jennifer Hogencamp, CPA, CHAE
The most recent recession sharpened a trend already in place across the national economy–companies run leaner today than they did 5, 10 or 15 years ago. The financial difficulties many companies are experiencing have reinforced a movement spurred by technological advances. Mainly, there are fewer people in the workplace handling more responsibilities.
Unfortunately for business owners and senior corporate executives, reduction of the workforce equates to fewer supervisors, thus less availability to oversee and audit operations. This condition is an invitation for employees to pilfer from a company–either by walking off with inventory or inappropriately handling receipts.
Fraud is a broad category that includes outright theft, payroll schemes, skimming and falsifying invoices, among other activities. A business’s fraudulent activity cannot be reduced by a single method. One must employ a comprehensive approach to fraud prevention by taking active, consistent steps to reduce the risk of such activity.
The tone for the workplace atmosphere is set at the top. Owners and senior executives must create an ethical business culture that employees can clearly understand and follow. Ethical behavior also starts at the beginning–the point at which candidates are considered for employment. It is critical that employers conduct due diligence, screening job candidates by contacting references, doing background checks and verifying employment histories.
Heading off fraudulent activity also requires regular reinforcement with current employees. Businesses large and small should conduct annual training on fraud prevention, detection and reporting. Also, the implementation of a whistleblower hotline may not only give employees access to a system to help uncover fraud, but it may thwart fraudulent activity by employees simply because it exists.
Fraud prevention also means giving employees a break. Require employees to take annual vacations so that the employee’s duties can be rotated to other staff, increasing the chances of catching a fraudster.
Another aspect of fraud prevention is internal control. Internal control is a comprehensive process designed to provide reasonable assurance regarding the reliability of financial reporting and compliance with applicable laws and regulations. It is a set of procedures put in place to prevent or detect significant financial misstatements and misappropriations of company assets. This practice goes beyond just focusing on bank account balances or trusting veteran employees to do the right thing. There are a number of internal controls that can be used to mitigate fraud risk.
Owners and senior executives need to be more closely involved in the financial aspects of their businesses. Assigning financial duties entirely to one manager invites fraud. There should be oversight by owners and senior executives on various business processes, a sampling of which includes review of:
Financial statements on a monthly basis (look at current year over prior year and month over month).
Payroll activity, such as, changes in pay rates and new hires, as well as a review of entire payroll registers for unusual names.
- Bank statements for unusual vendor disbursements.
Perhaps one of the simplest tactics is to lock up inventory and blank check stock. Limiting the size and type of transactions individual employees are authorized to make, and scheduling regular internal and external reviews of financial systems, will improve internal controls.
There is a series of internal control policies and procedures that can mitigate fraud. Although internal control reviews of all the business’s processes can be time-consuming, these should occur at minimum on a bi-annual surprise basis.
There are other simpler steps you can take to control operations. For instance, segregating duties is critical, even in a small business. Separate cash posting to customer accounts and access to receipts. Separate receiving cash from making deposits. Properly handle credit card transactions and data. Destroy credit card information as soon as possible and make sure your credit card data transmission is done on a secure line. Ensure that you PCI are compliant. Owners or senior managers need to review delinquent accounts to ensure they are accurate.
Do not ignore the red flags. Pay attention to employees who appear to live beyond their means or exhibit wheeler-dealer attitudes. Be sensitive to employees who may be going through a divorce, have family with medical issues and/ or other problems. Watch for staffers who refuse to share corporate financial duties and records. People who refuse to take vacations may do so because they fear their fraudulent activity will be discovered.
Fraud can occur whenever opportunity, pressure and rationalization come together to stress employees. With economic uncertainty pressuring many Americans these days, business owners and senior executives should be certain they have the internal controls in place to limit the opportunity for someone in their operation to commit fraud.