Internal control is what forms the bedrock of a fraud prevention program for any company. An employee or occupational fraud is often as a result of poor internal controls. This can be corruption, asset misappropriation or financial statement fraud like overstatements and understatements of net worth or the net income. The best way to create a fraud free environment is simply by creating a proactive internal control program in addition to having the ability to detect fraud.
Why internal controls?
Occupational fraud mostly arises out of the fraud triangle. A fraud triangle spells out the grounds upon which a worker decides to engage in a workplace fraud. It is divided into three stages namely:
Pressure on the individual – This can be the underlying motivation to engage in workplace fraud and can either be personal or workplace related. The individual sees the pressure as unsolvable and one that cannot be shared with others.
The opportunity to commit fraud– Here, the individual sees a course of action through which they can use their position to solve the problem in a way that they believe cannot be discovered. The perception of the opportunity is as a result of the thought that the problem can be solved secretly.
The ability to rationalize the crime-In this stage, the fraudster should be in a position to justify his or her crime in an acceptable way. This is mostly based on factors like personal issues and dishonest employers.
Internal control helps to achieve the objectives of the organization efficiently and effectively. This is by perceiving and preventing fraud to protect the property of the organization, both physical and non-physical like the image of the organization or company.
The cost of operational fraud
According to the Association of Certified Fraud Examiners (ACFE) 2018 Report to the Nations, the average corporate loss arising out of fraud in 2018 was $2.75 million. They also noted their study incorporated a few large outliers that impacted the data. Therefore, a mean loss of $130,000 appeared more relevant.
Controls that can be used to protect your company from fraud can either be automated or related to people like establishing a code of conduct. However, controls that are not automated can fail because people can choose to follow the policy or not. Secondly, not everybody will be honest enough with whatever guidelines or policies that have been put about. Internal audits and management review can monitor controls to ensure appropriate layers of review. The management should continuously review the controls in place to ensure that they are still functional. Secondly, internal audits provide a second layer of protection over management and help to ensure that the available controls work.
Controls that can be used to alleviate fraud
Management control, code of conduct and internal audit might not be enough to protect your company against fraud. Other controls need to be incorporated to ensure that fraudulent activities are caught fast, with ease and dealt with appropriately. This includes methods like proactive monitoring, surprise audits and management certification of financial statements. The following controls are a big deal when it comes to fraud prevention.
The Sarbanes-Oxley Act was approved as a response to Enron and WorldCom scandals focusing to protect employees from corrupt senior management and Board of Directors. SOX 404 focuses on IT controls related to financial reporting. The control requires more testing and documentation thus forcing the management and Board of Directors to certify the financial statements as part of SOX compliance holds them accountable for their actions and those of their juniors.
This is denying unauthorized users access to various parts of accounting system through electronic access logs, passwords and lockouts. This prevents access by unaccredited users thus availing a way to audit the system usage as a method of identifying error sources.
A requirement by specific managers to authorize particular types of transactions provides a base to beyond doubt that transactions have been seen and analyzed by the necessary authorities. Approval requirement for huge payments and expenditure can also help prevent employees from making fraudulent transactions using the company funds.
External auditors require proof that an organization has tested controls while compiling documentation in an easy-to-access single location. Rather than reaching out to multiple stakeholders who access information based on their roles, some companies allow workforce members to access the information they need to do their jobs. These authorizations enable compliance managers to access to IT department documentation but limits their ability to make any changes. This helps to maintain data integrity and at the same time ease departmental communication which helps to save time.
Ken Lynch is an enterprise software startup veteran, who has always been fascinated about what drives workers to work and how to make work more engaging. Ken founded Reciprocity to pursue just that. He has propelled Reciprocity’s success with this mission-based goal of engaging employees with the governance, risk, and compliance goals of their company in order to create more socially minded corporate citizens. Ken earned his BS in Computer Science and Electrical Engineering from MIT.