Does Your Lack Of Internal Controls Leave You Vulnerable To Occupational Fraud?
There are a lot of business owners and managers out there who are content to “trust” that everything is on the up-and-up in their back-office when, in fact, fraudulent activity is taking place right under their noses. Unfortunately, no matter how much you may like, respect, and trust a person, there is no denying that, in the end: Trust Is Not An Internal Control. Failing to put the proper checks and balances in place, opens you up to occupational fraud. What are you doing to protect your business, nonprofit, or government entity? And, what are you doing to monitor the strength of your existing internal controls?
Read Also: When The Suspect Works For You
What Are Internal Controls?
Internal controls are methods organizations utilize to ensure protection from fraudulent activity while making sure processes run smoothly. They also help others throughout the organization know that certain procedures are being followed. The primary purpose of your organization’s internal controls is to help to safeguard assets against possible fraud and corruption.
Internal controls have shown to be an excellent preventative measure against fraudulent acts. Organizations that have an internal controls strategy in place are statistically less likely to be victims of fraud, which is demonstrated below.
Internal Fraud By The Numbers
According to the Association of Certified Fraud Examiners’ (ACFE) 2020 Report To The Nations on Occupational Fraud and Abuse, internal control weaknesses were responsible for nearly one-third of all frauds committed. However, with anti-fraud controls in place, lower fraud losses and quicker detection were reported. Additionally, according to the report, certain fraud risks, such as billing fraud, and fraud associated with payroll, and check and payment tampering, were more likely to occur in small businesses.
Other interesting statistics from the ACFE’s 2020 Report include:
- The four primary weaknesses that contributed to occupational fraud include:
- An overarching lack of internal controls (32%)
- Overriding of existing internal controls (18%)
- Lack of management reviews (18%)
- Poor tone at the top (10%).
- Fraud is more likely to occur in small companies due to a lack of internal controls (43%). In large companies, fraud is more likely to result from overriding existing internal controls (20%). Moreover, manager-level employees are more likely than those in other areas of the organization to override existing controls.
- More than half of all occupational frauds reported by employers came from the following four departments:
- Operations (15%)
- Accounting (14%)
- Executive/upper management (12%)
- Sales (11%).
- The average fraud scheme will go on undetected for about 14 months. The longer a fraud goes on, the greater the financial loss to the company.
Good news! There are ways to detect fraud. They include:
- Tips are the most effective way to detect fraud in organizations (43%). Employees blow the whistle 50% of the time.
- The addition of a fraud reporting hotline continues to be one of the best controls an organization can have in place.
- Organizations with hotlines detected fraud more quickly than those without hotlines (12 months vs. 18 months).
- The median losses were nearly doubled at organizations without hotlines. ($198K vs. $100K).
- Most fraudsters (85%) displayed at least one behavioral red flag. Half of all cases exhibited multiple red flags. The most common behavioral red flags are:
- Living beyond their means (42%)
- The report states “fraudster living beyond his or her means is the most common red flag by a sizable margin. This has ranked as the #1 red flag in every study since 2008.”
- Financial difficulty (26%)
- Unusually close association with vendor/customer (19%)
- Control issues, unwillingness to share duties (15%)
- Irritability, suspiciousness, or defensiveness (13%)
- “Wheeler-dealer” attitude (13%)
- Divorce/family problems (12%)
This report is really an interesting read and includes a lot of great insight. I encourage you to check it out.
Listen to episode 266, “How Are They Stealing My Information? Fraud Protection 101,” on unsuitable on Rea Radio, Rea & Associates’ award-winning weekly podcast.
Do You Need (Better) Internal Controls?
The first thing to remember as you are contemplating whether your organization needs to put internal controls in place (or whether you need to better improve, monitor and manage your existing internal controls) is that a strategy rooted in trust is completely insufficient. Next, ask yourself the following key questions to gain greater insight into your level of risk:
- Are you requiring dual signatures on purchase orders and requisitions?
- Have you ever thought about the receiving report or invoice?
- Have you included segregation of duties into your internal controls?
Read on to discover what your answers say about the security of your organization while gaining insight that can help you improve your internal controls.
You Can’t Afford To Do Nothing
If you’re struggling with implementing and maintaining segregation of duties in your back office, don’t worry. You’re not alone. However, if one person has the sole authority to approve all forms of purchasing and receiving, you should be concerned.
Imagine the many ways fraud could occur if, for example, your maintenance supervisor was responsible for filling out the requisition for the approval of cleaning supplies. Then, after the approval process, this same maintenance supervisor goes on to fill out the purchase order and signs it. Finally, once the purchase is received and the purchase order is processed, this same individual is responsible for marking the items as received on the invoice or signing the receiving report. In this scenario, how would you even know if the cleaning supplies arrived or cost what they reportedly cost? What’s to stop your company’s assets from walking out the door?
Read Also: Business Owners Can’t Do It All
How Segregation Of Duties Works
Segregation of duties is one of the easiest and most effective internal control procedures an organization can establish, many leaders have a hard time putting this strategy into place.
All too often we see failure in the segregation of duties involving the approval process for requesting goods and the approval of receiving the goods. And the risk spans every department. Just think of all the areas that could be at risk because you don’t have multiple pairs of eyes on the situation.
- Determine if the employee who performs the accounts payable or payroll functions is the same employee who performs and approves the bank reconciliations.
- Find out if the person who collects the game ticket sales the same person who reconciles the ticket receipts to the stubs and deposits the money.
- Ask yourself whether the person responsible for ordering and dispersing new technology, such as laptops, phones, tablets, etc., is the same person responsible for ordering and receiving the deliveries.
If you map out your organization’s internal controls and discover one or two people are responsible for certain key aspects of business, seek help immediately.
Protect Your Organization From Fraud
Implementing a procedure where a separate employee signs the receiving report essentially strengthens your company’s controls and reduces items that could be stolen. If you need help getting started or if you have more questions about occupational fraud and how you can prevent yourself from becoming a victim organization, email Rea & Associates to speak with one of our certified fraud examiners today.
By Allie Hinton, CFE (New Philadelphia CPA Firm)
Looking for more tips to help you protect your business? Check out these resources:
Sign up to receive regular tips and insight from Rea & Associates!
This article was originally published in 2019. However, due to the popularity and the publication of updated fraud statistics, we have updated the piece. Reach out to our team if you want to learn more about internal controls and other ways you can help prevent fraud in your organization.