Internal Controls and Fraud Prevention
Employee fraud is something we would all like to believe would never happen. We would like to think that everyone we have working for us is trustworthy and concerned about the wellbeing of the company. This may be true in most cases, but unfortunately, it is still a large problem in a wide range of businesses and so occasionally, sadly, your company may also be at risk.
Fraud can take the form of corruption, stealing, misappropriating assets or financial statement fraud by purposely reporting incorrect figures. In order to protect your company and make sure your data and finances are safe you have to find a way to prevent fraud by reducing the chances of an employee taking advantage. The best way to do this is to have stringent internal controls.
Why You Need Internal Controls?
It is rare that an employee will plan their fraudulent behavior in advance. Generally, it happens due to a mix of unfortunate situations that have become known as The Fraud Triangle. The reasoning behind it is that there has to be a pressure on the individual concerned, an opportunity to commit the fraud and an ability to rationalize their behavior. If all of these are fulfilled, then there are chances that an employee will commit fraud in the workplace.
- Pressure – The pressure to commit fraud can come from anywhere, either in the workplace or elsewhere. It can be a personal debt problem or a mistake at work meaning their reported figures are less than they should be. Either way, the employee feels that there is no way out except by indulging in fraudulent behavior.
- Opportunity – Because the employee is already envisaging engaging in fraud, if there is an opportunity to do so without being found out then it becomes more tempting.
- Rationalization – Once the employee has a reason to commit a fraud and an opportunity to do it secretly, then all that is left is for them to justify it to themselves. This can often be perceived as only fair because the employer is dishonest themselves, or their personal issues supersede the needs of a large company who ‘probably won’t miss the money anyway’. The more desperate they are, the more desperate the rationalization becomes.
Internal controls make sure that everyone is checked at every turn so that the opportunity never presents itself. Processes need to be implemented that protect the property of the organization efficiently and effectively and can be automated or carried out manually. Manual control can be a good start but often this can take a long time to audit and time-consuming to check on a day-to-day basis. Automation can protect a company in a more regimented way and it will also become harder for staff to skip steps and take short-cuts.
What Controls Should Be Used?
Internal controls will always need to be managed properly, with internal audits maintained frequently enough so that there is no opportunity to bypass the rules and agreed processes. There are three distinct ways that can help to eliminate fraud completely or catch it as soon as there is a transgression. Using these can benefit a company by finding problems as soon as they occur and allowing them to be dealt with quickly and easily.
- Sarbanes-Oxley Act – Shortened to SOX, this came about in 2002 after a number of scandals involving large companies like Enron and WorldCom to protect against fraudulent practices. It has a section specifically linked to internal controls, known as SOX 404, which requires a company to establish and prove its internal controls on financial reporting.
- Access Control – It is imperative that only authorized users are allowed to access sensitive areas like accounting systems in order to prevent anyone tampering with figures or altering reporting. This can be controlled using passwords and lockouts, but also essential are electronic access logs. These list when and who accessed a particular part of the system, and what changes were made.
- Approved Authority – This is a requirement for specific managers to be responsible for special types of transactions, or ones that involve particularly large sums of money, and creates a funneling aspect. For transactions to get passed, someone in authority has to have seen and accepted it making it less likely fraudulent payments will slip through the net.
Automated methods can help reduce the time needed to create evidence and reporting for compliance purposes by using automated workflow capabilities. Software can include proactive monitoring and a single system of record designed to be a central repository that fosters collaboration. Simplifying the way in which controls are recorded and allowing only those changes that are within the regulations makes sure that a company can be continually prepared for external auditing, maintaining data integrity and saving time.