Anyone…at least that is how one should think when analyzing fraud risks.

Fraud is a hot topic. If you don’t think so ask someone who used to work for Enron or invested in Madoff’s investment company, they might change your mind. But, because of instances like these, people often think of fraud in large terms, and the mention of the words carries a lot of weight; when very often fraud occurs in all sizes and forms.

But, who is likely to commit fraud? Most people use what is commonly known as the fraud triangle to identify areas where one can commit fraud. The three criteria are Pressure/Incentive, Opportunity, and Rationalization.

The pressure/incentive trait is common with performance based jobs where there is motivation for employees to record false sales to meet sales/performance quotas or up their commission, or other incentive pay.

Opportunity rears its ugly head when an individual has too much control over one key process in a business. Let’s say a cashier at a bank did not have to reconcile the cash drawer at the end of the day. The “opportunity” is there for cash to be stolen without any knowledge of it being gone.

A big one in today’s economy is rationalization. This is commonly referred to as the “I deserve this,” mentality. Where an individual develops a frame of mind where they can justify their actions and commit the fraud even though it is outside their typical ethical guidelines. For example, the company is generating large revenue streams, but an employee needs money to pay for his kid’s summer baseball league; this employee could find themselves thinking “They won’t miss this money, and I can’t say no to my child.”

Now let’s not confuse fraud with honest mistakes, errors, or plain ignorance; there is a difference. Fraud is defined as “intentional” deception…intentional being the key word.

Stay tuned as we post methods to address these instances and help you to minimize fraud in your business.

In today’s world, organizations must consider the strength of their internal controls more than ever.  It is important to periodically review your internal controls to ensure that they are well-designed and operating effectively.  To determine if your system is well designed, take a particular type of transaction and trace it from its origin to its ultimate conclusion, asking yourself, “What could go wrong with this system?”  To evaluate the operating effectiveness, ask the various personnel involved in processing the transaction how they perform the various tasks, and watch them actually do the work.  You will be better able to determine if they are following the appropriate procedures.

When going throught this review, it is important to take the “person” out of the control and ask yourself, “If I had an unknown person performing this taks, would I be concerned?”  Because of the very nature of the types of services that most not-for-profits provide, they tend to hire caring, trustworthy individuals to perform various tasks.  While trust is certainly a needed attribute to have in an employee, it cannot serve as your only internal control.  If you also believe that an employee would never do anything wrong, you may be under a false sense of security.  We usually suggest to our clients that the internal controls be designed in such a way that it eliminates the opportunity for an employee to commit fraud.  This design not only can protect you, but the employee as well.

A key component of a well-designed internal control system is segregation of duties.  Proper segregation also helps to eliminate the opportunity to make errors or commit fraud.  To create proper segregation, the following tasks should be performed by different personnel:

• Authority (approving purchases, writing off bad debt, authorizing salary increases, approving new vendors)
• Custody (ability to write checks, make bank deposits, process cash receipts, manage inventory, make electronic withdrawals from bank and investment accounts )
• Recordkeeping (posting transactions to the general ledger, recording receivables and payables)

Need help in segregating functions or duties. Contact me.

In today’s world, organizations must consider the strength of their internal controls more than ever. It is important to periodically review your internal controls to ensure that they are well-designed and operating effectively. To determine if your system is well designed, take a particular type of transaction and trace it from its origin to its ultimate conclusion, asking yourself, “What could go wrong with this system?” To evaluate the operating effectiveness, ask the various personnel involved in processing the transaction how they perform the various tasks, and watch them actually do the work. You will be better able to determine if they are following the appropriate procedures.

When going through this review, it is important to take the “person” out of the control and ask yourself, “If I had an unknown person performing this task, would I be concerned?” Because of the very nature of the types of services that most not-for-profits provide, they tend to hire caring, trustworthy individuals to perform various tasks. While trust is certainly a needed attribute to have in an employee, it cannot serve as your only internal control. If you also believe that an employee would never do anything wrong, you are under a false sense of security. We usually suggest to our clients that the internal controls be designed in such a way that it eliminates the opportunity for an employee to commit fraud. This design not only can protect you, but the employee as well.

A key component of a well-designed internal control system is segregation of duties. Proper segregation also helps to eliminate the opportunity to make errors or commit fraud.

To create proper segregation, the tasks of:
(1) authority (approving transactions, writing off bad debt),
(2) custody (ability to write checks, make bank deposits, process cash receipts) and
(3) recordkeeping (posting transactions to the general ledger)
should be performed by different personnel or functions.

How do you, the organization, monitor internal controls? Write a comment…