Internal Audit

Using Internal Controls to Detect and Prevent Fraud

Daniel Kim |
Using Internal Controls to Detect and Prevent Fraud

A successful fraud prevention program requires planning and effort, but the outcome is well worth the investment. Establishing a solid system of internal controls to prevent fraud is the most cost-effective method for limiting exposure and losses due to fraudulent activity. 

What Is Fraud?

Fraud is the intentional deception of a person, group, or organization for monetary or personal gain. Fraudulent activity includes any form of false statement, misrepresentation, or deceitful conduct. 

Since the inherent motive of fraud is to commit and conceal the deception, preventing and detecting fraud is difficult in the real-world environment. Especially in large corporations with interconnected processes and systems, analyzing the root cause of discrepancies then identifying the ulterior motive fraudulent is becoming a significant challenge for organizations worldwide.

How Can Internal Controls Help to Prevent Fraud?

Preventive controls are the internal control processes designed to stop fraudulent activity from occurring. Internal controls to prevent fraud remove the ability to conduct the fraud or to conceal the act. Internal controls to prevent fraud include both automated and manual controls. For example, an expense reimbursement application can prevent fraudulent activity by limiting a user’s ability. They should not be capable of requesting and approving their reimbursement. The system enforces a required independent approval as the preventive control. 

On the other hand, the control environment will still include both preventive and detective controls. Detective controls are designed to uncover the fraud after the act has been committed. For example, an analyst in the expense department may perform data analytics to look for anomalies in past transactions. The results could point to an employee consistently submitting reimbursement requests just under the threshold requiring receipts. The result is a fraud indicator that someone would continue to inspect.

Daily processes conducted by management should include internal controls to prevent fraud and controls for detecting fraud. The organization should never consider fraud controls as an afterthought. To enhance preventing and detecting fraud in the organization, the fraud control program should also include awareness training for managers. The best control environment is robust and includes a variety of controls to reduce losses to fraud.

According to the ACFE 2020 Report to the Nation on Occupational Fraud and Abuse, a typical organization loses 5% of its annual revenue each year due to employee fraud. Most common frauds include asset misappropriation (theft of cash, data, and property), corruption, and financial statement fraud schemes (deliberate misstatement, misrepresentation, or omission of financial statement data).

Who Is Responsible for Maintaining Internal Controls?

Like all internal controls, management is responsible for implementing, evaluating, and maintaining internal controls for preventing fraud. Other teams, like compliance and internal audit, are there to help as a consultant with control design, control effectiveness testing, and inspections in the event of fraud red flags. 

How Important Is Prevention and Early Detection to Reduce Instances of Fraud in an Organization?  

Prevention and early detection are crucial to reducing the instances of fraud in an organization. Internal controls play a crucial role in reducing the opportunities available to commit fraud. By implementing the following anti-fraud internal controls, and best practices for preventing and detecting fraud, organizations can expect considerably lower losses due to fraud.

Segregation of Duties

The Institute of Internal Auditors (IIA) describes the basic idea underlying segregation of duties as “no employee or group of employees should be in a position both to perpetrate and to conceal errors or fraud in the normal course of their duties.” That is, the work of one individual should be either independent of, or serves to check on, the work of another. The IIA classifies an employee’s duties into three categories: 1) Custody of Assets, 2) Authorization/Approval of related transactions affecting those assets, and 3) Recording and reporting related transactions.

Expense Reimbursements

According to the ACFE’s 2020 Report to the Nation, a significant portion of asset misappropriation schemes involve situations in which an employee claims reimbursement of fictitious or inflated business expenses. Management should ensure that the relevant policies and procedures surrounding employee reimbursements are communicated to employees and update whenever deemed necessary. Moreover, the approval flow for such reimbursements should include, along with the direct supervisor, other key stakeholders, such as affected business team members, payroll, or internal audit.

Whistleblower Hotline

Federal corporate whistleblower laws, such as the Sarbanes-Oxley Act and the Dodd-Frank Act, encourage implementing a robust corporate whistleblower mechanism. They do this by protecting the interests of employees, private contractors, and sub-contractors and creating an awards program to reward whistleblowers. Despite these federal regulations, the ultimate responsibility of implementing a solid whistleblower program lies with management. Historically, internal employee tip-offs have provided the best means of fraud detection. Hence, management cannot afford to neglect to have an internal whistleblower mechanism within their organization.

Periodic Reconciliation of Bank Accounts

Bank reconciliations highlight the differences between the cash per balance sheet and bank statement while also confirming the data recorded in the organization’s cash ledger. Depending on the organization’s size, bank reconciliations are performed daily, weekly, or monthly. The core duty of performing a bank reconciliation is to identify unexpected differences and prevent future occurrences, such as accounting delays, restricting auto-debits to vendors, etc.

Conclusion

In conclusion, management’s proactive approach towards detecting fraud and preventing fraud, coupled with strong internal controls, will ultimately decrease the opportunities to commit fraud and instill an ethical culture within an organization.

Daniel Kim

Daniel Kim, CPA, is co-founder of AuditBoard. Formerly global head of audit for two multibillion-dollar public companies, Daniel leverages his 15+ years of audit, risk, compliance, and SOX program consulting with hundreds of pre-IPO and public companies to deliver modern solutions for today’s corporate audit needs.

You Might Like

Learn how AuditBoard's integrated suite of easy-to-use software (audit management software, SOX compliance software, risk management software, audit workflow software, and compliance management software) can empower your team.