The Importance of Internal Controls
The Daily Record, October 2016
According to the Association of Certified Fraud Examiners (“ACFE”) 2016 Report to the Nations on Occupational Fraud and Abuse, a typical organization loses 5% of its revenue to fraud each year. The median loss caused by occupational fraud cases surveyed between January 2014 and October 2015 totaled $150,000, with 23.2% of cases causing losses of $1 million or more. This is up from the median loss in 2012 of $140,000.
Occupational fraud continues to have a significant impact on businesses all around us. It is important for individuals and businesses to educate themselves on warnings signs and ways to mitigate the risks of fraud.
How is it done?
According to the ACFE, the vast majority, 76%, of all frauds were committed by individuals working in one of seven departments: accounting, operations, sales, executive/upper management, customer service, purchasing, and finance. This is not to say that fraud doesn’t occur in other areas, but these departments have a considerable amount of decision making authority directly affecting the financial position of a company.
The bulk of fraud falls into three primary categories: Asset misappropriation, corruption, and financial statement fraud. Since the 1996 Report to the Nations, these three categories have been used to organize fraud cases in what is known as the “Fraud Tree”. While minor modifications have been made since its inception, the general structure of the Fraud Tree still holds twenty years later.
Asset misappropriation is when an employee steals or misuses company resources. An example of asset misappropriation would be theft of cash. According to the ACFE’s survey, this category is the most common of the three, occurring more than 83% of these cases reported.
Corruption schemes include employees using their authority to influence a business transaction in a way that violates his or her duty to the employer in order to gain direct or indirect benefit. An example of a corruption scheme would be a bribe with a customer/vendor. Approximately 35% of the cases studied by the ACFE involved corruption.
Financial statement fraud involves an employee intentionally misstating or omitting material information in the financial reports. An example of financial statement fraud could be someone inflating revenue on the financial statements to meet strategic goals, or understating expenses. While financial statement fraud occurred in only 10% of the cases studied, the median loss was much more significant, at $975,000.
Who is doing it?
What does the typical perpetrator look like? When we think of fraud, we assume the people committing fraud are top executives with significant power and decision making abilities. While this is where the higher losses are seen, only 18.9% of frauds in this study were at the owner/executive level. According to the ACFE, approximately 40.9% of perpetrators were employees, and 36.8% were at the manager level.
As for gender and age, the study found that 69% of perpetrators were male, 31% female, which is consistent with reports from prior years. In addition, 55% of perpetrators were between the ages of 31 and 45. The study also found that most occupational fraud is committed by first-time offenders. Only 5.2% of perpetrators had previously been convicted of fraud-related offenses.
What are some warning signs?
There are several behavioral traits that perpetrators exhibit which can serve as a red flag for fraud. The following are the most common red flags to look out for:
- Someone living beyond their means
- Personal financial difficulties
- Close relationships with customers/vendors
- Excessive control issues
- Recent divorce or family issues
- Refusal to take vacationsAt least one of these traits was seen during 78.9% of the fraud cases reported to the ACFE.
How to Mitigate Risk
According to the ACFE, the most prominent organizational weakness that contributed to the frauds was a lack of internal controls, noted in 29.3% of cases, followed by an override of existing controls, which contributed to over 20% of the frauds perpetrated. Most businesses tend to take a corrective approach to fraud. Once fraud occurs, they implement controls to prevent it from happening again. Why not be proactive in protecting your business and have controls in place from the beginning?
This should start with the tone at the top. Management should ensure that the business and its employees encourage ethical conduct. If those in charge don’t make honesty and integrity a priority, why would anyone else?
It’s also important to provide employees with anti-fraud training. Explain to employees what constitutes fraud, and the financial impact fraud has on the Company. Make certain that employees know there is a zero-tolerance policy for fraud.
There should also be some sort of reporting mechanism in place for employees to anonymously report suspected wrongdoing. All employees should be aware of how to report, and feel comfortable doing so without fear of retaliation.
The business should also have basic anti-fraud controls in place for day to day operations. These will assist in preventing someone from having too much control, allowing them the opportunity to potentially commit fraud. The following are a lost of a few common internal controls:
- Use of authorizations
- Physical safeguards
- Job rotations
- Mandatory vacations
A Company should regularly monitor and reassess their risks of fraud and modify controls if needed.
There is no way to eliminate fraud. As we’ve seen, perpetrators continue to embrace new technology and devise new variations on schemes. Even with the strongest internal controls, a business is still at risk. Businesses must continue to assess their risks and ensure their internal controls are in place and working.