Four steps to prevent fraud in your business
Posted 16 Oct 12 by Scott Tobutt
In recent times, instances of fraud are at unprecedented levels. The reasons for this increase aren't entirely clear, although a tough economic climate may be contributing. The important thing is that the management and Boards of all businesses have structures in place for fraud prevention and detection.
Steps to Prevent Fraud
So what steps can management and the Board take to protect against fraud?
1. Be aware of the fraud risk areas
Fraud risks which organisations should consider include:
- lack of resources resulting in weak segregation of duties
- high level of management involvement, increasing the potential for controls override
- performance based remuneration
- information systems that lack integration
- lack of restriction over IT access controls
- automated payment systems and approval.
Fraud may take the form of asset misappropriation or financial reporting manipulation. Examples include:
- theft of cash or stock
- overstatement of employee entitlement provisions - such as annual, or leave taken with leave balances reinstated by staff
- invoice payments redirected to staff member bank accounts and not the supplier (due to insufficient control over EFT payments)
- theft of confidential information from databases for personal gain
- overstating of asset values, such as stock and fixed assets, to report favourable results in the annual financial report.
Management and Board need to proactively think about where fraud could occur within their organisation.
2. Ensure robust internal controls
Management and the Board need to have a good understanding of the control environment and should implement control activities that reduce incentives and remove opportunities for fraud. Controls include authorisation, performance reviews, information processing, physical stocktakes and segregation of duties. These controls should be continually monitored to ensure they are working effectively.
The following are examples of internal controls that would be present in an organisation with a robust fraud control system:
- Experienced and participative management that provides 'tone at the top', supported by a clear internal fraud and whistleblower policy which is regularly communicated.
- A risk assessment process which identifies, mitigates and monitors risk, including a formal risk register.
- Information systems that integrate different applications such as general ledger, payroll and fixed assets, and with appropriate access rights and master file changes reviewed.
- It should also be noted that the introduction of many of these controls will also result in efficiencies for the organisation.
3. Act on auditor recommendations
As part of the audit process the auditor should be reviewing systems and providing advice highlighting any control weaknesses. Often these are early signs of fraud risk.
Management should be proactive in addressing control gaps and implementing any recommendations.
4. Perform additional procedures
Additional procedures can provide a further layer of protection against fraud. For example PKF Lawler uses data mining techniques (electronic interrogation software) in our audit approach. The following are examples of tests which may highlight anomalies:
- General journal interrogation with dates (day of week and month), amounts, narrations and users analysed.
- Interrogation of invoice details and sequences.
- Analysis of internet banking logs and processing times.
- Interrogation of master file changes (e.g. pay rates, leave balances, etc) by time and user.
- Review of system log-on and security, and appropriateness of access rights by employee.
- Comparison of employee and supplier bank accounts for duplicates.
Management and Boards are starting to understand that the role of the auditor is not that of a bloodhound, with responsibility for detecting all frauds, but of a watch dog, providing an additional layer of protection in the prevention and detection of fraud. Ultimately, management needs to demonstrate they have an adequate internal control structure.
Assistance is available
In addition to the audit process, we can provide fraud training, internal control assessments, and interrogation of accounting systems to test the effectiveness of current internal controls and forensic accounting services. For more information or to discuss your requirements, contact Scott Tobutt on (02) 8346 6046 or email [email protected]