Victim Of Fraud? What Can Be Done To Prevent It From Happening?
It is not necessarily a question of “if” but possibly “when” and “how” your company will be a victim of fraud. While fraud can occur in any area of the business, it has been more commonly noted in the areas of Purchasing, Disbursements, Payroll and Inventory. When the dust has settled and the fraud investigation is completed, the Board of Directors and senior management will be asking the question – Why did the fraud happen (without being detected in a timely manner) and how can we prevent this from happening again?
Primary Reasons Fraud Occurs
Fraud usually occurs because of the following primary reasons:
- There is lack of segregation of duties.
- Authority and decision making is centralized to a few persons.
- Access to key applications and administrative system accounts are not controlled nor monitored.
- Review and oversight functions are inadequate or weak.
So how can we reduce the risk of fraud?
Yes, you guessed it! Internal Controls!
Although strong internal controls do not completely eliminate the risk of fraud, they do help in strengthening the control environment and significantly reducing the opportunities for fraud to occur. The company should use its own Internal Audit department or engage a third party consultant to perform an assessment of its internal controls. The purpose of the assessment is to identify control weaknesses and then take remediation steps to close the gaps.
Further, the following steps may be taken by management:
| ONE | Have a policy of mandatory vacations. There have been numerous cases where fraud was detected because the perpetuator was on vacation. |
|---|---|
| TWO | Have a formal Code of Ethics and obtain acknowledgement from all employees on an annual basis. |
| THREE | Senior Management and the Board of Directors should continuously demonstrate the importance of internal controls. |
| FOUR | Set up an easy method for vendors and employees to report fraud such as a whistleblower hotline number. |
| FIVE | Monitor employees’ access to key applications and privileged system accounts and the roles assigned on a periodic basis. |
The following are two sample areas where fraud can occur and the suggested steps that can be taken to prevent it:
Payroll
| How fraud is perpetuated | What controls can prevent it? |
|---|---|
| The Payroll Employee will present the Pre-Check Payroll Register generated from the payroll application to the Supervisor for approval. After approval, the payroll data is fraudulently changed and then the payroll is submitted for the final processing. The Supervisor does not bother to look at the final Payroll Register or match it with the approved Pre-Check Payroll Register and thus does not know that an unauthorized change was made. |
|
| Ghost employees or terminated employees accounts are used by the perpetuator to pay him/her. The checks received are then endorsed by the fraudster in his/her name or the direct deposit bank account in the system is manipulated. |
|
Disbursements:
| How fraud is perpetuated | What controls can prevent it? |
|---|---|
| Ghost vendors are set up in the system, fraudulent invoices submitted and payments made to such vendors. Further employees may setup own company and provide services to their employer without disclosing the ownership. |
|
| Fraudulent wire transfers are made from the company’s bank account. | Most of the banks now provide the functionality of having separate employees perform the following:
At least two persons should be required to send a wire transfer. |
| Fraudulent withdrawal is made by a vendor approved for ACH withdrawal from Company’s bank account. Most of the Companies provide ACH pull facility to some of their vendors exposing their balances to the risk of unauthorized withdrawals. | A maximum withdrawal limit should be set up for such vendors to reduce the exposure of funds of the company. Alternatively, vendor should obtain prior approval before making any withdrawal. |
| Duplicate payment is made to the same vendor. | Most of the General Ledger applications have functionality to prevent duplicate payments. Management should ensure that this functionality is enabled. Further, review of the Check Register by someone other than payment processor would reduce the risk. |
 |
Vivek Agarwal 609-520-1188 [email protected]
|
Ask Our Experts
To ensure compliance with U.S. Treasury rules, unless expressly stated otherwise, any U.S. tax advice contained in this communication is not intended or written to be used, and cannot be used, by the recipient for the purpose of avoiding penalties that may be imposed under the Internal Revenue Code.
