If internal controls are less than 100 effective why should they be employed at all

By Angie Abfall

All businesses are susceptible to fraud, but most vulnerable are small businesses with less than 100 employees. The biggest risk may come from your own employees. Ideally, a business should not have tasks like paying the bills, signing checks, mailing payments and statements, and reconciling the bank account be the responsibility of the same person. Yet many organizations cannot afford to hire additional staff to ensure proper segregation of duties.

They tend to invest less in technology to monitor processes and controls, too. And they are likely to confer too much trust in an individual, especially long-term employees, friends or relatives, making the business more vulnerable to fraud.

A survey by the Association of Certified Fraud Examiners (ACFE) released this year highlighted the significant risks businesses face from individuals within their organization. Among the key findings in the latest Report to the Nations:

• Organizations lose approximately 5% of revenue to fraud each year.
• A typical fraud lasts 12 months before detection.
• The most common scheme involves corruption (two or more perpetrators).
• Nearly half of the reported frauds occurred in operations, accounting, executive/upper management or sales departments.
• The industries with the highest losses were real estate, wholesale trade, transportation and warehousing, construction and utilities.
• A full 85% of perpetrators displayed behavioral red flags.
• The problem appears to be worsening since the start of the COVID-19 pandemic. Another ACFE report found that more than half of organizations have discovered more frequent incidents since then, compared to prepandemic times.

A lack of internal controls contributes to a range of schemes. A common occurrence is fraudulent expense reimbursements obtained through fictitious receipts, no supporting documentation, no approval process or forgery.

More complex fraud involves the creation of a shell company bearing a similar name to the company, vendor or customer. Company payments or deposits are rerouted to the shell company and account balances are written off. These may involve long-term, highly trusted employees with unsupervised access to company assets and the authority to override or circumvent systems.

Tips to lower fraud risks

Providing regular fraud awareness training for all employees is an important start to minimize fraud within your organization. Training should include instilling awareness of the following behavioral red flags:

• Big lifestyle changes or other perceptions that someone is living beyond their means
• Financial difficulties
• Unusually close relationship with a vendor/customer
• Control issues such as unwillingness to share duties
• Changes in behavior such as irritability, suspiciousness or defensiveness

Of course, the existence of a red flag is not proof of fraud. But these observations are worth paying attention to.

Ensure a proper mechanism is in place for individuals to report suspicions. An anonymous hotline run by an outside third party makes it easy for people to report suspicions without fear of repercussions.

What else can you do?

• Provide strong internal controls that are monitored and tested. These should include proper segregation of duties, use of authorizations, physical safeguards, job rotations and mandatory vacations.
• Be careful when placing too much trust with one individual. Your unconscious bias, stemming from a personal friendship with an employee, can keep you from recognizing red flags.
• Make employees aware that the organization is actively monitoring and testing systems to detect fraudulent activity. These efforts could include using data analytics or conducting surprise audits. Performing a data analytics test of addresses in the master vendor file and comparing it to the employee master file could reveal a shell company scheme. Identifying any payroll checks with no deductions or duplicate direct deposit numbers could reveal a ghost employee scheme. Fraud incidents are likely to decline when individuals know such measures are in place.
• Hire an outside party to perform a fraud risk assessment. This assessment is designed to identify and mitigate the company’s vulnerabilities to internal and external fraud.

Maintaining best practices in hiring and retention can also help with fraud mitigation. These include. past employment verification, background and reference checks.

Commit to an open-door policy with your employees. An individual should feel comfortable speaking with management about pressures they may be dealing with or other items that are bothering them. Provide employees with an employee support program to assist individuals struggling with addiction, family or financial problems, or health issues they might feel uncomfortable discussing with their superiors.

When developing benchmarks, performance measurements and incentive and commission-based programs, be aware of the behaviors they might drive and how they might be manipulated. Create a process to monitor for those risks on a continual basis.

How Wipfli can help

The best way to manage the impact of fraud within your organization is to take steps to prevent it. Our team of experienced professionals team can conduct a fraud prevention check-upand protect your bottom line.  

Contact us to learn more about our range of services to address fraud risk.

Sign up to receive additional content or information in your inbox or read on to learn more:

• How effective is your anti-fraud program?
• Combat rising fraud with strong internal controls
• Successful fraud at financial institutions is on the rise
• How to design effective anti-fraud tests

Why internal controls can never be considered as absolutely effective?

What might happen if internal controls are inadequate?

Why is it important to have an effective internal control system?

Why and what are the limitations to all systems of internal control?