Not too long ago, the Association of Certified Fraud Examiners (ACFE) released their Report to the Nations, a publication on worldwide occupational fraud based on real life fraud cases and it was certainly a telling study in fraud. As an auditor for private companies, it hit very close to home to learn that the median loss experienced by companies with fewer than 100 employees was $200,000! And nearly half of these fraud cases were the result of a lack of internal controls.
I’ve blogged in the past on some cost-effective overall anti-fraud controls a private company could adopt to improve detection of fraud (Don’t Be A Victim to Fraud – Implement These Anti-Fraud Controls Now!). So, this time around, let’s focus on some specific areas to bolster controls within a private company. The controls mentioned below are by no means a complete list and should hopefully get you thinking about other ways to protect your company from fraud.
Payroll – payroll often features as the biggest cost on a company’s financials, which makes a strong case for controls in this area. Some typical payroll fraud schemes include ghost/fictitious employees, overpaid payroll due to falsified hours or pay rates, and excessive commissions on inflated sales. Some key management-level controls to address these risks:
- Review personnel records periodically to remove terminated employees from payroll;
- Match payroll records with HR records to identify anomalies or “ghost” employees;
- Segregate duties (where possible) between pay rate setup and payroll so that payroll personnel cannot artificially inflate their paychecks;
- Review timesheets for hourly employees;
- Review the calculation of commissions to ensure that the underlying sales figures are accurate.
Purchasing – the most common purchasing schemes involve fraudulent/shell companies, fictitious vendors, and personal purchases run through the company (see expense reimbursements below). The following controls could help reduce the incidence of fraud in this area:
- Perform due diligence on vendors which should include checking their mailing address (P.O. box addresses should be investigated further), comparing vendor addresses with employee addresses, creating an approved vendors list after due diligence and checking against this list prior to making vendor payments;
- Always require purchase orders/requisitions specifying items, quantities, price, and dates, which should be approved by management;
- Require competitive bids for significant/volume purchases.
Cash – can be stolen from the company in many different ways, besides those already stated above. On the receipts side, theft can occur at the point of sale, posting into the general ledger or at the time of deposit into the bank. Overstating expenses, personal purchases or fictitious purchases/reimbursements are other ways to steal from the company. The company’s fraud assessment should include the following controls:
- Discrepancies between cash register tape totals and cash in the register should be investigated. You might find that installing a CCTV in the cash register area will reap significant benefits by dissuading theft at the register;
- Implement segregation of duties between the deposit of cash receipts function and recording of these receipts into the company’s general ledger;
- Review employee reimbursement reports and compare with historical amounts and budgets as well as receipts to support the expense amounts.
Hopefully, these suggestions spur additional thoughts on how to prevent and detect fraud within your organization and how to protect your assets and resources. We are happy to assist further should you need additional fraud risk assessment tools, please feel free to contact us.