By NORMAN G.GRILL, CPA
The most effective way to combat fraud in your company is to build a strong framework of internal controls. That”™s because 67 percent of recent fraud was committed by insiders, according to the 2012/2013 Kroll Global Fraud Report. The survey of more than 800 senior executives worldwide from a wide range of industries also found that many fraudsters act alone or in cooperation with peers rather than with outside parties.
Here are five pillars that support an effective antifraud program.
Ethics and responsibilities
For any internal control system to be effective, its first pillar must be the establishment of a strong ethical position by management and a clear delineation of responsibilities thereafter.
Many businesses have taken to formally drafting an ethics policy. This can help management clearly express its approach to doing business and apply those philosophies to its internal controls. When employees know such a policy exists, and management is following it, they”™ll also know that any attempt to commit fraud will be much riskier.
Equally important to a strong ethical position is a clear delineation of internal control responsibilities. Again, formally documenting this is a must.
Segregation of duties
You”™ve probably heard it before, but spreading out risk-intensive tasks among several employees remains fundamental. To the extent possible, segregate the handling of key assets into three categories: authorization, custody and record keeping.
Take a very simple example: your petty cash drawer. Ideally, one employee should be in charge of authorizing its use; another should keep it safe and make disbursements; and a third should maintain records regarding its usage.
Handling all major assets in this manner creates a system of checks and balances that will hamper any one dishonest employee from misusing the item. Smaller businesses may have a harder time spreading duties among a smaller staff. But it”™s here that owners must step up and keep an active hand in oversight.
Expansive controls
The days of an office safe and a locked desk are long gone. Today, every business needs to implement expansive controls throughout their facilities. You can organize these into categories such as:
· Physical: including doors, safes, vaults and even specially designed rooms or structures to hold valuable assets.
· Mechanical: generally video monitoring systems, time clocks for tracking the work of hourly employees and alarms.
· IT: comprehensive security policies to prevent stealing or vandalizing critical information (or money and products). Specific controls include passwords, server and software authentication and source code/document version controls.
Sound, detailed records
Complete documentation is important for knowing not only what you have, but also what you don”™t have. For starters, you need to scrupulously maintain your financial statements and regularly review them for, among other things, suspicious budget-to-actual variances.
But airtight financial statements alone don”™t a fraud-free company make. There are other forms of documentation that can help you detect and prevent fraud. For example, create invoices that are distinctive to your company and sufficiently informative. Doing so will make them more difficult to fabricate.
Also, whenever possible, use prenumbered, consecutive documents. That way, if one falls out of order, you have a quick indicator of something gone awry. Prepare paperwork in a timely fashion. When documentation falls behind, it can be easier for a fraudster to step in and take advantage.
Internal and external audits
Large companies have internal auditors to regularly evaluate the effectiveness of internal controls. Small to midsize companies can”™t always afford such staff members on the payroll. But you still need an internal auditing process to periodically review and reconcile internal control data and procedures.
The audit process should be planned well in advance. Many companies perform internal auditing in stages over the course of a year or even multiple years. For many aspects of an audit, the element of surprise can be helpful. When employees don”™t know the process schedule, they can”™t preemptively fix mistakes or, in the worst cases, cover fraudulent tracks.
External audits are also highly advisable. Your CPA can perform an audit to determine whether your financial reporting follows Generally Accepted Accounting Principles (GAAP). Although this process doesn”™t specifically focus on fraud detection, it can reveal critical details about the soundness of your financial reporting. (There are also two less-comprehensive alternatives: a compilation or a review. They”™re also not designed to detect fraud.)
For fraud-specific services, consider a forensic accountant. He or she can either conduct an actual investigation, if you believe fraud has occurred, or simply review internal controls and provide insights.
Assess and fine-tune
A system of internal controls built on these five pillars stands a good chance of protecting your company from fraud. There are other details to consider and your company”™s specific control needs may vary depending on its size, industry and location. Your financial adviser can help you regularly assess and fine-tune.
Norm Grill, CPA, (N.Grill@GRILL1.com) is managing partner of Grill & Partners L.L.C., (www.GRILL1.com) certified public accountants and advisers to closely held companies and high-net-worth individuals, with offices in Fairfield and Darien, (203) 254-3880.
Comments 1