Internal controls are key to preventing and detecting fraud and for establishing anti-fraud programs. In fact, the 2022 Association of Certified Fraud Examiners (ACFE) Report to the Nation indicates that 29% of fraud cases reviewed were perpetuated by not having adequate internal controls.
The financial loss and reputational damage that comes with fraud can have an especially great impact on public sector organizations that rely on taxpayer or philanthropic dollars.
How Can Internal Controls Help With Fraud Prevention?
Internal controls provide checks and balances that help protect an organization from internal threats and help prevent fraud by reducing the opportunity to commit it. These fraud-preventative controls serve as the first line of defense, but they can also continue to detect fraud in a time-efficient manner, ultimately reducing losses. When these controls uncover fraud after the event, the organization can then take the appropriate action to safeguard its assets.
There are many key examples of powerful internal controls, as further detailed below.
Policies and Procedures
Documented and enforced policies and procedures that clearly outline internal controls and define specific responsibilities are key to developing safeguards. Setting expectations not only keeps employees accountable, but management, too.
If management continues to monitor processes for effectiveness, they can more readily make adjustments. Improved processes can lead to more accurate financial reporting, which in turn can lead to informed operational decision-making. Policies and procedures should be reviewed regularly, centrally located, and augmented with employee training as appropriate.
Authorizations and Approvals
Policies and procedures should clearly state individual authority for various transactions and outline approval requirements. Requiring multiple signatures to document transaction approval takes time, but it limits authority for distributing unauthorized funds.
Layers of approvals allow more opportunity to question an action, which can reduce errors and fraud risk. However, approval requirements should also balance the need for efficient processes by rightsizing authority with transaction risk.
Most financial and asset management systems develop an audit trail that records every change made to a transaction, including who made the change and when, which provides another layer of protection.
Segregation of Duties
A system of checks and balances where no single person controls all parts of a transaction is critical to fraud prevention. Over the past several years, personnel responsibilities have shifted for many organizations, but revised employee duties may not have been updated to reflect segregation of duties unless they are routinely evaluated.
System access should be reviewed and aligned to new responsibilities as employee duties change, while also removing former capabilities that would provide access to transaction processes. If segregation of duties isn’t practical for your organization due to staffing levels, mandatory vacation policies or periodic duty rotation could provide a reasonable alternative to support fraud prevention.
Access to assets and inventory records should be limited to authorized individuals and, depending on the nature of the assets, require dual control. Assigning and tracking accountability for custody and use of resources can help make sure items are only used for approved purposes in addition to safeguarding organizational assets.
During the COVID-19 pandemic, many organizations added technology to support employees working from home. It’s important to track each employee’s physical assets, by documenting any assigned equipment in the individual’s personnel records to safeguard your organization if an employment change occurs.
Reconciliation and Review
Comparing data and reviewing records can help identify unusual transactions and differences. Routine reconciliations for records ranging from bank accounts, expense reports, and inventory counts are key. During reconciliations, the organization investigates unexpected differences and revises processes to prevent future occurrences of deviations.
Internal audits can be preventive and detective controls. Employees are less likely to commit fraud if they’re wary of an audit. Over time, internal audits can be used to consider where fraud risk lies within operations to examine and evaluate the organization’s internal controls.
An internal audit leads to recommendations for enhanced controls that management should implement in response to any weaknesses identified. Performing an enterprise or targeted internal controls review could help identify other control gaps too.
Organizations can use data analytics to identify unusual transactions, typically by gathering and mining data for patterns and discrepancies. Using technology to monitor fraud is a proactive practice to detect fraud more quickly, likely reducing overall losses.
Per the ACFE report, 42% of reviewed fraud cases were detected by tips to a fraud hotline, with over half of fraud tips coming from employees. Organizations with fraud hotlines had a 50% reduced median loss and six-month reduction in the fraud duration. Fraud hotlines, along with whistleblower protections, provide confidential reporting mechanisms that allow employees to safely report suspected fraudulent activities.
Hotlines are low-cost tools that help organizations detect fraud and, when accompanied with employee training, can help prevent fraud by increasing the perception of detection among employees.
We’re Here to Help
For guidance in establishing and implementing internal controls to help with fraud prevention, contact your Moss Adams professional. You can also visit our Strategy & Operations Consulting Services page for additional resources.