When audit season comes and goes, there's often a discussion around internal controls. So, what are internal controls? These are procedures that your company implements to help ensure the integrity of financial data, promote accountability, and prevent fraud.
Let's look at how important internal controls are at preventing fraud. According to the Association of Certified Fraud Examiner's (ACFE) 2020 Report to the Nations, tips are the most common way fraud is detected (43%). This same report shows only 4% of fraud is detected by external audits.
ACFE 2020 Report to the Nations, Page 19
If we look at statistics on victims of fraud and what controls they believe they had in place to prevent fraud, the top response was an external audit of financial statements (83%).
ACFE 2020 Report to the Nations, page 31
So why the big difference? How can fraud be most commonly detected by tips, but most businesses think it's external financial audits that detect fraud? It's known as the expectation gap, where most businesses don't realize that an external audit is not the same thing as a forensic investigation.
Because of this, it's more critical than ever to make sure your internal controls are set up to help protect your employees and operations.
3 Internal Controls That Can Help Protect Your Business
There are nearly endless ways internal controls can be implemented. It often becomes a delicate balance of the most effective and possible given time and budget constraints. Below are a few internal controls that may be important to most businesses. Let's look at how ActivityHD can help make internal controls easy:
Cash segregation of Duties
One of the areas in a business at high risk for fraudulent activity is where cash enters and leaves the organization. There must be a segregation of duties between employees who can access, record, and reconcile cash transactions. For example, accounts receivable lapping is a common fraudulent technique where an employee receives receipts from Customer A, pockets the money, and uses the receipts from Customer B to pay for Customer A's outstanding balances. By separating this employee's ability to receive and record cash, an organization can help prevent this type of fraud.
A great way to envision your internal controls is to design them around a position and not a person. With ActivityHD's permission roles, create customized accounting positions to help segregate cash responsibilities, quickly and easily assign the right person to the correct position.
Fictitious vendors
Another common area for potential fraud is the creation of fictitious vendors or vendors not necessary to the business's operations. Having good vendor establishment controls can help prevent the creation of fictitious vendors. These controls should include ensuring a valid Taxpayer ID # and W-9 on file and having someone verify that the vendor's website and phone number are current and active. You can use ActivityHD's custom fields and notes to prepare and maintain as much vendor verification information as you need.
Another way fictitious vendors are created is by creating a vendor with a similar name to an already existing authorized vendor. For example, a shell company is a fraudulent technique where an employee causes the employer to make disbursements to a company that the employee owns without the employer's knowledge or authorization. As you make regular payments to an established vendor called ABC Company, you might not detect that you're making payments to a fictitious shell company with a similar name like 'ABC Company, Inc.' or 'ABC Co., Inc.'
Use ActivityHD's duplicate invoice controls to prevent identical invoices numbers, dates, or amounts automatically. With the 'vendor like' feature, you can enter a vendor mask that will allow ActivityHD to search for duplicates based on similar vendor names.
To help prevent unauthorized changes to Vendor information, use Activity's security change logs to monitor and keep an audit trail of modifications to sensitive vendor information from either the Administration change logs views or view changes right from the vendor record view.
Perception of Detection
Don't have enough personnel to achieve complete segregation of duties? Too much effort to establish vendor procedures? If nothing else, try the strongest internal control: the perception of detection. Perception is key here because sometimes, the threat of detection can detour most fraudulent activity. Fraudulent actors consider" Will I be caught?" as the last step before acting out the crime itself. What controls could you implement to help give you a perception of detection?
- Evaluate the key areas in your organization where the money comes in and out.
- Consider questions such as "What could go wrong?".
- Ensure those key areas have some form of control that could increase the likelihood of an error or fraud being detected or at least look like they could detect errors or fraud.
- Regular review of aged AR and AP reports, as well as fixed asset reports
- Approvals for write-offs of AR, AP, and Fixed Assets
- Assessment of manual journal entries.
Procedures that let employees know these different areas are being reviewed can help perceive detection.
With ActivityHD, regular reporting in key financial areas is simple, with built-in reports that can be e-mailed to management.
You may be surprised to know that most fraud caused by employees is not because of greed or criminal pathology. Most fraud committed by employees is need-based due to financial stress. One of the most common ways an employee can rationalize fraud is by telling themselves, "I was only borrowing it." Having employee support programs like credit counseling, pay advances, and low-interest loans can help reduce the pressures and rationalization for employees to commit fraud in the first place.
Although an external audit is not designed to prevent or detect fraud, having necessary internal controls in place can help keep operations safer and financial information reliable. With ActivityHD, these must-have controls become an easy addition to your accounting workflow.