First Reference Talks

Discussions on Human Resources, Employment Law, Payroll and Internal Controls

You are here: Home / Business / Using internal control to prevent fraud

By | 2 Minutes Read

Using internal control to prevent fraud

fraud-cosoThe recently revised COSO study provides high-level points of focus for preventing fraud. An organization should “consider the potential for fraud in assessing risks to the achievement of objectives.” The COSO study identifies four critical points of focus to assess fraud risk:

  1. Consider various types of fraud—The assessment of fraud considers fraudulent reporting, possible loss of assets, and corruption resulting from the various ways that fraud and misconduct can occur
  2. Assess incentives and pressures—The assessment of fraud risk considers incentives and pressures
  3. Assess opportunities—The assessment of fraud risk considers opportunities for unauthorized acquisition, use or disposal of assets, altering of the entity’s reporting records, or committing other inappropriate acts
  4. Assess attitudes and rationalizations—The assessment of fraud risk considers how management and other personnel might engage in or justify inappropriate actions

Organizations should consider all of these factors when developing or reviewing any policy or procedure. You might be right that anti-fraud controls mainly apply to the general area of accounting (purchasing, revenue, payroll, banking and treasury, inventory, assets, etc.), but they will also involve many specific areas of operations, such as sales, payments, expenses, receivables, travel, suppliers, taxes, promotions and much more.
It’s not enough to focus controls on fraud, however. A broad range of internal controls and a firm understanding of them are necessary to support fraud prevention efforts. Consider the five components of internal control:

  1. The control environment, which includes the integrity, ethical values and competence of employees
  2. Risk assessment, which forms the basis for determining how risks should be managed
  3. Control activities, which are the policies and procedures to help ensure that management directives are carried out
  4. Information and communication, which includes the methods for identifying, capturing and communicating information required for employees to carry out their duties
  5. Monitoring, much of which occurs through routine management and supervisory activity

The primary mechanisms to effect internal control are:

  • Process monitoring is often part of management reporting; statistics provide information about volumes processed, problems that arise, backlogs, resources used, and so on
  • Supervision and review help ensure that controls are in place and effective
  • Training of staff and hiring qualified and capable staff help ensure that employees understand their responsibilities and carry them out effectively
  • Written policies and procedures reduce the risk of misunderstanding or lack of knowledge leading to control deficiencies
  • Segregation of duties may prevent fraud and error
  • Reconciliations compare two numbers and explain any differences between them
  • Analytical review is used to explain changes from other periods, other departments, budgets, forecasts or benchmarks
  • Edit checks and validation ensure that data entered makes some sense; for example, a month must have a numerical value less that 13, or a total is entered to ensure that no data has been missed
  • Design and ergonomics may reduce the rate of human error
  • Audit trails facilitate tracking the flow of information and making corrections when required

This is just a basic look at what organizations must do to manage the risk of fraud in their operations. Please feel free to let us know about the challenges you’ve faced with fraud and how you’ve addressed them!

Latest posts by Jeffrey Sherman, MBA, FCPA, FCA (see all)

Share with a friend or colleague

Get the Latest Posts in your Inbox for Free!

About Jeffrey Sherman, MBA, FCPA, FCA

Jeffrey is CFO of Atrium Mortgage Investment Corporation (TSX:AI), a director of several companies and has had over 20 years of executive management experience. His interests include corporate governance, risk management, accounting and finance, restructuring and start-up enterprises.

Jeffrey is a popular presenter, and was an adjunct professor at York University for 15 years. He is a frequent course director and course author for many organizations, including provincial bodies of Chartered Professional Accountants across Canada.

He has written over 20 books including: Canadian Treasury Management, Canadian Risk Management, and Financial Instruments: A Guide for Financial Managers (all published by Thomson-Reuters/Carswell), as well as Finance and Accounting PolicyPro and Information Technology PolicyPro (guides to governance, procedures, and internal control), and Cash Management Toolkit for Small and Medium Businesses (all published by Chartered Professional Accountants of Canada [CPA Canada]).

Footer

About us

Established in 1995, First Reference is the leading publisher of up to date, practical and authoritative HR compliance and policy databases that are essential to ensure organizations meet their due diligence and duty of care requirements.

Main Menu

Stay Connected