Using internal controls to detect and prevent fraud in your organization
Fraud typically happens because people think that fraud won't happen to their organizations.— Kelly Pope, Ph.D., CPA, Founder of Helios Digital Learning
Fraud can happen at any organization—big or small. And when it does happen, it's devastating both financially and culturally. Fraud typically falls under the following three umbrellas:
- Asset misappropriation
- Financial statement fraud
However, financial statement fraud comes in first place as a cause of monetary loss for a company. Followed by corruption and asset misappropriation, it's the most difficult to detect, with most schemes going undetected for an average of 25 months. Most often it's discovered through tips, management review, internal audit, and by accident.
Tips are responsible for uncovering over 40 percent of all fraud detected in an organization. This is thanks in part to the Dodd-Frank Act whistleblower law that gives employees the feeling of protection.
In a recent webinar, Joseph Howell, Co-Founder and Executive Vice President of Workiva, and Kelly Pope, Ph.D., CPA, Founder of Helios Digital Learning, outlined the key reasons that fraud happens and what organizations can do about it.
Fraud usually happens for four primary reasons:
- Poor internal controls
- Management override of internal controls
- Collusion between employees
- Collusion between employees and third parties
In order to eliminate the risks of fraud, organizations need to design their controls to both prevent and detect fraud. To begin preventing fraud, organizations should:
Perform an assessment of your employees feelings about reporting."Saying nothing is just as offensive as saying something negative," says Pope. If it's perceived that your culture does not support whistleblowers, you'll miss out on the tips to report fraud.
Effective education is key. It's critically important to engage with your employees to get the information to stick. Management should get creative with this aspect, perhaps by storytelling or other interactive methods.
After training, remind employees of the moral implications. This gives an employees a simple checkpoint that helps them stop and think about their behavior before committing an act of fraud.
Without documentation, antifraud efforts don't exist—even if they do. This is essential to make sure that information is received and understood by employees and confirms the organization's compliance with standards.
In order to detect fraud, take a hard look at the design of controls. Pope and Howell recommend these four steps to designing controls that detect fraud.
- Identify and assess the risks of fraud in each key process
- Base design of controls on those assessments
- Document and test frequently
- Report and address exceptions promptly
You are not expected to do this alone. Take advantage of technology to help prevent and detect fraud in your organizations.
The effective use of technology allows organizations to document, remind, and confirm their training and education about fraud. It's also crucial to identify exceptions, and collect and maintain concurrent evidence.
About the Author
Mike Rost is a key contributor to product strategy at Workiva and works with business leaders in the areas of financial reporting and compliance. With more than 25 years of experience assisting organizations using technology to optimize business processes, Mike has an extensive background in finance and accounting, corporate performance management, and GRC technology. Mike was a founding member of XBRL International with involvement in the XBRL initiative dating back to 1999. He has also been active in industry associations, including the Open Compliance and Ethics Group (OCEG) and the Institute of Internal Auditors (IIA). Mike has a bachelor's degree in economics and an MBA in marketing and finance from the University of Minnesota.