Skip to main content

Using internal controls to detect and prevent fraud in your organization

Using internal controls to detect and prevent fraud in your organization
3 min read
Mike Rost
SVP, Investor Relations & Corporate Development
Published: November 19, 2015
Last Updated: August 9, 2023

Fraud typically happens because people think that fraud won't happen to their organizations.

— Kelly Pope, Ph.D., CPA, Founder of Helios Digital Learning

Fraud can happen at any organization—big or small. And when it does happen, it's devastating both financially and culturally. Fraud typically falls under the following three umbrellas:

  • Corruption
  • Asset misappropriation
  • Financial statement fraud
According to the Report to the Nations on Occupational Fraud and Abuse from the Association of Certified Fraud Examiners, asset misappropriation is the most common among the three. This is because it's the level at which people often have access to. Corruption and financial statement fraud are less common because they are typically attributed to a high-ranking person in the organization.

However, financial statement fraud comes in first place as a cause of monetary loss for a company. Followed by corruption and asset misappropriation, it's the most difficult to detect, with most schemes going undetected for an average of 25 months. Most often it's discovered through tips, management review, internal audit, and by accident.

Tips are responsible for uncovering over 40 percent of all fraud detected in an organization. This is thanks in part to the Dodd-Frank Act whistleblower law that gives employees the feeling of protection.

In a recent webinar, Joseph Howell, Co-Founder and Executive Vice President of Workiva, and Kelly Pope, Ph.D., CPA, Founder of Helios Digital Learning, outlined the key reasons that fraud happens and what organizations can do about it.

Fraud usually happens for four primary reasons:

  • Poor internal controls
  • Management override of internal controls
  • Collusion between employees
  • Collusion between employees and third parties

In order to eliminate the risks of fraud, organizations need to design their controls to both prevent and detect fraud. To begin preventing fraud, organizations should:

Define culture
Perform an assessment of your employees feelings about reporting."Saying nothing is just as offensive as saying something negative," says Pope. If it's perceived that your culture does not support whistleblowers, you'll miss out on the tips to report fraud.

Effective education is key. It's critically important to engage with your employees to get the information to stick. Management should get creative with this aspect, perhaps by storytelling or other interactive methods.

After training, remind employees of the moral implications. This gives an employees a simple checkpoint that helps them stop and think about their behavior before committing an act of fraud.

Without documentation, antifraud efforts don't exist—even if they do. This is essential to make sure that information is received and understood by employees and confirms the organization's compliance with standards.

In order to detect fraud, take a hard look at the design of controls. Pope and Howell recommend these four steps to designing controls that detect fraud.

  1. Identify and assess the risks of fraud in each key process
  2. Base design of controls on those assessments
  3. Document and test frequently
  4. Report and address exceptions promptly

You are not expected to do this alone. Take advantage of technology to help prevent and detect fraud in your organizations.

The effective use of technology allows organizations to document, remind, and confirm their training and education about fraud. It's also crucial to identify exceptions, and collect and maintain concurrent evidence.

About the Author
illustration of mike rost at Workiva
Mike Rost

SVP, Investor Relations & Corporate Development


As senior vice president of corporate development and investor relations, Mike Rost is a key contributor to the organization's growth with a focus on corporate development initiatives, emerging business areas, and developing relationships with investors and key stakeholders. Since joining Workiva in 2015, he has served in various leadership roles helping to drive the organization's growth, including the scaling of Workiva’s marketing and partner & alliance functions.

With more than 25 years of experience assisting organizations to optimize business processes, Mike has an extensive background in finance, accounting, enterprise performance management and Governance, Risk and Compliance (GRC) technology. Prior to Workiva, Mike served as vice president of marketing at Metricstream and vice president of strategic marketing at Thomson Reuters. Prior to that, he spent more than a decade in product management and marketing positions for SaaS companies and held finance positions at Pillsbury and Rollerblade, Inc.

Mike has been active in industry associations, including the Open Compliance and Ethics Group (OCEG) and the Institute of Internal Auditors (IIA). He was also a founding member of XBRL International (eXtensible Business Reporting Language), the global not for profit consortium for open international standards for digital business reporting. He has also been a frequent speaker at industry conferences on subjects such as finance transformation, data and reporting, and risk and compliance technology. He received his Bachelor of Science in Economics and his MBA from the University of Minnesota.


Online registration is currently unavailable.

Please email events@workiva to register for this event.

Our forms are currently down.

Please contact us at

Our forms are currently down.

Please contact us at