Using internal controls to detect and prevent fraud in your organization

Fraud typically happens because people think that fraud won't happen to their organizations.

— Kelly Pope, Ph.D., CPA, Founder of Helios Digital Learning

Fraud can happen at any organization—big or small. And when it does happen, it's devastating both financially and culturally. Fraud typically falls under the following three umbrellas:

• Corruption
• Asset misappropriation
• Financial statement fraud

According to the Report to the Nations on Occupational Fraud and Abuse from the Association of Certified Fraud Examiners, asset misappropriation is the most common among the three. This is because it's the level at which people often have access to. Corruption and financial statement fraud are less common because they are typically attributed to a high-ranking person in the organization.

However, financial statement fraud comes in first place as a cause of monetary loss for a company. Followed by corruption and asset misappropriation, it's the most difficult to detect, with most schemes going undetected for an average of 25 months. Most often it's discovered through tips, management review, internal audit, and by accident.

Tips are responsible for uncovering over 40 percent of all fraud detected in an organization. This is thanks in part to the Dodd-Frank Act whistleblower law that gives employees the feeling of protection.

In a recent webinar, Joseph Howell, Co-Founder and Executive Vice President of Workiva, and Kelly Pope, Ph.D., CPA, Founder of Helios Digital Learning, outlined the key reasons that fraud happens and what organizations can do about it.

Fraud usually happens for four primary reasons:

• Poor internal controls
• Management override of internal controls
• Collusion between employees
• Collusion between employees and third parties

In order to eliminate the risks of fraud, organizations need to design their controls to both prevent and detect fraud. To begin preventing fraud, organizations should:

Define culture
Perform an assessment of your employees feelings about reporting."Saying nothing is just as offensive as saying something negative," says Pope. If it's perceived that your culture does not support whistleblowers, you'll miss out on the tips to report fraud.

Educate
Effective education is key. It's critically important to engage with your employees to get the information to stick. Management should get creative with this aspect, perhaps by storytelling or other interactive methods.

Remind
After training, remind employees of the moral implications. This gives an employees a simple checkpoint that helps them stop and think about their behavior before committing an act of fraud.

Document
Without documentation, antifraud efforts don't exist—even if they do. This is essential to make sure that information is received and understood by employees and confirms the organization's compliance with standards.

In order to detect fraud, take a hard look at the design of controls. Pope and Howell recommend these four steps to designing controls that detect fraud.

1. Identify and assess the risks of fraud in each key process
2. Base design of controls on those assessments
3. Document and test frequently
4. Report and address exceptions promptly

You are not expected to do this alone. Take advantage of technology to help prevent and detect fraud in your organizations.

The effective use of technology allows organizations to document, remind, and confirm their training and education about fraud. It's also crucial to identify exceptions, and collect and maintain concurrent evidence.