In a post earlier this year, we discussed the basics of fraud. In this post, we will look at some of the key internal control activities that can be implemented to effectively reduce the risk of fraud.
Establishment of responsibility:
To establish responsibility means to assign specific tasks to specific individuals. Ensuring tasks are the responsibility of only one person guarantees that if an issue arises, the responsible party can likely be identified.
All important tasks within the finance function should be assigned to one individual and completion should be tracked, to ensure the control activities that prevent fraud are completed in a timely manner.
Segregation of duties:
Segregation of duties refers to the delegation of tasks among different individuals, so that no one individual is responsible for:
- Initiation of a transaction;
- Authorization of a transaction;
- Recording of a transaction; and
- Custody of the resulting asset.
Ultimately, segregation of duties ensures that one individual cannot commit a fraud and cover it up.
All processes within the finance function should involve segregation of duties to ensure an employee does not have the opportunity to commit fraud alone. The following example explains how segregation of duties can be applied to the cash disbursements process:
- An expenditure is requested by a staff in the Marketing Department for promotional materials for an upcoming event [initiation of transaction]
- The expenditure is reviewed and approved by the Head of the Marketing Department [authorization of transaction]
- Once the order has been made by the staff, invoices are sent to the Accountant, who reviews the expenditure, drafts the cheque for payment, and creates the journal entry [recording of transaction]
- The promotional materials are delivered to the Receptionist who compares the delivery to the order, and ensures it is complete [custody of asset]
In this example, we can see that the four duties above are segregated between four different individuals. In smaller organizations, these duties may be segregated between 2 or 3 individuals, as opposed to 4, but should not be retained by only one person.
Documentation procedures:
Documents provide evidence that transactions and events have occurred. By adding signatures (either physical or electronic) to documents, you can also identify who is responsible for that transaction, should it need to be reviewed or investigated later.
Documentation procedures should include:
- Pre-numbering documents and ensuring all documents are accounted for using a numbering system; and
- Safeguarding source documents, like receipts and invoices; these should always be sent to Finance/Accounting immediately.
Independent checks of performance:
Lastly, independent reviews of performance should be undertaken to verify that control activities have been completed correctly.
The key aspects of a performance review include:
- Completed periodically, or by surprise
- Completed by someone who is independent of the control performer/employee responsible
- Discrepancies and exceptions should be reported to management
- Action should be taken because of identified discrepancies to remedy the situation
- Should be documented – signature and/or notes/conclusions
The four control activities discussed above are basic pieces of a control environment which can prevent fraud from occurring. Even the smallest organizations can implement the foregoing control activities to successfully reduce the risk of fraud.