Friday, June 21, 2019

PREVENTING FRAUD AT YOUR COMPANY!


Small businesses typically have a greater problem with fraud and lost assets than larger corporations!

One of the key reasons is a lack of segregation of duties among employees in many small businesses! According to a July 2010 article in The CPA Journal, smaller companies (less than $75 million market value) were much more likely to have the internal control weakness of lacking segregation of duties in key tasks. The objective of the principle of segregation of duties is to prevent an employee from being in a position to commit and perpetuate errors or irregularities.

For some background on the topic, it is a key basic tenet of internal control that for each transaction cycle, with the cash disbursement cycle being noted as of primary concern, that the following functions should be segregated between different employees:

  • Authorization of transactions,
  • Custodianship of the asset in question,
  • Recording of transactions, and
  • Reconciliations of the records.
In reality however, small businesses don't always have the staff or the resources to hire staff to accomplish a true segregation of duties. So, aside from hiring more staff, a few common compensating controls that, at least partially, mitigate the segregation of duties problem are:
  • Rotation of duties among existing staff. Variations of this approach include cross-training staff to perform a variety of duties and having a "Mandatory Vacation" policy so an offending employee will be found out at some point.
  • Management oversight. Management can review reports of specific transactions, oversee periodic counts of inventory, equipment or other assets like cash and comparing them to accounting records, and/or reviewing reconciliations of account balances or assets or performing them independently. Another technique is to perform surprise checks or exception reports to pro-actively address concerns. An example of exception reports would be to identify financial ratios that may be out of line like gross profit percentages, for example. Implicit in many of these approaches, is that management must have some degree of financial expertise to perform these oversight tasks effectively.
  • Third-party involvement. Kind of a corollary to management oversight, is that management could bring in temporary employees, consultants or outside CPAs to offer periodic oversight. 
  • A final approach of note is to "beef up" existing procedures like putting them in writing, for example. Another example would be performing a top-down risk-based analysis by identifying threats in the context of the effect on financial integrity and the likelihood of actual violations. 
Segregation of duties is a key principle of internal control! However, adding more staff is not always feasible! Using a compensating control like rotation of duties, management or third-party oversight, "beefing up" existing procedures or performing a risk-based analysis to identify potential internal control threats can provide an effective solution!

No comments:

Post a Comment