Fraud Prevention
After reading this chapter, you will be able to:
  • Identify the types of internal controls and their importance to the business as a whole.
  • Evaluate the control activities within a company and determine the deficiencies from a fraud prevention perspective.
  • Discuss the key components of an effective comprehensive fraud prevention program.

The impact of fraud hits a company straight in the bottom line. While large corporations may be able to withstand a six- or seven-figure fraud, a smaller corporation or a nonprofit organization may never recover. To survive in today’s competitive marketplace, businesses must be proactive in the fight against fraud.

Internal controls related to fraud fall into one of three categories:

  1. Preventive controls. These are focused on protecting the company’s assets and information by stopping fraud from occurring.
  2. Detective controls. These are aimed at finding fraud when it occurs, hopefully as soon as possible.
  3. Corrective controls. These attempt to remedy problems that are discovered, so that future frauds can be better prevented and detected.

The Sarbanes-Oxley Act of 2002 (SOX) generally applies to U.S. public companies and their auditors, but numerous multinational public companies and private companies are complying with the regulations voluntarily. SOX generally requires:

  • Management to assess the effectiveness of the company’s internal control structure over financial reporting. Are the controls effective at ensuring that the financial statements will be presented accurately?
  • An auditor’s report on management’s assessment. Do the auditors believe that management’s assessment of the internal controls is accurate?
  • New auditing standards and rules for auditing firms with public clients. Auditors of public companies are limited in the other services that they may provide to their clients, in order to ensure their independence.

Other broad requirements of SOX include whistleblower provisions, under which companies must establish a confidential, anonymous reporting mechanism for employees. This is most often accomplished with an anonymous hotline; this can be set up through a vendor, which guarantees anonymity for callers. The company must also disclose whether a Code of Ethics has been established for executives and make it available to the public. SOX defines conflicts of interest and prohibits certain actions, such as personal loans to executive officers or directors.

SOX does not specify a particular set of internal controls that must be in place in companies. There are certain elements of internal controls that are required, such as the whistleblower provisions and management’s evaluation of the internal controls, but the regulation does not specify a large set of controls that must be put into place.

Understanding what SOX does not require of companies may be even more important than knowing what is required. Many individuals and investors do not understand that SOX actually requires very little in the way of substantive improvement to the internal controls of a company. As long as management is willing to admit publicly that its controls are not good, the company is not forced to improve the internal controls.

Control Activities within a Company:

The policies and procedures of a company fall into a number of categories, with the most common including:

  • Safeguards over assets - securing physical assets, access to data, and money
  • Segregation of duties - dividing activities so one employee doesn't have too much control over an area or duty
  • Proper authorization of transactions - ensuring that employees aren't exceeding their authority
  • Independent checks on performance - using audits, surprise check-ups, inventory counts, or other procedures to verify compliance with policies and procedures, as well as accuracy
  • Anonymous reporting mechanism - employee fraud hotline
  • Monitoring activities - monitoring access to assets, data, and the accounting system
  • Management can and should monitor access to

Comprehensive Fraud Prevention Program Components:

  • Fraud education: Teaching employees about fraud risks
  • Fraud investigation: Investigating instances of suspected fraud
  • Fraud prevention: Evaluating, designing, and implementing controls that proactively prevent fraud
 

Sequence Inc. Forensic Accounting

Forensic accounting and fraud investigation services provided for individuals and corporations involved in matters related to fraud, contract disputes, criminal defense, divorce, shareholder disputes, and more. Visit Sequence Inc.'s website.

Tracy Coenen, CPA, CFF

Tracy Coenen is more than just one of the best in the field of fraud examination. She also trains and writes on the topic, sharing her experience with other professionals to help reduce fraud in the workplace. Find out more about Tracy.

Fraud Files Blog

Daily commentary on fraud, scandals, scams, and court cases. See who Tracy has her eye on today... Exposing corporate fraud for the world to see. Read the blog.

Expert Fraud Investigation

Tracy's second book, Expert Fraud Investigation: A Step-by-Step Guide comes out in 2009. It teaches professionals the nuts and bolts of fraud investigation so they can protect themselves from fraud. Find out more about the book.