Fraud risk arises out of errors or events in transaction processing or other business operations. It is not easy to prevent fraud as the controls installed by people can be overcame by people. Fraud might be prevented through anti-fraud culture, risk awareness, whistle blowing and sound internal control systems.
Anti-fraud culture - Where minor unethical practices are overlooked, for example, expenses or time recording, this may lead to a culture in which larger frauds occur. High ethical standards bring long-term benefits as customers, suppliers, employees and the community realise they are dealing with a trustworthy organisation. Guiding principles could include:
1. Not acting in a way that could bring the organisation into disrepute.
2. Acting with integrity towards colleagues, customers, suppliers and the public.
3. Ensuring that business objectives are clearly stated and communicated.
4. Ensuring that benefits (whether to shareholders, customers or employees) are distributed fairly and impartially.
5. Safeguarding the confidentiality of personal data.
6. Complying with legal requirements.
Risk awareness - Fraud should never be discounted, and there should be awareness among all staff that there is always the possibility that fraud is taking place. It is important to raise awareness through training programmes. Particular attention should be given to training and awareness among those people involved in receiving cash, purchasing and paying suppliers, for example accountant, sales team and so on. Publicity can also be given to fraud that has been exposed. This serves as a reminder to those who may be tempted to commit fraud and a warning to those responsible for the management of controls.
Whistle blowing - Fraud may be suspected by those who are not personally involved. People must be encouraged to raise the alarm about fraud. An anti-fraud culture will be important in reinforcing the need for employees to express their concerns. However, management must realise that loyalties among workers, fear of the consequences and having unsubstantiated suspicions will prevent people from coming forward.
Sound internal control system - Sound systems of internal control should monitor fraud by identifying risks and then putting into place procedures to monitor and report on those risks. Here are some guidance on what is the quality of sound internal control system, the mnemonic SPAM SOAP would be useful:
Segregation of duties - Executive tasks should be separated from control tasks. One of the prime means of control is the separation of those responsibilities or duties which would, if combined, enable one individual to record and process a complete transaction. Segregation of duties reduces the risk of intentional manipulation or error and increases the element of checking. Some functions should be separated whenever possible. For example, authorisation, execution and custody. An example of segregation of duties concerns the receipt, recording and banking of cash. It is not a good idea for the person who opens the post to be the person responsible for recording that the cash has arrived. It would be even poorer practice for that person to be responsible for taking that cash to the bank. If these duties are not segregated, there is always the chance that the person misappropriate or steal the cash and no one would know.
Physical controls - These are concerned with the custody of assets and records and are also concerned with ensuring that access to assets and records is only permitted to authorised personnel. Procedures and security measures are needed to ensure that access to assets is limited to authorised personnel. Such controls include locks, safes, CCTV and entry codes.
Authorisation and approval - All transactions should be authorised or approved by an appropriate responsible person. The limits for these authorisations should be specified. For example, in a purchasing system there should be authority limits, where purchases of amounts exceeding those limits require higher authority.
Management controls - Management controls are exercised by management outside the day-to-day routine of the system. These include the following: overall supervisory controls, review of management accounts and comparison with budgets, internal audit function and special review procedures.
Supervisory controls - Any system of internal control should include the supervision by responsible officials of day-to-day transactions and the recording of them. Remember that supervisor acts as an important role in internal control process.
Organisation as a control - Enterprises should have a plan of their organisation, defining and allocating responsibilities and identifying lines of reporting for all aspects of the enterprise's operations, including the controls. There must be a well-defined organisational structure showing how responsibility and authority are delegated. An effective plan would require:
1. separation of a company's operations into appropriate divisions and sub-divisions.
2. appointment of person to assume responsibility.
3. establishment of clear lines of responsibility between each division and sub-division and the board of directors.
4. Overall coordination of the company's activities.
This will help to prevent friction so that staffs work together well. It also means that no duties go unperformed or unchecked.
Arithmetical and accounting controls - These controls are within the recording function and check that the transactions to be recorded and processed have been authorised, that they are included and that they are correctly recorded and accurately processed. This includes: checking the arithmetical accuracy of the records, the maintenance and checking of totals, reconciliations, control accounts, trial balances and accounting for documents.
Personnel controls - These are procedures to ensure that personnel have capabilities appropriate to their responsibilities, since the proper functioning of any system depends on the competence and integrity of those operating it. The qualifications, selection and training of the personnel involved are important features to be considered in setting up any control system. For example, a company accountant should be suitably qualified.
This article about prevention of fraud ends here, in next article I will write about the indication of fraud.
Tuesday, October 19, 2010
Friday, October 15, 2010
Fraud - Introduction
There are a lot of definitions for fraud. Fraud may be generally defined as "deprivation by deceit". Another better definition would be dishonestly obtaining an advantage, avoiding an obligation or causing a loss to another party. Some of the examples of fraud are as follow:
1. Crime against customers and clients (for example, misrepresenting the quality of goods, pyramid trading schemes).
2. Employee fraud against employers (for example, payroll fraud, falsifying expense claims, theft of cash, theft of stocks, disposal of assets to employees, collusion with customers).
3. Crimes by small business against customers and employees (for example, selling counterfeit goods, not paying over tax and national insurance contributions).
4. Crimes against financial institutions (for example, using lost or stolen credit cards, fraudulent insurance claims).
5. Crimes by individuals against government (for example, social security benefit claims fraud, tax evasion).
6. Crimes by professional criminals against major organisations (for example, counterfeiting, money laundering, advance fee fraud).
Those committing fraud may be managers, employees or third parties (sometimes customers or suppliers). A major reason why people commit fraud is because they are allowed to do so. The likelihood that fraud will be committed will be decreased if the potential fraudster (person who commit fraud) believes that the rewards will be modest, that they will be detected or that the potential punishment will be unacceptably high. Therefore, a comprehensive system of control is needed to reduce the opportunity for fraud and increase the likelihood of detection. (Prevention of fraud in detailed will be discussed in next article)
People commit fraud because of:
1. The perceived suitability of targets for fraud
2. The incapability of potential fraud victims to look after their interests
3. The motivation of potential offenders
As for most property-related crimes, there are three prerequisites for fraud to occur and controls for each of the three prerequisites will be discussed here as well:
1. Dishonesty - Dishonesty is generally defined as an individual's pre-disposition or tendency to act in ways that contravene accepted ethical, social, organisational and legal norms for fair and honest trading. Dishonesty can be dealt with by pre-employment checks on all new staff (especially references), careful srunity of staff by supervision and lifestyles that are not supported by salaries, severe discipline for offenders and effective moral leadership.
2. Motivation - In addition to a general disposition or willingness to act dishonestly, an individual will still need a specific motivation to do so. This is likely to involve a calculation of whether a given action is worthwhile. This will take into account the potential rewards in relation to the potential sanctions or negative consequences of the action, the likelihood of being caught and the likely punishment if caught. The individual's motivation for fraudulent behaviour may be financial need (in case of theft or fraud for monetary gain), a desire to exercise negative power over those in authority or a desire to avoid punishment (for example, in the case of cover up or manipulation). Often, the motivation is simply dissatisfaction, based on being passed over for promotion, poor pay or a feeling of carrying more than a fair workload. So for this prerequisite, it can be dealt by having good employment conditions, instant dismissals where necessary and have a sympathetic complaints procedure.
3. Opportunity - Even if a person is willing to act dishonestly, and has a motive of doing so, he/she must still find an opportunity or an opening to do so. This can be a "loophole" in the law or control system that allows for fraudulent activity to go undetected or makes the risk of detection acceptable, given the rewards potentially available. This prerequisite seems the most important one, for example, when a person is in a room alone with a $1000 cheque of someone being left in the room, the person has the opportunity to earn the $1000, can he forgoes this opportunity or is he honest enough to return the cheque to the person who left it? Some fraud prevention techniques are segregation of duties (separate duties for each employees) where possible, controls over inputs (especially cash), controls over processing, controls over outputs and physical security of assets.
In conclusion, an individual will have high incentive to commit fraud if he/she is predisposed to dishonesty and the rewards for the particular fraud are high (motivation) and there is an opportunity to commit fraudulent action with little chance of detection or with insignificant sanctions if caught.
In the above, I mentioned about pyramid trading schemes and advance fee fraud, here I will explain about it. Pyramid trading schemes are a system of selling goods in which agency rights are sold to an increasing number of distributors at successively lower levels. Distributors pay for these rights which become worthless as the pyramid grows. Advance fee fraud, also known as Nigerian money transfer fraud, is a fraudulent scheme to extract money from investors living in rich countries. Although these confidence trick originated from Nigeria, they have since become a worldwide criminal activity, they are carried out through the mail, fax and increasingly through email spam.
Finally I would like to introduce two more types of fraud: computer fraud and identity theft. Computer fraud may be easier to commit because of the centralisation of large databases and their accessibility by operators; because the segregation of duties possible with manual systems is not always possible with computer systems; and because technology makes access easier. Computer records are not visible and therefore it is more difficult to trace fraud and detect the deletion of files (as computer systems are lack of audit trails). The complexity of modern computer systems places those with expert knowledge in a privileged position if they are susceptible to fraudulent intentions. Increased control also reduces efficiency and increases cost.
Identity theft is the unlawful taking of another person's details without their permission. The information stolen can be used to obtain financial services, goods and other forms of identification, for example, passports and driving licenses. The information stolen can range from a copy of birth certificate to copies of discarded bank or credit card statements and utility bills. Once the criminals have copies of someone's identity, they can embark on criminal activity in their name with the knowledge that any follow-up investigations will not lead to them. This makes it difficult for organisations to know who they really are dealing with.
In this article, types of fraud are introduced. In the next article, I will emphasize on the internal controls to prevent fraud.
1. Crime against customers and clients (for example, misrepresenting the quality of goods, pyramid trading schemes).
2. Employee fraud against employers (for example, payroll fraud, falsifying expense claims, theft of cash, theft of stocks, disposal of assets to employees, collusion with customers).
3. Crimes by small business against customers and employees (for example, selling counterfeit goods, not paying over tax and national insurance contributions).
4. Crimes against financial institutions (for example, using lost or stolen credit cards, fraudulent insurance claims).
5. Crimes by individuals against government (for example, social security benefit claims fraud, tax evasion).
6. Crimes by professional criminals against major organisations (for example, counterfeiting, money laundering, advance fee fraud).
Those committing fraud may be managers, employees or third parties (sometimes customers or suppliers). A major reason why people commit fraud is because they are allowed to do so. The likelihood that fraud will be committed will be decreased if the potential fraudster (person who commit fraud) believes that the rewards will be modest, that they will be detected or that the potential punishment will be unacceptably high. Therefore, a comprehensive system of control is needed to reduce the opportunity for fraud and increase the likelihood of detection. (Prevention of fraud in detailed will be discussed in next article)
People commit fraud because of:
1. The perceived suitability of targets for fraud
2. The incapability of potential fraud victims to look after their interests
3. The motivation of potential offenders
As for most property-related crimes, there are three prerequisites for fraud to occur and controls for each of the three prerequisites will be discussed here as well:
1. Dishonesty - Dishonesty is generally defined as an individual's pre-disposition or tendency to act in ways that contravene accepted ethical, social, organisational and legal norms for fair and honest trading. Dishonesty can be dealt with by pre-employment checks on all new staff (especially references), careful srunity of staff by supervision and lifestyles that are not supported by salaries, severe discipline for offenders and effective moral leadership.
2. Motivation - In addition to a general disposition or willingness to act dishonestly, an individual will still need a specific motivation to do so. This is likely to involve a calculation of whether a given action is worthwhile. This will take into account the potential rewards in relation to the potential sanctions or negative consequences of the action, the likelihood of being caught and the likely punishment if caught. The individual's motivation for fraudulent behaviour may be financial need (in case of theft or fraud for monetary gain), a desire to exercise negative power over those in authority or a desire to avoid punishment (for example, in the case of cover up or manipulation). Often, the motivation is simply dissatisfaction, based on being passed over for promotion, poor pay or a feeling of carrying more than a fair workload. So for this prerequisite, it can be dealt by having good employment conditions, instant dismissals where necessary and have a sympathetic complaints procedure.
3. Opportunity - Even if a person is willing to act dishonestly, and has a motive of doing so, he/she must still find an opportunity or an opening to do so. This can be a "loophole" in the law or control system that allows for fraudulent activity to go undetected or makes the risk of detection acceptable, given the rewards potentially available. This prerequisite seems the most important one, for example, when a person is in a room alone with a $1000 cheque of someone being left in the room, the person has the opportunity to earn the $1000, can he forgoes this opportunity or is he honest enough to return the cheque to the person who left it? Some fraud prevention techniques are segregation of duties (separate duties for each employees) where possible, controls over inputs (especially cash), controls over processing, controls over outputs and physical security of assets.
In conclusion, an individual will have high incentive to commit fraud if he/she is predisposed to dishonesty and the rewards for the particular fraud are high (motivation) and there is an opportunity to commit fraudulent action with little chance of detection or with insignificant sanctions if caught.
In the above, I mentioned about pyramid trading schemes and advance fee fraud, here I will explain about it. Pyramid trading schemes are a system of selling goods in which agency rights are sold to an increasing number of distributors at successively lower levels. Distributors pay for these rights which become worthless as the pyramid grows. Advance fee fraud, also known as Nigerian money transfer fraud, is a fraudulent scheme to extract money from investors living in rich countries. Although these confidence trick originated from Nigeria, they have since become a worldwide criminal activity, they are carried out through the mail, fax and increasingly through email spam.
Finally I would like to introduce two more types of fraud: computer fraud and identity theft. Computer fraud may be easier to commit because of the centralisation of large databases and their accessibility by operators; because the segregation of duties possible with manual systems is not always possible with computer systems; and because technology makes access easier. Computer records are not visible and therefore it is more difficult to trace fraud and detect the deletion of files (as computer systems are lack of audit trails). The complexity of modern computer systems places those with expert knowledge in a privileged position if they are susceptible to fraudulent intentions. Increased control also reduces efficiency and increases cost.
Identity theft is the unlawful taking of another person's details without their permission. The information stolen can be used to obtain financial services, goods and other forms of identification, for example, passports and driving licenses. The information stolen can range from a copy of birth certificate to copies of discarded bank or credit card statements and utility bills. Once the criminals have copies of someone's identity, they can embark on criminal activity in their name with the knowledge that any follow-up investigations will not lead to them. This makes it difficult for organisations to know who they really are dealing with.
In this article, types of fraud are introduced. In the next article, I will emphasize on the internal controls to prevent fraud.
Subscribe to:
Posts (Atom)