Fraud - Prevention

Fraud risk arises out of errors or events in transaction processing or other business operations. It is not easy to prevent fraud as the controls installed by people can be overcame by people. Fraud might be prevented through anti-fraud culture, risk awareness, whistle blowing and sound internal control systems.

Anti-fraud culture - Where minor unethical practices are overlooked, for example, expenses or time recording, this may lead to a culture in which larger frauds occur. High ethical standards bring long-term benefits as customers, suppliers, employees and the community realise they are dealing with a trustworthy organisation. Guiding principles could include:
1. Not acting in a way that could bring the organisation into disrepute.
2. Acting with integrity towards colleagues, customers, suppliers and the public.
3. Ensuring that business objectives are clearly stated and communicated.
4. Ensuring that benefits (whether to shareholders, customers or employees) are distributed fairly and impartially.
5. Safeguarding the confidentiality of personal data.
6. Complying with legal requirements.

Risk awareness - Fraud should never be discounted, and there should be awareness among all staff that there is always the possibility that fraud is taking place. It is important to raise awareness through training programmes. Particular attention should be given to training and awareness among those people involved in receiving cash, purchasing and paying suppliers, for example accountant, sales team and so on. Publicity can also be given to fraud that has been exposed. This serves as a reminder to those who may be tempted to commit fraud and a warning to those responsible for the management of controls.

Whistle blowing - Fraud may be suspected by those who are not personally involved. People must be encouraged to raise the alarm about fraud. An anti-fraud culture will be important in reinforcing the need for employees to express their concerns. However, management must realise that loyalties among workers, fear of the consequences and having unsubstantiated suspicions will prevent people from coming forward.

Sound internal control system - Sound systems of internal control should monitor fraud by identifying risks and then putting into place procedures to monitor and report on those risks. Here are some guidance on what is the quality of sound internal control system, the mnemonic SPAM SOAP would be useful:

Segregation of duties - Executive tasks should be separated from control tasks. One of the prime means of control is the separation of those responsibilities or duties which would, if combined, enable one individual to record and process a complete transaction. Segregation of duties reduces the risk of intentional manipulation or error and increases the element of checking. Some functions should be separated whenever possible. For example, authorisation, execution and custody. An example of segregation of duties concerns the receipt, recording and banking of cash. It is not a good idea for the person who opens the post to be the person responsible for recording that the cash has arrived. It would be even poorer practice for that person to be responsible for taking that cash to the bank. If these duties are not segregated, there is always the chance that the person misappropriate or steal the cash and no one would know.

Physical controls - These are concerned with the custody of assets and records and are also concerned with ensuring that access to assets and records is only permitted to authorised personnel. Procedures and security measures are needed to ensure that access to assets is limited to authorised personnel. Such controls include locks, safes, CCTV and entry codes.

Authorisation and approval - All transactions should be authorised or approved by an appropriate responsible person. The limits for these authorisations should be specified. For example, in a purchasing system there should be authority limits, where purchases of amounts exceeding those limits require higher authority.

Management controls - Management controls are exercised by management outside the day-to-day routine of the system. These include the following: overall supervisory controls, review of management accounts and comparison with budgets, internal audit function and special review procedures.

Supervisory controls - Any system of internal control should include the supervision by responsible officials of day-to-day transactions and the recording of them. Remember that supervisor acts as an important role in internal control process.

Organisation as a control - Enterprises should have a plan of their organisation, defining and allocating responsibilities and identifying lines of reporting for all aspects of the enterprise's operations, including the controls. There must be a well-defined organisational structure showing how responsibility and authority are delegated. An effective plan would require:
1. separation of a company's operations into appropriate divisions and sub-divisions.
2. appointment of person to assume responsibility.
3. establishment of clear lines of responsibility between each division and sub-division and the board of directors.
4. Overall coordination of the company's activities.
This will help to prevent friction so that staffs work together well. It also means that no duties go unperformed or unchecked.

Arithmetical and accounting controls - These controls are within the recording function and check that the transactions to be recorded and processed have been authorised, that they are included and that they are correctly recorded and accurately processed. This includes: checking the arithmetical accuracy of the records, the maintenance and checking of totals, reconciliations, control accounts, trial balances and accounting for documents.

Personnel controls - These are procedures to ensure that personnel have capabilities appropriate to their responsibilities, since the proper functioning of any system depends on the competence and integrity of those operating it. The qualifications, selection and training of the personnel involved are important features to be considered in setting up any control system. For example, a company accountant should be suitably qualified.

This article about prevention of fraud ends here, in next article I will write about the indication of fraud.