|
Posting by Debra Andrews
P: 301.272.6094 | E:
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
Identifying potential risks and instituting proper internal controls to mitigate these risks are essential components to effectively preventing occupational fraud. However, the risk assessment process must be a dynamic and continuous. As a company grows and changes, such as adding new employees and/or IT systems, it is important to reassess potential risks and revisit the internal control policies to ensure that they are still accomplishing their intended goal. Even if a company has not experienced major staff or structure changes, assessing control policies and risk areas on a regular basis will help to prevent fraud.
Setting up simple, regular intervals for review will help you to
create a sustainable assessment system. Here are some areas for regular
review:
Checking Account and Financial Statements. Review
your checking account and financial statements for suspicious amounts or
vendors. By keeping a regular pulse on the financial state of your
business, you will be more likely to recognize fraudulent activity.
These documents should be reviewed on a monthly basis.
For one particular engagement, a client approached Bond Beebe
because his company was more profitable than ever, but his cash balance
was always low. Our Forensic Team discovered that the Controller, who
had worked for the company for over fifteen years, had embezzled several
hundreds of thousands of dollars. The owner’s awareness of his
company’s financial state led to the discovery of these fraudulent
activities.
Segregation of Duties. Regularly review your company’s segregation
of duties for any gaps, especially if there has been staff turnover in
the accounting department. This issue is best dealt with as soon as an
employee leaves, but you may find it helpful to set a regular review
schedule to ensure that proper separation is maintained.
Technology Controls. When reviewing gaps from employee turnover,
don’t forget technology controls. Companies often forget to change
access codes and passwords when an employee leaves, leaving their
technology at risk. A regular review of policies and access levels will
help to prevent security breaches.
One particular control that Bond Beebe employs is an employee
termination checklist policy. The IT administrator must ensure that
checklist is properly completed prior to final payment of the former
employee and the actions on this checklist are initiated immediately
upon notification of the employee’s pending departure. The checklist
includes the following items:
- Access Security - disabling
network access, disabling e-mail access, and deleting contact
information from all company directories.
- Data Security - recovering
all data from the desktop hard drive and notifying vendors so that this
individual cannot place orders or incur obligations on behalf of the
company.
- Final Review – a thorough review of the checklist is performed to make sure all actions have been fully completed.
This
policy is more extensive than the items listed above, but this general
framework provides a helpful controls that serve to protect the
company’s technological assets.
Company Policies and Educational Processes. Each year, companies
should review their anti-fraud and whistleblower policies to ensure they
are still effective for the company’s current size and that they are
serving their intended purpose.
While these are general risk areas that affect every company, it is
essential to understand your business’ specific risks, which will depend
on your size, structure and industry. Involve your Board of Directors,
Audit Committee, or Certified Public Accountant as appropriate. Larger
organizations may want to engage a Certified Fraud Examiner to help it
review and develop the appropriate controls. A small time investment
upfront may just pay off by preventing costly occupational fraud.
|
