Do you consider your internal controls to be well discerned and clearly documented? Is your “internal control documentation” an accumulation of accounting step procedures in contrast to clear-cut identification of controls that reside within those step procedures? Controls can falter in any environment with changes in personnel, changes in management, changes in vendors, changes in systems or many other possible alterations in the company culture. To be an effective system, a company’s internal control program must be a practice of continual annual update along with annual communication of status to the audit committee, or at a minimum, the board of directors. Control documentation should not simply be an item housed in an electronic file cabinet or side drawer to be pulled out periodically and handed to an auditor or regulatory examiner.
The recently issued 2016 Report to the Nations on Occupational Fraud and Abuse by the Association of Certified Fraud Examiners provides sobering information taken from 2,410 actual reported cases reported between the periods of January 2014 – October 2015.
Some Sobering Fraud Statistics:
Organizations of varying sizes tend to have differing fraud risks. Corruption was more prevalent in larger organizations, while check tampering, skimming, payroll, and cash larceny schemes were twice as common in small organizations;
- The median loss suffered by smaller organizations (fewer than 100 employees) was the same as that incurred by the largest entities (more than 10,000 employees);
- The most prominent organizational weakness contributing to the fraud cases reported in the 2016 report was the lack of internal controls. This was followed by override of internal controls as the second-most weakness;
- The most common concealment methods were creating and altering physical documents;
- The most common detection method observed in the 2016 results was tips, particularly those organizations with formal reporting hotlines. The mistaken consensus is that secure hotlines are only for the large institutions. A hotline can be established independently and externally for any size company;
- Fraud perpetrators tended to reveal behavioral warning signs when engaging in their crimes (in 78% of the cases, common red flags included financial difficulties, recent divorce, excessive control concerns, living beyond means, close association with vendors) – the majority of occupational fraudsters were first time offenders;
Every company should have a strategy to combat fraud, consisting of at least a reasonable program that clearly indicates what measures are being taken to prevent fraud. It is a living process that must be continually assessed and discussed among management and their governance committees.