If you hire employees in your business, this is one article that you cannot afford to miss. You work very hard for your business and it is only natural that you want to reap the fruits of your labour. However, do you know that your profits could be literally walking out the door due to lack of good internal controls and procedures every day?
When an employee steals $100 from you, have you ever wondered how much additional sales you would have to generate in order to make up for the loss?
If you are operating at a 10% net profit, it will take $1,000 in extra sales to make up for the $100 profit the employee stole from you. As your net profit percentage goes down, the amount of sales required to make up for the lost profit dollars increases.
Business owners will mostly agree that when most employees first join the company, they are basically honest. Most of the employees will truly wish that the companies that they have joined will perform well, so that they will also stand to benefit in terms of receiving better salaries, bonuses and career advancement.
However, basically honest people may be enticed to commit fraud in the company when three elements for fraud to happen are present, namely:
? Pressure - the cause of fraud, for example, a significant need for money, recognition, etc ? Opportunity - the ability to commit fraud, for example, in the presence of weak internal controls, management oversight, etc ? Rationalisation - the ability to justify the fraudulent act
As a business owner, you cannot do much about the two elements "pressure" and "rationalisation"; you must control the second element "opportunity". The ability to control "opportunity" effectively will help you significantly reduce the risk of employee fraud in your company.
Small businesses are particularly vulnerable to fraud. In general, these organisations have far fewer controls in place to protect their resources from fraud and abuse. Managers and owners of small businesses should therefore focus their control investments on the most cost-effective mechanisms to help prevent and detect the specific fraud schemes that pose the greatest risks to their businesses.
There are many internal controls you can put in place in your various business processes, such as procurement, revenue, fixed assets, human resource and accounting processes, to manage fraud risk. Below are 5 critical internal control mistakes to avoid in a business:
1. Inadequate segregation of duties
Fraud incidents, such as check tampering schemes, skimming and payroll frauds, are much more common at small organisations than at all other entities. This is because these conflicting business functions - the check writing, cash collection and payroll functions, respectively- are more likely to be performed by a single individual, such as a bookkeeper, and are often subject to less monitoring within a small organisation than in a large company where duties are more segregated and authorisation of transactions is more formalised.
Segregation of duties is one of the key concepts of internal controls. It is also one of the most effective internal controls in combating employee fraud. Segregation of duties contributes to an organisation's system of checks and balances. The concept of segregation of duties is to separate the following responsibilities in each business process: ? Custody of assets ? Record keeping ? Authorisation ? Reconciliation
Ideally, no individual employee should handle more than one of the above-noted functions in a process. When duties cannot be segregated, the business owner or manager should take into consideration the existence of compensating controls. Compensating controls are controls that are executed by an independent employee who does not have custody, record-keeping, authorisation or reconciliation responsibilities for the specified process.
2. Lack of control over system access rights granted to employees
Most businesses presently rely on at least some form of information systems to assist in their operations and processing of their data. In the absence of proper controls over system access rights granted to staff, staff may be more inclined to engage in fraudulent activities, especially when they are granted with excessive access rights in the system. It is therefore very important to ensure that access rights granted to all staff are aligned to their roles and responsibilities in the company.
A formal documented security administration process should be in place to ensure that all applications for new access rights to system applications and data are properly approved by the respective business units. A review of access rights granted to staff should also be conducted by the business unit management on a periodic basis to ensure that the granted access rights commensurate with job responsibilities over time
3. Inadequate monitoring
A lot of businesses lose money due to lack of monitoring of the company's operations and financial records. While most large companies have some sort of management review of controls, processes, accounts or transactions in place, most small businesses may not have the resources to implement similar type of monitoring mechanisms.
Monitoring is especially critical when employees' duties cannot be effectively segregated. It is very important for business owners and managers to understand that "Profit is an opinion; Cash is a fact". The amount of profit can easily be manipulated using different accounting treatments; however the amount of cash in the bank account as per the bank statement is a fact at any point in time. Besides monitoring the revenue and profit numbers, business owners and managers should therefore also closely monitor the amount of cash that is available in the bank.
Business owners and managers should ensure that reconciliation is performed periodically for important financial information, such as cash and revenue receipts. Reconciliation is the process of comparing transactions and activity to supporting documentation to ensure the accuracy and validity of the piece of financial information. It can be easily performed by comparing the relevant financial records to the supporting source documents or independent external source documents. For example, an effective bank reconciliation compares the amount of cash shown on the monthly bank statement (the document received from a bank which summarises deposits, cheque payments, as well as other debits and credits) with the amount of cash recorded in the company's ledger, with all differences noted between the two documents being properly accounted for.
4. Inappropriate tone at the top
Tone at the top refers to the ethical atmosphere that is created in the workplace by the organisation's leadership. Whatever tone management sets will have a trickle-down effect on employees of the company. For example, if upper management appears unconcerned with ethics and focuses solely on the bottom line, employees will be more prone to commit fraud because they feel that ethical conduct is not a focus or priority within the organisation.
It is therefore crucial to a company's success for executives and management to set an ethical tone of how employees should behave in the workplace and communicate this expectation to all employees. Companies should establish a Code of Ethics which includes concise compliance standards that are consistent with management's ethics policy relevant to business operations. This Code of Ethics should be properly communicated to every employee who will be required to read and acknowledge it.
Companies should also implement a whistleblower program, such as a confidential hotline. The mere mention of an anti-fraud, confidential hotline can deter fraud. Intensive promotion of an anti-fraud hotline number to employees sends the message that the company is encouraging an ethical environment by allowing employees to fearlessly report misconduct.
5. Lack of knowledge on fraud and the significance of internal controls
Fraudsters normally exhibit behavioural warning signs of their misdeeds. These red flags - such as living beyond one's means or exhibiting control issues - will not be identified by traditional controls. Unfortunately, unfamiliarity with red flags of fraud has always been one of the common key challenges to protecting a company against fraud.
Business owners and managers will easily agree that employees are the eyes and ears of a company; if something is amiss, they likely will know about it before management or the auditors. Staff members are one of the top most effective fraud detection mechanisms in an organisation. The 2010 Global Fraud Study published by the Association of Certified Fraud Examiners (ACFE) revealed that fraud is most commonly detected by tips, with employees being the most common source of tips.
Employee education therefore is the foundation of preventing and detecting occupational fraud. All employees (including upper-level personnel) should receive fraud prevention and detection training. This training can come in the form of classroom training or individual coaching and should cover the company's stance on corporate compliance, as well as employees' roles and responsibilities to report misconduct in the organisation. Employees should also be trained to recognise the common behavioural signs that a fraud is occurring and encouraged not to ignore such red flags, as they might be the key to detecting or deterring a fraud.
Besides the above-mentioned five critical internal control mistakes to avoid, there are a lot more internal controls that business owners and managers have to take note of. While preventive internal control measures go a long way towards minimising fraud risk for a business; it is impossible to eliminate fraud completely. It is critical for organisations to also put in place mechanisms to detect violations and monitor for further incidents to minimise unnecessary loss to the business.
