Are your controls working? Two fraud studies cast doubt

Are your controls working? Two fraud studies cast doubt
By Juliette Fairley

Occupational frauds are more likely to be detected by tip than by any other means.

According to a report released by the Association of Certified Fraud Examiners (ACFE), that doesn’t mean controls aren’t working but rather companies must keep up controls despite a down economy.

For example, if two employees sign checks in accounts payable and one of them is laid off, company officers would do well to name a back-up immediately.  ‘Firms need to regularly test their controls to see if they work. In a bad economy, the tendency is to ease up on procedures,’ says Ken Springer, author of Digging for Disclosure. ‘When there are shortcuts around policy and procedures is when fraud can occur.’

The risk of back office fraud is growing as companies and employees struggle in the wake of the recession, according to a study by the Institute of Financial Operations.

About 72 percent of finance managers in an informal poll reported seeing an increase in cases of back office fraud. The losses eventually affect shareholder profits.Fraud schemes can include the creation of fake vendors, billing for nonexistent goods, checks written to dummy companies and kickbacks from vendors.

The question is not whether controls are working but whether they are being followed, says Donald Klaskin, managing director of Corporate Resolutions, a controls testing company. ‘Publicly traded larger to mid-size firms have controls, such as internal audit groups, external auditors and compliance officers that certify financial statements,’ says Boston-based Klaskin. ‘Thus, there are best practices in place. The question is whether controls are being followed.’

According to ACFE’s study, about 40.2 percent of US frauds were detected by tip, 15.4 percent by management review, 13.9 percent by internal audit, 8.3 percent by accident, 6.1  percent by account reconciliation, 5.2 percent by document examination, 4.6 percent by external audit, 2.6 percent by surveillance, 1.8 percent by police, 1 percent by confession and 0.8 percent by IT controls.

‘Controls are not responsible for catching fraud but they can stop fraud before it begins.  Just because employees can circumvent controls to commit fraud doesn’t mean your controls are bad,’ says Allan Bachman, education manager with the Association of Certified Fraud Examiners in Austin. ‘It means controls are not 100 percent foolproof.’