Fraud risk assessment in internal controls

Fraud risk assessment has emerged as an important component of internal control under the Committee of Sponsoring Organizations of the Treadway Commission’s updated integrated framework for internal control. The updated framework is effective for audits of fiscal years ending after December 15, 2014. Below are some suggestions of effective techniques for fraud prevention and detection:

  • Establish clear ethical standards
    • Management must set “the tone at the top,” establishing the importance of integrity and ethical values.
  • Publish an employee manual
    • An employee manual should include the guiding principles and values of your organization. It may also articulate an organization’s zero tolerance for fraud and instruct employees how to report suspected fraud. Additionally, it should convey the seriousness of fraud by outlining the consequences for those who commit fraud, including termination of employment and referral to legal and regulatory authorities. Also, articulate that your organization has a right to initiate civil or criminal action against anyone who commits fraud.
  • Establish a fraud hotline
    • Numerous studies have demonstrated the effectiveness of fraud hotlines. The most effective hotlines are toll free, ensure confidentiality and anonymity and operate 24/7. They also provide assurances to whistleblowers that they will not be retaliated against. Alternatives to hotlines include websites, ethics representatives and ombudspersons.
  • Conduct employee surveys
    • Confidential and anonymous surveys of a statistically meaningful sample of employees can spot problematic attitudes and behaviors among management and employees.
  • Require exit interviews
    • Employees who are leaving your organization may be more willing to provide candid feedback on morale. They also may disclose any fraud or misconduct they witnessed during their tenure with your organization.
  • Establish mandatory vacations for employees involved in financial operations
    • If an employee is engaging in fraud schemes such as lapping, fraud may be uncovered during the time the employee is away.
  • Consider how lay-offs or terminations will affect internal controls
    • Ensure that alternate procedures are in place to maintain internal controls when employees leave the organization. Be alert to fraud after lay-offs. Employees who feel that their job responsibilities have increased after colleagues have been laid off, may suffer low morale and be more likely to commit fraud.
  • Employ technology to detect fraud
    • Numerous data mining and data analysis tools exist that can identify hidden relationships among related parties as well as suspicious transactions. For example, Benford’s Law, which analyzes the frequency and distribution of digits in data, has been shown to be an effective tool in detecting fraud in journal entries and expense reports. This type of analysis is especially useful in situations where the individual committing fraud must keep the amounts involved under a specific amount to avoid internal controls. For example, disbursements to fraudulent vendors are kept under $5,000 to skirt a requirement for a second signature, or items on employee expense reports are kept under $25 to avoid exceeding a per diem maximum.

If you would like more information on how to implement effective internal controls and prevent and detect fraud in your business, KMM can help.  Call  us at 781.769.6300.

Written by Sarah Abbott


Additional resources:

AICPA and ACFE’s Guide to Managing Business Risk of Fraud

Benford’s Law

ACFE’s Fraud Prevention Check Up

AICPA’s Sample Fraud Policy