Printer Friendly

Focus on fraud: internal controls, audit policies--and a tough stance--can help deter fraud.

Consumer fraud in California amounted to $53 million in 2004, according to the Federal Trade Commission. To stop fraud in its tracks, it's necessary to understand the four general elements that must occur to establish fraud:

* A misrepresentation of material facts;

* Knowledge of the falsity of the representations made with the intent to deceive;

* Reliance by the victim upon the misrepresented facts; and

* Actual injury resulting from the misrepresentation.

Typically, fraud occurs in the shadows. While a bank robber steals with a gun in front of employees and customers, the person who steals by committing fraud generally goes unseen.

Three conditions characterize fraud: incentive or pressure, opportunity and rationalization. Examples of incentive or pressure include greed, living beyond one's means or personal financial losses. Opportunity may be found in acts such as taping passwords to computer monitors or leaving signed checks in unsecured areas. Rationalization is demonstrated by attitudes or comments such as "they owe me" or "they have more than enough money to spare."


The first line of defense against fraud is a strong system of internal controls. While a lack of internal control does not guarantee fraud will take place, it does open the door a bit wider. If people intent on committing fraud think they may be blocked by strong internal controls, they will be deterred.

Examples of poor internal controls include:

* Lack of segregation of duties, such as an individual making bank deposits, posting them to the accounts receivable system and performing monthly bank reconciliations;

* Poor physical controls over inventory, marketable securities or blank check stock;

* Inadequate documentation and support for cash disbursements;

* Inadequate or obsolete accounting software; and

* Failing to perform independent verification, such as spot checks of physical inventory.

To prevent these failures, companies should conduct periodic risk assessments, lead by either internal or external auditing staff. The assessments should focus on high-risk areas, such as physical controls relating to high-dollar fixed assets, cash, marketable securities, payroll and inventory.

Specific questions should be raised during these assessments: Is there a policy of locking doors and filing cabinets after business hours? Does the company require the use of identification numbers and passwords, which are kept secured and rotated on a regular basis? Does the company have a policy of mandatory vacations and job rotations? Does the company have at least one back-up copy of all data and software files stored at a secure off-site storage location? Does the company run background checks on new employees?


Increasing the perception of detection is the most cost-effective method to prevent fraud. Internal controls that are hidden from employees' view fail to do this job. It is important that employees, managers--even executives--are aware of the controls and that the auditors regularly test them.


It is also important that companies have an ongoing training program to educate employees that illegal conduct in any form will not be tolerated. The company must maintain a zero-tolerance policy when it comes to fraud and actively pursue its eradication no matter what the dollar amount. In short, there is no materiality when it comes to fraud.

Management oversight is a critical deterrent to fraud. Employees who commit fraud often use the proceeds to upgrade their lifestyle. While the sudden unexplained appearance of expensive cars, outrageous vacations and costly clothes doesn't necessarily mean an employee is committing fraud, the circumstances can be warning signs to management.


If employees believe a minor fraud may go undetected and not prosecuted, then they are more likely to believe a major fraud can be committed. All employees should be advised of the company's policies regarding fraud at the time of hire.

In addition, the company should require the signing of an annual statement acknowledging the policy's existence.

The punishment for violating the policy should be spelled out so employees know that if they get caught, they will be subject to termination and possible criminal prosecution.

Failure to carry out these policies indicates fraud is tolerated and invites further occurrences.


Reporting suspicious behavior by fellow employees is an important fraud deterrent and employees must be able to provide the information anonymously and without fear of recrimination.

To do this, there should be a method for reporting the information so employees know where to go, whether it's to a responsible party inside or outside the company. There also should be a written policy explaining how an investigation will be conducted, who will perform it and how the results will be provided to management.

Those accused have a duty to cooperate with the investigation, but at the same time, maintain their contractual and constitutional rights. It is important that the company attorney be consulted early in the investigation to prevent the violation of these rights.

Hotlines for reporting waste and fraud have proven to be highly effective, and can be staffed by either a part-time employee or an independent third-party company. The phone number should be promoted inside the business; popular techniques include posters in common areas and periodic distribution of fliers.

It is essential that all calls to a hotline are thoroughly and publicly investigated, but protect the identity of the caller. Even if calls result in false alarms, the investigations provide a effective deterrent.

Rewards offered to employees for information leading to the recovery of merchandise, property or money likewise have proven to be an effective tool.

Companies should establish strict criteria for the payment of rewards and such proposed policies should be reviewed and approved by the company's attorneys. The size of the reward should be tied to a percentage of the collection with a reasonable maximum amount.


An ethics policy allows management to communicate its philosophy regarding fraud. The policy should include: background; scope of the policy; specific actions that constitute fraud or other inappropriate conduct; investigative responsibilities; confidentiality of investigations; procedures to report findings of the investigation; and the company's termination policy and potential criminal prosecution and penalties.


Audit policies come from upper management and direct the internal and external auditors to aggressively seek inappropriate conduct. Many internal frauds are discovered as the result of analytical review. While performing calculations relating to gross profit analysis, cash ratios and decreasing cash to total current assets, unexplained variances become illuminated.

For example, if the company suddenly suffers a material decline in its gross profit percentage, the outside auditor should investigate its cause. In addition, bank statements should be examined for unusual patterns, dual endorsements or unfamiliar vendors.

The company should use its accounting software to locate unusual or irregular transactions. For example, the vendor list occasionally should be sorted by address and the auditor should test for multiple vendors with the same address or addresses located in residential areas, trailer parks or other non-traditional areas.

Another example would be to examine the cash disbursements journal by sorting by vendor name and then by dollar amount to look for duplicate payments or multiple payments in a close time span to stay under an employee-payment limit.


Contrary to popular belief, fraud and a CPA's responsibility to detect it are not limited to audit-related engagements.

For example, a main method by which CPA firms get tagged for the responsibility for fraud detection in less than audit engagements is bank reconciliations. Clients and juries look at bank reconciliations as a fraud detection device. They expect CPAs to examine the signature, endorsements and compare payees to the accounting records. This isn't the traditional CPA's view of bank reconciliations.

The problem is, at the time the service is rendered, the client often will not pay for the more involved type of bank reconciliation. After embezzlement occurs, however, they always say they would have gladly paid for a more extensive review.

To counter this expectation gap, the CPA can offer two types of services: the traditional bank reconciliation and one with extended procedures designed to detect fraudulent activities. This process helps protect the CPA and offers another opportunity to educate the client about the fraud.


Workplace tensions, whether related to compensation issues, unrealistic profit margins or setting rapid growth goals, can create an environment ripe for fraud. By setting reasonable profit margins or growth objectives, management reduces the need employees may feel to create phony billing or imaginary customers to meet management's objectives.

As to other workplace tensions or compensation disagreements, management should have fair mechanisms in place to deal with employee grievances.

The company also should seek ways to minimize outside pressures on employees to commit fraud. Many companies have introduced programs to help employees with everything from marriage problems to financial difficulties. If these issues can be addressed, they reduce the need for the employee to commit fraud to support these problems.

Strong internal controls, proactive auditing of records and analysis of key financial trends are effective tools in the battle against fraud. Clear policies and zero tolerance toward fraud, along with employee support programs, help create the proper control environment.

A well-organized and orchestrated policy will help shed light on any fraud activity that may be lurking in the shadows.


Adrian Stern, CPA Cr.FA is a partner at Clumeck, Stern Schenkelberg & Getzoff and an instructor for the California CPA Education Foundation. You can reach him at
COPYRIGHT 2005 California Society of Certified Public Accountants
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2005, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

Article Details
Printer friendly Cite/link Email Feedback
Author:Stern, Adrian
Publication:California CPA
Date:Sep 1, 2005
Previous Article:PFP: what it takes: credentials, time commitment among considerations of offering PFP services.
Next Article:Valuation standards: opposing the inclusion of tax in proposed valuation standards.

Related Articles
Combating fraud: know the facts.
Let them know someone's watching; from the boardroom to the mailroom, all fraudsters think alike.
Taking a bite outta fraud. (Fraud Standards).
Auditors' responsibility for fraud detection: SAS no. 99 introduces a new era in auditors' requirements.
Seven professional associations jointly issue antifraud programs and controls for management.
Achilles' heel: management override of internal controls a weak link in fraud prevention.
How Section 404 can help deter fraud: more than simply an exercise in compliance, Sarbanes-Oxley's section on internal controls can be a good...
Spotting fraud.
Guidance issued on management override of internal controls.

Terms of use | Privacy policy | Copyright © 2021 Farlex, Inc. | Feedback | For webmasters