A complete understanding of internal controls is critical for fraud investigations.
When we were kids, there was one “F” word that no adult wanted to hear from us! Now that you run your own company, there is a new “F” word you never want to hear. That word is Fraud.
Over my years in the accounting profession, and in my experience with forensic investigations, I’ve seen fraud in many forms. Some schemes are sophisticated and hidden, and some are done with absolutely no effort to conceal them. But in every investigation, I’m asked, “How did this happen?” and “How could I have prevented this?”
The answer is the same for both questions: internal controls.
Outside of collusion, almost every form of fraud happens through a lack of internal controls. These controls are crucially vital for the security of the financial aspects of any company. They are the security guard watching over your money. Would you leave your wallet on a park bench and expect it to be there when you came back hours later? No. But without internal controls, you are essentially doing the same thing.
Accounting professionals love to talk about the segregation of duties within the financial realm of an organization. But what does this really mean for your company’s financial controls?
Each of these principles represents a part of the cash receipt and disbursement cycle of your business.
Custody is the actual access to cash, whether that be the petty cash drawer or the bank account.
Authorization is, among other things, the ability to either order a product, write-off an accounts receivable, or sign a check.
Recording is the simple task of recording the transaction in the general ledger.
Monitoring, the most crucial of all the principals, is the review of accounting transactions.
When we ask how fraud has happened, we must look at the breakdown of the controls within your company. Most times fraud occurs because one individual has access to all four categories. Alternatively, in some companies the jobs are segregated appropriately, yet fraud still happens. This is due to a breakdown in the monitoring step.
When I do a forensic investigation, one of the first things I start asking is for the company’s documentation on their internal control policy. Then I interview the company personnel and build a map as to who had access to which aspects of the company’s finances, and who was responsible for monitoring.
In an ideal world, a business would have four separate people overseeing each of these categories. However, for a small or medium business, this can be financially prohibitive. Some businesses simply have a limited accounting staff. But even with limited staffing, one person should not have unlimited access.
The first and easiest remedy is to oversee the monitoring function of your controls. To put it simply, review bank reconciliations, account reconciliations, journal entries to accounts receivable, and the cash flow of your business.
Then talk to a professional strongly versed in accounting procedure about your internal controls. Many times, just having a conversation with an outside professional will help you personally identify the control weaknesses within your business.
A third step is to hire a virtual controller or virtual chief financial officer (CFO). A virtual team member from Hovland Forensic & Financial costs a fraction of the amount of an in-office staff and still adds another layer of protection to your internal controls. The analytic abilities of the controller or CFO will help to identify any issues that may come up and also assist with the strategic vision of your company.
Steve Hovland, a certified public accountant and forensic accountant, brings to his duties more than 20+ years of experience in audit and accounting services as well as forensic investigations.