Businesses are growing, revenues are finally stronger, and many companies have worked hard in the last few years to reduce waste and cut costs. Yet with all that effort, many companies still have only rudimentary controls in place. According to the ACFE 2010 Report to the Nations on Occupational Fraud and Abuse, a typical organization loses 5% of its annual revenue to fraud. That's a pretty significant piece of the pie if you ask me!
You can start now to reduce the incentive and opportunity for fraudulent activity. There are three primary areas owners and executives should focus on when implementing a fraud control program: money, property, and data. Some controls, such as eliminating signature stamps, are obvious and may already be in place. However, here are some procedures that are often overlooked or not even considered:
- Restrict access to the accounting system report writer. This will prevent a user from temporarily hard-coding a false vendor name on a check form, and then changing the name back before the fraud is detected.
- Implement electronic workflow by requiring a multiple-person review and approval on complex transactions, large dollar amounts, and employee expense reports.
- Lease equipment such as servers and workstations, and require sign-off on items actually received. This way you will avoid payments to a finance company for things the provider didn't deliver or put in service.
- Cycle-count high value inventory items, and segregate shipping from receiving duties.
- Record the issuance of company property to employees, especially cell phones and laptops, and make sure to tag those mobile assets for future tracking.
- Separate the duties of IT personnel. People administering a network should not be responsible for data backups and disaster recovery.
- Replace backup tapes with modern and more secure backup solutions.
- Employee handbooks should include policies on locking workstations and securing login credentials.
- Consider implementing compliance software for your accounting solution to alert you of potential conflicts and changes made within the database.
If you think there are weaknesses in your organization, visit SVA's Fraud Risk Assessment section of our website or contact me at 608-826-2400 for more information on any of the above procedures.