When thinking through fraud prevention strategies, consider the 10-80-10 Rule to Ethics1. This rule is based on the assumption that 10 percent of the people are ethical all of the time, 80 percent could behave unethically depending on the situation, and 10 percent are unethical all the time.
Understand the breakdown of fraud risk
Preventative and detective controls are used to combat the 80 percent of employees from misappropriation of assets and accounting financial statement fraud. Preventative controls, such as system segregation of duties and board approval before a change is implemented, are used to prevent the 80 percent of employees that could commit fraud given the situation. Detective controls, such as account reconciliations, are used to identify issues after the fact. Considering the statistics, companies should develop a strong internal control structure to help them prevent and detect fraud.
Does your company have a strong internal control environment? The following controls would be indicators that you do:
- Monitoring of material purchases. The company has at least two levels of approval for expenses or purchases over a set threshold.
- Limited access to supplies, inventory, and financial systems. Restricting access to equipment, office supplies, and accounting systems can prevent theft of property and financial statement manipulation.
- Inventory purchases and invoices have an audit trail. From purchase requisition to final payment, the accounting system should be capable of identifying pertinent information such as who requested the purchase, who approved the purchase, and who authorized payment.
- Ability to compare budgeted amounts to actual amounts spent. Budgetary control is a useful tool to detect purchasing schemes. Thefts would be detected if meaningful reviews of budgets to actual spending are done on a regular basis, and anomalies are researched accordingly.
- Analytical review of expenses. Fraud indicators may become apparent after a review of detailed data extracts. Periodically, the company should review purchases to ensure they are appropriate.
Prevention and detection controls may not be enough to stop the unethical 10 percent of employees from perpetrating fraud. If fraud has occurred, the following data trails may lead to fraud. Incorporate the following into your analytical techniques:
- Calculation of statistical parameters. Identify outliers that could indicate fraud. For example, research the highest and lowest values, or expenses that are higher than the average expense.
- Classification. Find patterns amongst data elements, and research outliers to the pattern.
- Stratification of numbers. Identify unusual entries, such as those that are excessively high and/or low.
- Digital analysis using Benford’s Law. Identify unexpected occurrences of digits in naturally occurring data sets.
- Joining different diverse sources. Identify matching values such as names, addresses, and account numbers, where they shouldn’t exist. For example, matching employee listings to vendors, when a conflict of interest is not known.
- Duplicate testing. Identify duplicate transactions such as transactions with duplicate invoice amounts, check payment amounts, or claim numbers.
- Gap testing. Identify missing values in sequential data where there should be none, such as check numbers or purchase orders.
- Validating entry dates. Identify transactions posted to the general ledger during suspicious times, such as when a user was absent from work, on the weekend/holiday, or by people who should not have access to the accounting system.
For more information on this topic, or to learn how Baker Tilly forensic investigation specialists can help, contact our team.
1Freudian Thinking to Prevent Fraud. National Association of Corporate Directors. July 6, 2012.