control, and governance
The Importance of Strong Controls
Studies remind that without internal controls, organizations are extremely vulnerable to a host of fraud schemes.
Lack of internal controls is most commonly cited as the factor that allows fraud to occur, according to the Association of Certified Fraud Examiners' (ACFE) 2008 Report to the Nation on Occupational Fraud and Abuse. Thirty-five percent of respondents to ACFE's survey cited inadequate internal controls as a primary contributing factor in the frauds they investigated.
Managing the Business Risk of Fraud: A Practical Guide, a report published by The Institute of Internal Auditors, The American Institute of Certified Public Accountants, and ACFE, points out that no system of internal control can provide absolute assurance against fraud. However, an organization's board of directors and management should ensure the organization develops a system for prompt, competent, and confidential review, investigation, and resolution of instances of noncompliance and allegations involving potential fraud.
Asset misappropriation schemes, commonly occurring frauds in which the perpetrator steals or misuses an organization's resources, often succeed because of weak controls. Examples of asset misappropriation include false invoicing, payroll fraud, and skimming. The 2008 Report to the Nation shows that asset misappropriation has the highest percentage of occurrence at 88.7 percent — a drop of 2.8 percent since ACFE's 2006 report. Delving further into asset misappropriation, billing and check tampering frauds rank highest among this class in the 2008 report with a 24 and 15 percent occurrence rate, respectively.
A lack of internal controls over areas like billing and accounts payable can allow frauds to go undetected for months or years. Out of 925 cases included in The 2008 Report, the median length of time a fraud scheme went undetected was 24 months. Billing frauds came in at 24 months while check-tampering frauds went undetected for 30 months.
"No Work, Great Pay," featured in the June 2007 issue of Internal Auditor magazine, offers a real-life example of an asset misappropriation scheme involving check tampering and billing fraud where an account manager siphons payroll distributions through a delayed employee termination scheme.
COMMENT ON THIS ARTICLE
Internal Auditor is pleased to provide you an opportunity to share your thoughts about the articles posted on this site. Some comments may be reprinted elsewhere, online, or offline. We encourage lively, open discussion and only ask that you refrain from personal comments and remarks that are off topic. Internal Auditor reserves the right to edit/remove comments.