Employee Fraud and Internal Controls

Two people going over a paper with charts.

Over the past decade, business owners have become quite privy to the dangers and signs of fraud schemes. While credit card alerts and vendor screenings have become almost second nature, business owners often overlook one of the most common sources of fraudulent activity — their employees.

From high mortgage debts, climbing costs of living, budget cuts, and increasing costs of health care, there’s a clear (potential) motive for employees to turn to fraudulent behavior. A 2022 study by the Association of Certified Fraud Examiners (ACFE) revealed more than $4.7 trillion is lost annually to occupational fraud worldwide.

So what can you do to protect your company? Having a strong set of internal controls is the most effective and efficient way of protecting yourself against those looking to skim money off your bottom line. This does not need to be a complete internal control evaluation and implementation, but evaluating critical transaction cycles and putting controls in specific key steps can go a long way to mitigating the risk of employee theft.

10 Signs There May be an Issue

Here are ten signs that there may be an issue with financial fraud in your company – stay vigilant and watch out for these warning signals.

  1. Unexplained variances between budgeted and actual costs
  2. Large liabilities related to unexpected contracts
  3. Employees living beyond their means or making sudden big-ticket purchases
  4. Abnormal changes in account balances
  5. Unusual write-offs or questionable transactions
  6. Shortages in cash, investments, or other assets
  7. Abnormal employee behavior (increased complaints, secretive about job function, unwillingness to cross-train, refusal to use vacation days, diversion of scrutiny under audit)
  8. Infrequent or late financial reports
  9. The accounting staff is behind by more than three months on the preparation of monthly bank reconciliations
  10. Unexplained inventory shortages

Two Categories of Controls

Even if your company has a squeaky-clean fraud history, it’s a good idea to have the right controls in place to prevent attacks from happening in the future. There are two categories of controls: passive and active. Passive controls exist to prevent someone from having the opportunity to commit fraud, while active controls prevent the possibility of fraud from occurring.

Types of Passive Controls:

  1. Audit trails and traceable trails
  2. Review process and procedures
  3. Focused or surprise audits
  4. Surveillance
  5. Rotation of personnel

Types of Active Controls:

  1. Segregation of duties and functions
  2. Physical asset control (locks, check out systems passcodes, etc.)
  3. Document matching
  4. Signatures, signoffs, and document countersigning
  5. Passwords and PINs for mobile devices and computers

It’s important to remember that internal controls are a process, not a means to an end. They must be properly communicated, remain consistent and always stay enforced. To work effectively, internal controls must be persistently followed by every employee, manager, and even owners. If your employees believe that someone is paying attention, then the chances of them attempting fraud will be moderated.

10 Best Practices to Implement

Protecting your business from financial fraud is crucial for its growth and stability. By implementing these ten best practices, you can reduce the risk of fraudulent activities within your organization.

  1. Use payee positive pay
  2. Have Automated Clearing House (ACH) Protections
  3. Utilize direct deposit for payroll
  4. Daily reconciliation of bank accounts
  5. Implement vendor verification procedures
  6. Have controlled access to all payments and processing areas
  7. Separation of powers: Ensure that the person reconciling the bank accounts is different than the check signer, and be sure the person preparing daily bank deposits is different than the person posting customer payments to the general ledger
  8. Have as few bank accounts as possible: Be extra cautious if your organization has multiple bank accounts and know the business flow of each
  9. Question accounts that you are unaware of or may not know a lot about
  10. Set up an anonymous way for your employees to alert you if they have concerns or suspect fraud

Third-Party Help for Fraud and Internal Controls

While these best practices are a great start to building a strong safeguard, it’s a good idea to leverage a third-party to review your business and uncover potential problems. If you’d like to learn more about how an internal audit can help strengthen your company’s infrastructure, one of our internal control specialists is here to help.