Occupational frauds: the role of the internal control system
Occupational frauds: the role of the internal control system
An adequate level of awareness of the elements that contribute to the perpetration of frauds is the first step to avoid being caught unprepared.
The ‘Report to the Nations 2018’ survey conducted by ACFE provides a useful insight, as it reviews real fraud cases occurred at a global level and analyses all the relevant aspects to identify the critical issues that may have led to the perpetration of the fraud or the duration of the fraudulent activity over time.
Anglo-saxon literature defines the three elements that must be present for a fraud to occur as the ‘Fraud triangle’:
- pressure: managers or employees feel some form of pressure pushing towards fraud
- opportunity: the lack or inadequacy of internal controls provide an opportunity to perpetrate the fraud
- rationalisation: the fraudster manages to justify its conduct as compliant with his/her personal code of ethics.
One of the critical issue identified by the ACFE survey is the inadequacy or lack of a proper internal control system. Indeed, it represents the opportunity – as defined in the ‘Fraud Triangle’ – for the perpetrator to commit the fraud.
As reported in the ACFE survey, 30% of the frauds have occurred for lack of internal controls, while 19% of the cases involved fraudsters who managed to override existing controls within the organization.
As further evidence, the chart below shows the main reasons that contributed to the occurrence of frauds:
The chart below, sourced from the ACFE survey, provides an insight about how the lack or inadequacy of the different steps in the internal control system have influenced the fraudulent scheme perpetrated.
Asset misappropriation and financial statements frauds find fertile ground in the weakness of internal control systems, while corruption schemes are most common in cases of poor tone at the top, where the management does not provide suitable code of conducts that clearly state what is permitted and what is forbidden.
To put the above in context, we provide below a case study, recently occurred in Italy:
Case study
A medium-size distribution company employing an account manager fully trusted by the management, with a high seniority and free access to all the corporate procedures. The fraud was perpetrated over more than 10 years and caused aggregate losses equal to approx. 23 million Euro, which caused the company to file for a bankruptcy procedure.
The account manager was also in charge of liaising with the key accounts of the company, overseeing payments of invoices and bank reconciliations. During the years, she embezzled the monies paid by the customers by altering the accounting records and the bank statements so to conceal the fraud from the audit company and the board of statutory auditors. The fraud, discovered by accident, covered a long time-span and the organization managed to recover only a small part of the losses suffered.
A greater segregation of duties within the organization and more accurate management reviews would have prevented/limited the fraud or at least reduced its duration.
The ACFE survey also shows that the presence of adequate control instruments may influence the size of losses and the duration of fraudulent schemes.
As shown in the chart above, proactive data monitoring/analysis along with surprise audits are efficient instruments to detect frauds and reduce their duration.
It is important to notice that according to the ACFE survey only 37% of victim organizations have implemented these controls.