In the current economic climate business fraud is on the increase. What can you do protect from business fraud?
The following are the processes, procedures and controls we would recommend that you put into practice in your business to reduce the risk of business fraud:
1. Organisational Controls – Define and allocate responsibilities within the organisation. Every function should have a person who is responsible for it. That person is answerable in relation to that function. In all cases the delegation of authority and responsibility should be clearly defined for organisation control.
2. Segregation of duties – It is more difficult for an individual to commit a fraud if they are not involved in all steps in a process, e.g. posting purchases, paying of creditors and reconciliation of creditor’s ledger. The involvement of several people reduces the risk of intentional manipulation or accidental error and increases the level of checking. Functions which should be separate are:
While small businesses may find this difficult even the involvement of a second person in a process can be beneficial.
3. Accounting controls. Examples of accounting controls would be the preparation of monthly bank reconciliations, creditor ledger reconciliations, preparation of monthly management accounts and comparing actual results to budgets and investigating variances to ensure no usual transactions are missed.
4. People Control - Recruit the right people by selecting an individual with appropriate skills and training. The importance of reference checks for training and employment is important to ensure they are the right person for the job and not putting themselves in a position to exploit your organisation. Also for current staff, management need to ensure that the staff are motivated and their training needs are being met.
5. Physical Controls – This relates to the physical custody of assets and the procedures to restrict access to authorised personnel only. Physical controls are vital for assets that are valuable, portable, exchangeable and desirable. Examples of controls would be passwords for computers and lifts, keys / swipes cards for access to stock room or warehouse.
6. Risk Register - Identify your businesses risk areas by maintaining a risk register which will enable you to identify the areas most at risk in your business. The company’s policies and procedures can then be specific to these areas.
7. IT Controls – Each staff member should only have access to the information required for them to carry out their duties and changes to a posting should only be possible by the authorisation of a more senior employee. This access should be password protected which is changed regularly to maintain IT Control.
8. Information Controls - Dispose confidential information safely. A policy should exist for the storage and disposal of confidential information to avoid unauthorised access.
9. Sequential numbering – To assist the easy identification of any missing sales invoices or cheques these documents should have sequential numbering which is used when they are being issued. Any gaps in the sequential numbering should be reported to the relevant manager and an explanation provided.
10. Supervision – All actions by all levels of staff should be supervised. Responsibility for supervision should be clearly laid down and communicated to the staff being supervised
11. Authorisation and Approval Controls – Reporting lines should exist between staff and should be clearly documented and communicated to staff. All transactions should require authorisation or approval by an appropriately defined person. The authorisation limited should be defined. Example, all office stationery purchases may be approved by the office manager up to €500. Above this amount approval of the financial controller is required.
For further information, please contact Deirdre McDermott, Director - OSK Audit
A video message from Tadgh O'Sullivan, Director.
To request a call back from the OSK team, please complete the form below.