Effective Internal Fraud Controls Reviewed by Momizat on . The Frontline of Fraud Risk Management Internal fraud occurs as the result of a series of weaknesses within internal control systems, which are at the top of th The Frontline of Fraud Risk Management Internal fraud occurs as the result of a series of weaknesses within internal control systems, which are at the top of th Rating: 0
You Are Here: Home » Practice Management » Effective Internal Fraud Controls

Effective Internal Fraud Controls

The Frontline of Fraud Risk Management

Internal fraud occurs as the result of a series of weaknesses within internal control systems, which are at the top of the fraud risk management pyramid. This article defines the three essential types of internal controls, their five interrelated components, and how they can be instituted for maximum protection.

Effective Internal Fraud Controls

Effective Internal Fraud Controls

Internal controls are perhaps the most essential element in managing risk in an organization. The absence or lapse of internal controls in an organization is a tempting open door or opportunity for fraud. When linked with the lack of integrity or with the ability to rationalize criminal behavior, this absence or lapse completes the fraud pyramid and allows an individual to engage in fraudulent activities, without admitting to being a criminal. 

Internal controls were defined in the COSO Report as “a process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:

  • Effectiveness and efficiency of operations,
  • Reliability of financial reporting, and
  • Compliance with applicable laws and regulations.â€1

There are five interrelated components of internal controls:

  • Control environment (e.g., tone at the top)
  • Risk assessment
  • Control activities or control procedures
  • Information and communication systems support
  • Monitoring.2

PCAOB and the SEC define internal control over financial reporting as ‘‘a process designed by, or under the supervision of, the company’s principal executive and principal financial officers, or person performing similar functions, and effected by the company’s board of directors, management, and other personnel, to provide reasonable assurances regarding the reliability of financial reporting and the preparation of financial statements for external purpose in accordance with generally accepted accounting principles and includes those policies and procedures that:

  1. Pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company;
  2. Provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company; and
  3. Provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company’s assets that could have a material effect on the financial statements.â€3

There are generally three major types of controls: preventive, detective, and corrective controls. Preventive controls are first in line to prevent errors, omissions, or misappropriation of assets from occurring. This type of control is more efficient (e.g., passwords, safes, fences, locks).

Detective controls find errors or fraudulent incidents that escape the preventive controls. These controls are important when preventive controls are weak. For example, there are situations in which transactions are obtained from third parties, such as sales reports from franchisees or baggage claims reported by passengers at airports.

Corrective controls are the actions taken to minimize further losses. They are there to correct errors, omissions, and frauds after detection. But internal controls can be broken, often by top executives.  Fraud caused by the lack of internal controls can even effect the valuation of a company prepared by a CVA.

1 Committee of Sponsoring Organization of the Treadway Commission, Internal Control: Integrated Framework, (New York: COSO, 1999), p.9.

2 SAS No. 94, The Effect of Information Technology on the Auditor’s Consideration of Internal Control in a Financial Statement Audit (New York: AICPA).

3 PCAOB Release 2004-001, par. 7.

D. Larry Crumbley is a KPMG-endowed professor at Louisiana State University. He is the co-author of the Forensic and Investigative Accounting textbook, published by Commerce Clearing House, well as 13 educational novels, six of which were published by Carolina Academic Press. Larry can be reached at dcrumbl@lsu.edu.

The National Association of Certified Valuators and Analysts (NACVA) supports the users of business and intangible asset valuation services and financial forensic services, including damages determinations of all kinds and fraud detection and prevention, by training and certifying financial professionals in these disciplines.

Number of Entries : 2537

©2024 NACVA and the Consultants' Training Institute • Toll-Free (800) 677-2009 • 1218 East 7800 South, Suite 301, Sandy, UT 84094 USA

event themes - theme rewards

Scroll to top
G-MZGY5C5SX1
lw