There are many business processes that are vulnerable to frauds. Experience shows that some processes are the favorite hunting grounds of most fraudsters. Some of these include:
- Accounts Receivables
- Accounts Payable
- Banking Activities
Extra care should be taken in designing internal controls for these business processes. An explanation of some of the controls is detailed below. The list is general and by no means exhaustive and must be reviewed and expanded to suit the organization’s specific needs.
Control here begins with the generation of invoices on customers who have bought a product or service. Along with the invoices, a copy of the approved purchase order, and credit authorization should be made available and filed securely with accounts. The audit department should review these invoices to ensure that the billing clerk has raised them correctly. Mistakes can lead to losses, delayed payments and inaccurate financial reports.
A statement of invoices raised is generated to serve as a master document. Invoices get removed from the statement after payments are received. In a few cases, they get removed if credit notes are issued to the customer. Since credit notes can lead to frauds, justification and the formal approval of the Manager is required before a credit note can be raised. The audit staff must verify this later. The danger is that an employee can access incoming cash from a customer and buy time for himself by getting a credit note issued to the customer. Access to billing software should be restricted. No one should be able to generate fraudulent credit notes.
When a customer check or cash arrives, it should be logged by the receptionist so that it can be entered in the books, prior to being submitted to the bank. Dues and collection status should be recorded age-wise.
Invoices must be reconciled with shipping statements or logs. This ensures a check on whether the correct material was shipped and that it was shipped in the right quantity; not short or in excess. Sometimes, there can even be a mismatch between the cash receipts and the pending invoice it is applied to. It may be applied by mistake to a wrong invoice or even to a wrong customer. This reconciliation needs to be done by accounts and audit.
Organizations need to be vigilant while disbursing payments in the form of checks or cash. It is difficult to recover payments made out by mistake as no one likes to return money.
No payment should be made unless there is an original invoice or an original receipt. That’s because photocopies can be manipulated for committing fraud. Unless an advance is involved, the original invoice must also have an inward material receipt showing that the material for which payment is being made was received by the indenter. The invoice must also have a corresponding approved purchase order, issued at the time of placing the order on the vendor.
The vendor should be on the approved vendor list of the organization. The vendor evaluation process ensures that no friend or family member gets on to the approved list of vendors as it leads to conflict of interests and compliance issues.
Organizations have to specify the approving and signing authority for the checks. Depending on the value of the check payable, signing authorities can have different signing thresholds. Checks of very large amounts must have two company signatories. Except for small amounts, invoices should have an approved purchase order. Invoices without an approved purchase order should not be paid unless the approving authority reviews and clears them. The people who sign on the checks should not be the ones who prepared them. Check should be filled up accurately. All related documents pertaining to the payment must be on record before signing.
Using online payment is safer and quicker than physical or postal delivery of cash or checks.
Good internal control in the procurement function requires separation of duties in terms of the initiator of the purchase request, the approving supervisor, the person raising the purchase order, the person who receives the material and the one approving payments.
Orders can only be placed with vendors who are on the approved vendor master. Getting on to the approved vendor list involves an exhaustive process of evaluation on vendor competencies, financial background, manufacturing facilities, quality, deliveries and cost competitiveness.
The objective of these controls is to stop wasteful and unnecessary purchases and ensure good competitive buying for the organization. Inventory levels can be controlled. Expenses that are not a part of the budget submitted can be avoided. Frauds involving purchase of items for personal use can be eliminated. Business dealings with friends and relatives can be eliminated.
Only two or three members of the top management team should be authorized through a company resolution, to open bank accounts for the company. Confirmation of each new bank account opened should go from the bank to the treasury department and the finance head as a standard operating procedure. Those who open the bank accounts cannot make entries to the ledger and do reconciliation of statements. Nor should they be allowed to receive or disburse cash or do fund transfers.
Bank accounts should be reconciled every month. The bank statements and the reconciliation reports must be signed, dated and filed to prove that a review or reconciliation was done. The statements should be reviewed to ensure checks were not issued out of sequence.
Receipt and deposit tasks should be separated from those recording the transactions or reconciling accounts. The same person should not be authorized to write and sign a check. The person who writes the checks should not do the reconciliation. Examine check records to ensure they are issued to approved vendors, have proper approvals, the signatures are by authorized signatories and that the expenses are related to the organization’s business.
Maintain a log of checks received. At regular intervals, reconcile checks received against deposits. Use accounts software that provides an audit trail. Cancelled or voided checks should be filed and check books locked up.
Payroll requires particular attention in terms of internal controls. Fraud can be perpetuated through ‘phantom employees and phantom hours of work’. Checks need to be performed for updated employee master files and signed off by the manager. This is to ensure that ‘non-existent employees’ do not appear on the master roll and new entrants/exits are updated. Attendance and overtime hours worked by the employee need the supervisor’s approval. It is best to integrate the time clock with the payroll software. Employees making the payroll should not have any access to the employee master files. Pay should be electronically transferred to the employee’s bank account directly. Checks and cash should be avoided.
Inventory management is an area where a lot of ‘leakages’ can happen if internal control systems are not in place. The frauds can happen along the entire business process, from purchasing and storage in the store or warehouses, to disbursement of stored goods to the disposal of obsolete inventory that is beyond its shelf life.
The controls should question and look at the following aspects of inventory. Were purchase orders raised on approved vendors? On arrival of goods, some other employee should match the inward receipts with the product and quantity details on the purchase order. Payments to vendor for goods received must not be made by the person who issued the purchase order or the one who physically received the goods. Employees who handle the inventory should not be involved in stock audits. Stock audits must involve the actual verification of inventory, including obsolete inventory. Where inventory is confirmed to be obsolete, the stock adjustments should be recorded. Inventory issued out of the store should be recorded under all the proper heads – sales, marketing, samples, sold to employees and damaged goods.