Are Your Internal Controls Strong Enough to Stop Fraud?

Manufacturers are more vulnerable to fraud than companies in other industries. The median fraud loss in the manufacturing sector was $240,000, according to the 2018 Report to the Nations published by the Association of Certified Fraud Examiners (ACFE). That’s almost double the median fraud loss for all industries ($130,000). In working with manufacturing and distribution clients, Weaver too often finds that internal controls are either missing or not working effectively.

Effective internal controls are your first line of defense against fraud. Do your controls measure up? Following are five questions that proactive managers can ask to evaluate whether their control systems are strong enough to help protect against theft or misstatement.

Do you restrict access to inventory and financial data?

Start by examining your company’s restrictions on physical access to assets. Employees should be able to access only those assets that are necessary to perform their jobs. Locks, security cameras and RFID tags can safeguard inventory in the warehouse. Encryption software and passwords can limit access to the accounting system and sensitive employee and customer data.

To help define who has access to what, conduct interviews and review formal job descriptions — if they’re available and accurate. In addition to outlining the scope of employees’ responsibilities, job descriptions should address the separation and duplication of sensitive duties.

For example, billing schemes are especially common among manufacturers. So, the person who’s responsible for billing customers shouldn’t also deposit customer payments and reconcile the accounts. When limited staff makes segregation of duties difficult, supervision is particularly important.

Does management review accounts?

One sign of strong controls is regular reconciliation and analysis of key accounts. Your company shouldn’t wait until year end to confirm account balances.

Monthly bank reconciliations and quarterly (or rolling) inventory counts may be appropriate. Strong internal control systems require management to review employees’ work — via test counts, recalculating mathematical computations or replicating tasks. Managers also should analyze account balances using variance analysis, common-sizing and breakdowns of sales by territory or product line to identify unusual trends.

Is your system protected from management overrides?

Frauds perpetrated by executives are the costliest. These frauds produce a median loss of $850,000 — nearly six times larger than the median loss caused by managers, and 17 times higher than the median loss caused by low-level employees, according to the latest ACFE report.

To help prevent fraud in the executive suite, companies should perform background checks and possibly supplemental screening, such as drug testing or psychological evaluations, on new hires. Executive expense reimbursement requests also warrant scrutiny. Often, fraud perpetrators use falsified expense reports to test internal controls. If successful in expense report fraud, they may graduate to bolder, costlier scams.

Do you audit your financial statements and internal controls?

Audits can help catch problems early, thereby minimizing fraud losses. They might be performed by an internal audit committee consisting of senior managers — though in many cases management is too busy with other responsibilities to perform this function. For this reason, many manufacturers hire external accounting professionals to audit their financial statements.

Keep in mind that external audits can unearth material irregularities and deter corruption, but they won’t necessarily detect immaterial frauds. In fact, no type of audit provides an absolute guarantee against dishonest employee behavior.

Are controls a priority?

For internal controls to be effective, your company needs to publicize them. You might, for example, offer training classes or publish articles in the employee newsletter to let everyone know that internal controls are a priority and that serious consequences await perpetrators.

Management should communicate fraud reporting mechanisms, such as anonymous hotlines. In addition, train managers to recognize possible red flags, including unusual journal entries and employees living beyond their means.

Not a one-and-done project

Internal controls require continual effort to keep them adequate and effective. Would-be thieves are constantly looking for new weaknesses, and you must remain diligent to stay ahead.

Manufacturers with proactive controls — including thorough physical controls over assets, management review, account reconciliation and monitoring — can shorten schemes and lessen fraud losses. Weaver’s Risk Advisory Services team can help you build, improve and reinforce your controls. If you have already have reasons to be suspicious, our Forensics and Litigation Services professionals can guide you through response options, possibly including a forensic investigation. Visit weaver.com to learn more.

© 2018