We often find that our clients, especially smaller firms, are of the opinion that establishing security controls is not cost-effective.
Yet, it is often in these very situations, where management places all of their trust in a bookkeeper, that fraud flourishes. After all, it is human nature to trust those with whom we have established a long-standing relationship, especially so in smaller firms where some employees become like family. Management does not expect these employees to commit fraud, but unfortunately, nobody can be trusted, and that is why controls are of utmost importance.
The COVID-19 pandemic has induced desperation in many people, especially at firms where financial setbacks have been experienced and has led to anxiety among employees over their job security. In the last while, reports have been growing of bookkeepers who are committing fraud.
An enormous risk presents itself where one person holds the authority to load and submit payments. This person may take the opportunity to pay for personal expenditures, or to transfer funds into their own bank accounts, since there is nobody else that investigates the transaction and authorises it.
At smaller firms, those in management may consider it a waste of time to comb through every single expense, and that they can simply inspect the bank statements at the end of the month. These managers must, however, keep in mind that those who commit fraud will often deliberately do it in such a way that it goes unnoticed.
Furthermore, it is often extremely difficult to identify suspicious transactions by solely going through bank statements. Most culprits will do their best to disguise these as business transactions by using unusual amounts (not round numbers) and descriptions that look like payments made out to suppliers. The banking details will also often be loaded as the names of suppliers so that it does not draw the attention of the managers.
The most effective method for preventing this kind of fraud is to implement the following controls:
It is also important to remember that the board of directors have a fiduciary duty to act in the best interests of the company, and to apply reasonable care, competency, and due diligence in the execution of these duty as required by the Companies Act. The application of the abovementioned controls will cultivate healthy corporate management.
Management may believe that it is unnecessary to implement these controls since the statements are subject to an audit; however, this is a dangerous attitude to adopt. The auditor’s responsibility, as it relates to fraud, is to ascertain sufficient evidence that the statements in whole are void of material misrepresentation (whether as a result of fraud or error).
Considering the inherent limitations of an audit, the risk will always remain that misrepresentations go unnoticed, even if the audit is properly planned and executed in accordance with International Auditing Standards.
Regrettably, due to the nature and definition of fraud, it may go unnoticed for an extended period since the person committing fraud will often deliberately do it in such a way as to escape detection.