CONTROLS OR NO CONTROLS – THAT IS THE QUESTION!

Fraud is rampant these days. As they used to say back in the days, ‘if you throw a stone in Nigeria, chances are you will hit a professor’. The same analogy can be used for Zimbabwe: ‘if you throw a stone in First Street, you will probably hit a thief’. I would like to add that chances are you will hit a fraudster.

Fraudsters

Who are fraudsters? Are they only found on the streets away from your business? Can we wish them away? What harm can they do to our businesses?

This subject area has been talked about, written about and mentioned on numerous occasions, yet little, if anything at all, is being done by organisations to guard themselves against this number one enemy to business growth and success. Many a business has succumbed to fraud – be it at the employee level or at the managerial level. The effect is the same – fraudsters can make your organisation go bust.

There are two basic genres of fraudsters. On one hand there is the amateur fraudster. On the other hand there is the professional fraudster. What then is the difference between the two?

Amateur Fraudster

This is the lone employee, customer, supplier, or manager in your organisation who from out of the blue finds a way of getting around your system of internal controls and gets away with your cash. This fraudster does not premeditate his actions, rather s\he bumps into that loophole in your internal control system – and bingo he makes off with your hard earned revenue. The key issue here is that it can be anyone in your organisation. In many cases this type of fraud starts off as an error which goes undetected or as a result of a unique transaction. For example, when goods are returned by a customer who requests particulars of the cheque/RTGS payee. The employee, tempted, offers his/her banking particulars. Gets paid. Waits. No detection, nothing. Next, they don’t wait for chance; they create a scheme.

Professional Fraudster

A professional fraudster is an expert self-proclaimed thief! S\he thrives on defrauding individuals, companies, banks, churches, charitable organisations – you name it. They premeditate, plan and execute fraud. Examples of such fraudsters include computer hackers, or that trusted and quiet bookkeeper who systematically siphons hundreds of dollars each month from your bank account. Studies have shown that most professional fraudsters commit occupational fraud. This is fraud committed at the workplace. So what are you doing to guard yourself against fraud?

Blackmail

The one poignant development that we at 5wh are witnessing across many of our client organisations is what we have come to call blackmail fraud. In this situation, the fraudster – either amateur or professional and mostly in administrative or managerial position – commits acts of transactional or systematic non compliance as part of or adjacent to the fraud scheme. When the fraud is detected, the fraudster calls attention to the non compliance issue. Because of the legal doctrine of vicarious liability, the non compliance issues tend to peril the employer more than the employee. In the end, the employer is stopped from acting against the offender in a way that he or she would have.

Internal controls

Internal controls are the orthodox means of preventing, detecting and correcting invalid transactions (be they fraudulent or merely erroneous) from passing through an organisation’s accounting information system. With the ever-changing business and increased sophistication in information technology, organisations are now under ever-growing exposure to various forms of fraudulent acts. Nowadays most frauds are done electronically – without even a trace of the event!

Organisations need to invest in internal controls’ implementation and operation. Not only do you need to implement the strongest systems of internal controls, you need to test them periodically (e.g. penetration tests) to ascertain their operational efficiency and effectiveness. Controls that worked ten years ago ooze like sieves today. They are prone to fraud. Controls that worked when the organisation was smaller do not work when it expands.

There is a need to hire professionals who monitor and evaluate your system of internal controls. This need is even greater today when the economy is on a downturn and corruption rampant. Most employees now have a saying – a goat feeds where it is tethered. Are you protecting your investment from fraudsters? House owners buy razor wires, erect durawalls, install burglar bars and place alarms around their homes. What are you doing to ensure that you put your business in order? Which safeguards have you put in place to ensure that your business is safe? Don’t only sleep safely in your house –you need to rest also in the assurance that your business investment is safe and sound.

So, internal controls are essential. The design, implementation and testing of these controls are only done by experienced professionals. So do not fool yourself – your business is not safe! If you have been lucky thus far – your luck might be running out now. Now is the time to act. Take your pick – if I throw a stone into your business systems, will I hit a control or a non control!

© Caleb Mutsumba

Advertisements

What do you think? What strategies do you, or your company, use to manage the risk of fraud and error in your organisation? Are you primarily proactive or reactive in your approach to risk management? Share your experience in the Comment box below.

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s