There is no ‘one size fits all’ approach when dealing with fraud, nor should there be. The answer should be simple. Having sound internal controls is the most effective way to both prevent and detect fraud. Investing initial time and effort to implement the most appropriate controls for your entity could save problems in the future.
Internal controls should cover all the necessary bases, whilst remaining clear and concise, but one of the most important aspects in an entity’s control environment is the ‘tone at the top’. Those in leadership should consider how to best disseminate good working practices as well as reacting quickly to changes. Changes can include transition or transformation within the entity itself or in the entity’s wider environment, but it is important to adapt or improve controls when circumstances change or control deficiencies are identified.
Preventative controls should include a strong approval process, to deter would-be fraudsters. For example, charities with significant cash receipts should have two people opening the post and recording cash and cheque donations as this should decrease the ease with which cash can be stolen.
An example of good detective controls is regular reconciliation of bank and control accounts, which should bring to light any errors or misstatements. A strong and regular review process should highlight significant variances either from month to month or from budget, which could be an indicator that something is amiss. Remember, don’t automatically think mistake - challenge, question, or test a wider sample range if necessary to satisfy yourself. If in doubt, report it.
Strong policies are great, although it is fundamental to communicate them effectively to staff and ensure that they are understood and being complied with. Sample testing of knowledge and compliance should be part of any good review programme. In addition to this, ensure that your policies allow you to operate effectively, and are balanced with a proportionate amount of controls, distributed and not held entirely by one person, appropriately segregated. Policies should be in writing and distributed to all employees so that everyone is aware of the expectations on their roles and responsibilities.