When an organisation’s financial controls are not operating as originally intended, it can create an opportunity for fraud to occur. The impact on the organisation can often be financial and reputational whilst in some circumstances, it can also result in total business failure. This is when financial controls are critical because of the importance to identify gaps in a financial process before they are exploited and a fraud is committed. Outlined below are some key tips to assist in maintaining strong internal financial controls and reducing the risk of fraud occurring.
Insufficient staff involved in accounts payable
Best practice dictates that at least three individuals should be involved in processing a payment to a supplier from an organisation’s online banking platform. This creates a separation of duties between the payment creator and payment approver. That is, a creator of a payment should not be able to approve that payment and there should also be two approvers. By having three people involved in a payment, the opportunity for fraud by means of collusion is reduced. Most Australian banks have “creator” and “approver” roles available in the online banking platform to set up this internal control.
Inconsistent or no procedural guidance
If there is outdated or no written policy on financial procedures, there can be uncertainty as to what is required when completing a task. Common areas of inconsistency between documented procedures and practice are:
- financial procurement thresholds: when an employee should conduct a competitive process to procure goods and services; and
- delegations of financial authority: what amount of money a manager is permitted to authorise.
When procedures are documented, there is less reliance on an individual’s “know-how” and the organisation is better prepared for a change in staff. Without documented procedures, it is challenging for management to know what financial processes are being implemented on a daily basis. When processes are documented, particularly when complemented by a flow-diagram, it allows management to identify gaps in its financial controls.
Overreliance on technology solutions
As technology advances, so too do accounting systems. These accounting systems often have automatic internal controls and these controls continue to improve with technology progression. However, an automated solution still requires people to enter data and interpret the information before making approvals or processing payments. Documented roles and responsibilities should complement the technology systems so that:
- data input into the system is accurate and reliable; and
- the data extracted from the system is fit for purpose and has integrity.
A three-year rolling plan that incorporates scheduled reviews, tests and training should complement a robust procedure that requires staff to carefully and responsibly perform their respective roles. The threat of cyber breaches, for example, occur daily and are often designed to breach procurement practices by testing the effectiveness of internal financial controls for approvals. If the breach is successful, the next line of defence is always the employee whose responsibility may be to process a payment or change a bank account. An employee’s awareness of these risks, coupled with their commitment to procedural responsibilities, will often mean that a fraud can be averted in these situations. A lack of awareness or failure to follow procedures, on the other hand, will often result in a successful fraud being perpetrated.