No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Featured

Internal Fraud: To Flag or Not to Flag?

by John Verver
December 1, 2016
in Featured, Fraud
fraud alert on glowing red screen

How Companies Can Reduce Their Risk Exposure

Fraud is a problem for companies of every size – one statistic states that it claims up to 10 percent of annual revenue. Some fraudulent activity comes from external sources, including cyber breaches and theft, but some of it is an inside job. John Verver of ACL takes a closer look at common ways employees engage in fraud and what companies can do to protect themselves.

By: John Verver

This piece was originally shared on ACL’s blog and is republished here with permission.

You might have heard the statistic: in just about any size company, fraud claims between five and 10 percent of annual revenue. Some fraudulent activity comes from external sources (such as cyber breaches or theft), but a good amount of fraud can come from within the ranks of the company itself.

ACL is taking a closer look at how employees most often take advantage of internal systems for their own personal gain and what organizations can do to reduce their exposure to these risks of fraud.

Most managers probably don’t think that much about the likelihood of fraud carried out by people on their teams. They spend most of their time thinking about how to achieve their objectives and get the job done. Even the most demanding bosses tend to trust the basic integrity of the people working with them. These are likely to be among the many reasons employee fraud occurs and often remains undiscovered.

So what are the some of the common instances of fraud by employees managers and executives should bear in mind?  How do they find out if fraudulent activities have occurred?

Corporate Purchasing Cards (P-Cards)

The use of corporate credit cards or purchasing cards can make good business sense. They dramatically reduce the costs of the typical purchase order and payment cycle for smaller expense and procurement items. However, they are particularly prone to abuse by employees. Maybe that recent corporate card purchase of a high-end, large-screen computer monitor was fully justified and helped improve the employee’s productivity — but what if the monitor ended up with the employee’s child who loves computer gaming? What about the $5,000 spent at Home Depot for “office improvements” by the branch supervisor? Perhaps the supervisor now has a greatly improved recreation room. What about duplicate purchases? Was one valid and one for personal use?

Of course, all purchases and expenses made through a p-card should be approved by an authorized manager. But that’s where the control weaknesses often appear. If a senior manager has to approve the monthly use of p-cards for 50 or more employees, are they really going to spend the time to ensure every item was justified?

There is a relatively simple answer to this problem. Credit card companies provide detailed data for every transaction. The data can be analyzed to identify many indicators of fraud. Merchant category codes can be checked and anything that seems dubious can be highlighted for review. There have been cases where one employee used their corporate card to spend thousands on psychic readings, while another purchased a cow at an auction for their hobby ranch.

Travel and Entertainment (T&E) Expenses

The risks of fraud in p-card systems can also be applied to travel and entertainment expenses. The opportunities for fraud are very similar in terms of expensing personal costs to the business. Additionally, duplicate charges may signal fraud; for example, multiple employees charge for the same lavish entertainment of a key client. Was that expensive trip to Florida for a “client meeting” really justified when it was during spring break and overlapped with vacation days?

Again, it is a relatively simple process to analyze data to find the red flags of duplicate charges and expense claims that just don’t seem right.

Vendors and the Purchase-to-Pay Process

Vendor systems and the purchase-to-pay process also pose a number of fraud risks. Employees can set up “phantom vendors” in order to process fraudulent invoices for nonexistent goods and services and then have payments made to bank accounts controlled by the employee.

Employees can also collude with vendors and approve the purchases of goods and services at grossly inflated prices. The vendors may express their appreciation by shipping some goods directly to the employee’s home.

There are various ways to check for these activities. For example, vendor addresses can be analyzed to identify fictitious addresses or to see if they happen to match an employee address. Vendor prices for goods and services can be analyzed in detail to find instances in which prices for specific items are far from the statistical norms.

Payroll

Payroll fraud risks tend to increase in relation to the size of the organization. It may be a simple job to keep watch over a department with only 100 employees in one location. But what happens when there are hundreds or thousands of employees spread across multiple locations? How do you know that every person on the payroll actually came to work and did their job? A lot of trust is typically put in departmental and regional management to ensure that individuals on the payroll are still valid, contributing employees.

Some supervisors may be tempted to set up friends and relatives as employees and share the payroll proceeds. Even if the employee does turn up for work — what if the supervisor generously approves very large bonuses and overtime payments?

One way to keep an eye on things is to analyze employee activity records, such as electronic access and security records. How often was the employee logged on to corporate systems? How often was a swipe card used to access corporate premises? How do records for overtime hours compare to login and physical access records?

Sales

When thinking of anti-fraud measures, people tend to focus on the expense side of things. But there are also plenty of opportunities for employee fraud on the income side. Say a sales executive pushes through a large sale at period end and picks up a nice commission and bonus payment. Then, after about a month, the sale is reversed and a credit note is issued. What happens to the commission and bonus? Who makes sure that those are reversed as well?

The opportunities for collusion with customers tend to mirror those with vendors. A sales person may provide extremely generous pricing discounts in return for a kickback, and somehow half of the goods shipped to the customer happen to make their way to the salesperson’s home.

Analyses of discounts, pricing, sales reversals and credit notes and terms can identify many indicators of fraud. These are the same analyses that can match shipping addresses with employee addresses.

Evading Approval Controls by Managers

One of the key anti-fraud controls in almost any business process area is management approval. Managers are trusted to review and approve purchases and expenses in their areas — but only to a certain degree. There are approval limits depending on the level of manager and budget responsibility. The risk of a large fraudulent expense getting approved by a manager is presumably limited if, for example, they are only authorized to approve purchases up to $50,000. Yet, if a manager approves five purchases for $49,000 each, they might really be approving a fraudulent purchase of $245,000.

Scrutinizing data for this form of “split” approvals is a simple but effective task.

Incidentally, one of my personal favorites for innovative ways to see if the management approval process is working properly is to analyze the time stamp data for when a manager approves a monthly corporate card charge for employees. In one case, the analysis showed that a manager had approved a very large number of charges within about 80 seconds — not exactly reassuring that appropriate due diligence had taken place!

Whether it’s data analytics or forensic accounting, we encourage all companies, large and small, to use any and all available resources to stamp out fraud, reduce waste and optimize performance.


Previous Post

Guarding Against Privilege Waiver in Federal Agency Investigations, Part 2

Next Post

The TRACE Matrix

John Verver

John Verver

image001John Verver, CPA CA, CMC, CISA Advisor, ACL John Verver is currently an advisor to ACL. Previously, John spent two decades as a vice president with ACL, with overall responsibility for product and services strategy, as well as leadership and growth of ACL’s professional services organization, including customer success services, training, and technical support. John is acknowledged as an expert authority and domain thought leader on the use of enterprise governance technology, particularly data analytics and data automation for audit, risk management, and compliance. He speaks regularly at global conferences and is a frequent contributor of articles in professional and business publications. John is a Chartered Professional Accountant, Certified Management Consultant, and Certified Information System Auditor.

Related Posts

NAVEX Top 10 Risk and Compliance Trends 2023 ebook

Top 10 Trends in Risk & Compliance for 2023

by Corporate Compliance Insights
March 29, 2023

Industry experts predict the risk and compliance trends we're likely to see in 2023 eBook Top 10 Trends in Risk...

parliament

Coming Soon to the UK: Sweeping Corporate Criminal Liability Reforms?

by Peters and Peters
March 28, 2023

UK legislators have proposed major amendments to the Economic Crime and Corporate Transparency Bill currently passing through Parliament. If adopted,...

wind turbines

What Companies Around the Globe Need to Know About EU Sustainability Reporting

by John Peiserich
March 28, 2023

By the beginning of next year, large companies in the EU or that do a substantive amount of business in...

amsterdam

At a Gathering of Compliance Practitioners, No Shortage of Food for Thought

by Mary Shirley
March 28, 2023

Last week, about 300 ethics and compliance professionals descended upon Amsterdam’s Hotel Okura to participate in SCCE’s European Compliance &...

Next Post
A resource to measure bribery risk globally

The TRACE Matrix

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT