Businesses all over the world lose billions of dollars to internal and external fraud. Unfortunately, this kind of fraud is easily preventable with a little bit of strategy and reinforced structures. According to a survey conducted in 2018 by the “Association of Finance Professionals (AFP) Payments Fraud and Control Survey” 78 percent of businesses were a victim of payment fraud in 2017.
What’s even more concerning is that only 47% of those organizations were able to uncover the fraud in less than 2 weeks. There are a lot of steps to follow to be able to detect and prevent fraud. Streamlining data management, building a comprehensive checklist for month-end close, time spent on documenting and implementing strong internal controls, eliminating redundancies, and so on.
It is important for businesses to build a strong checklist to prevent themselves from internal and external fraud.
Top 20 Internal Controls for Businesses
1. The company’s tone and how fraud tolerant a firm is should be well communicated throughout the organization. If the employees understand how strict the fraud prevention policy is, the chances of internal fraud will reduce dramatically.
2. Firms need to make sure that all employees must comply with a code of conduct. Employees should also be aware of the consequences if they don’t comply with internal policies.
3. A Segregation of Duties policy needs to be established throughout the organization.
4. The Delegation of Authority policy should be set in place for all organizational expenses and commitments.
5. Monthly or quarterly customer monitoring checks are vital to keep track of suspicious activities and monitor fraudulent transactions.
6. System Access Controls have to be reviewed by organizations on a monthly basis. If that’s not possible, then they should happen after a system upgrade or organizational change.
7. The compliance managers are responsible for implementing effective internal controls in all sectors of the company. This includes identifying, assessing, and managing the risk of fraud from internal and external sources.
8. All representations and assertions relating to internal controls have to be supported with proper documentation.
9. Costs and expenses of all the operating units must be maintained under budgetary controls. Comparing actual expenses to be budgeted amounts must happen regularly.
10. All operating units have to develop a system of internal controls to make sure the assets and the records of the company are protected from loss, destruction, theft, or illegal access to data.
11. Critical transactions happening inside the business process have to be traceable, authorized, authenticated, have integrity, and should be retained in accordance with established policy.
12. To ensure the reduction of fraud, background checks have to be done for all the employees and customers.
13. All the business records must be maintained and retained in accordance with the firm’s policy.
14. The business’s network and information program and corporate policy must be followed perfectly. Employees, merchants, and third-party payment providers must refrain from disclosing sensitive information.
15. All computer systems and software applications that can impact the operations of a business process must have the adequacy of their internal controls verified before the implementation. Unverified systems and software can cause a lot of fraud.
16. Contracts or documents that bind the organization to any obligation can be executed by purchasing personnel or individuals duly authorized under the organization’s delegation of authority policy. The legal team should be able to review and approve all the contracts and legally binding documents.
17. All suppliers must be verified before they become a part of the business. The verification process includes:
- Requires a W-9
- Performing a TIN matching
- Compliance screening
- Address and phone verification
18. All payments over a certain amount should be reviewed and approved. Firms should pay special attention to international payments and wire transfers.
19. All the intercompany payments that are sent and received should be verified on a monthly basis.
20. A physical inventory process should be set in place to keep track of fixed assets. A physical inventory and counting process should be established for businesses that manufacture and supply the products.