The Lack of Internal Controls and the trusted employee

OIP

James had recently moved departments. His excellent administration skills and previous sales performance earned him the promotion and was viewed as well-deserved. His manager also believed that the resulting salary adjustment would be beneficial to him, seeing that he was in the midst of a divorce that left him in a financially vulnerable position.

The company was a vehicle financing company that had to, on occasion, repossess the vehicles for non-payment.  The vehicles repossessed fell into two categories.

  • Those that were commercially viable for refurbishment and  resale;
  • Those that were sold for scrap, these vehicles generally fetched a minimal price due to the condition of disrepair that they were found in;

In his new role, James was responsible for the sale of all repossessed vehicles. He attended to the sourcing of the buyer, arranging of the vehicle inspection, preparation of the invoice and reconciling of stock. This created the perfect opportunity for him to commit fraud.

His modus was simple but remarkably effective. James befriended a couple of buyers and offered to sell them a combination of vehicles, those that were commercially viable to repair and those that were regarded as scrap, all at scrap vehicle prices in exchange for a share in the profits.

The storage facility housed all the vehicles in the same warehouse, with a very poor and manual system of differentiation. James insisted on being the only person to take his buyers through to view the vehicles.  Furthermore, in the absence of an automated and comprehensive stock management system, the vehicle stock and its movement were managed on spreadsheets. James simply transferred vehicles, moving them from commercially viable vehicles to scrap vehicles.

Had it not been for a Whistleblower, this fraud would have in all likelihood been detected much later, with the organization incurring higher losses. The Whistleblower turned out to be a disgruntled buyer who was concerned that the vehicles he had selected for purchase had been sold to a competitor on multiple occasions.

Fraud hotline

Source- ACFE Report to the Nations, 2020 Global Study on Occupational Fraud and Abuse

The resulting investigation revealed the extent of the collusion between James and three specific buyers with him benefiting through cash payments of approximately CAD 2000 per vehicle sale. The investigation that was conducted included the following aspects:

  • A review and analysis of email correspondence, mobile phone records and landline call recordings;
  • A review and analysis of all supporting documentation related to the vehicle sales;
  • A review of the historical sales performance;
  • Lifestyle audits; and
  • Interviews with implicated parties.

An internal disciplinary inquiry followed and James was dismissed. Criminal charges were instituted against him and the implicated buyers.

Many organizations are vulnerable to fraud because they do not implement a system of adequate internal controls. Furthermore, the culture of many organizations is developed around the concept of “trust”. Consequently, placing trusted employees in positions without proper internal controls provides easy opportunities for committing fraud, resulting in financial losses and reputational damage.

Internal controls and fraud loss        Internal Controls and company size

Source- ACFE Report to the Nations, 2020 Global Study on Occupational Fraud and Abuse

However, organizations do not have to fall victim to this as they can limit the opportunity to commit fraud. Without being exhaustive, listed below are some control measures that could be implemented:

Authorization and Segregation of Duties

  • Review the organizational and departmental structure to understand the entire internal control system;
  • Make sure that there is appropriate segregation of duties. The separation of responsibilities is a critical building block of internal controls. The Institute of Internal Auditors describes the basic idea as, “no employee or group of employees should be in a position both to perpetrate and to conceal errors or fraud in the normal course of their duties” ;
  • Identify the key personnel of an organization as this will show who has authority between financial and asset control;

Reconciliations

  • Timely reconciliations can be provided anywhere from daily to monthly and will review the completeness and accuracy of the data recorded;
  • Surprise audits;

Policies and Communication

  • Review policies and procedures, including mandates, the delegation of authority, record-keeping systems, safeguarding of records and access control to establish any gaps;
  • Ensure that there is effective and consistent communication of organization policies and procedures;
  • Whistleblower Facility-historically, tip-offs have provided the most common means of fraud detection. The implementation of a well supported and anonymous and reporting mechanism can improve an organization’s control environment;
  • Ensure that there are sound processes in place to investigate and report on allegations of fraud and misconduct. This will instill confidence in staff that allegations are investigated;

Analytical Review and Assessments

  • Conduct an analytical review to find trends and anomalies among transactions;
  • Proactive Monitoring and use of data-driven technology to identify red flags and outliers;
  • Conduct an organization-wide fraud risk assessment. This will help you identify what makes your organization most vulnerable to fraud, enabling you to implement proactive measures to reduce the chance that fraud occurs;

Training and Awareness

  • Conduct regular fraud training to assist in the general level of awareness amongst all employees;
  • Also, be mindful of suspicious employee behavior, such as individuals not taking vacations, insisting on retaining control of specific responsibilities, avoiding job rotation, etc;

Prevention and early detection are crucial to reducing the instances of fraud in an organization. While no system of internal controls can eliminate fraud, a well designed and comprehensive system can significantly reduce the opportunity to commit fraud.

Scroll to Top
%d bloggers like this: