Checks & Balances: How Internal Controls Prevent Fraud
Fraud may be on the rise, but there are simple steps you can take to battle back and protect your business.
According to research by the Association for Financial Professionals, nearly 75% of all American businesses were targeted for payments fraud in 2015. That number matches the largest percentage since 2009, and was up from 62% in 2014. Checks continue to be the common type of fraud, along with business email compromise (BEC) and wire fraud. To put the threat in perspective, the study found that fraud volume rose sharply in 2015, from a monthly average of 156 to 206 successful fraudulent transactions. In addition, the level of fraud as a percentage of revenues also increased from 1.32% to 1.47% year-over-year.
While it’s hard to overstate the impact that fraud can have on your business, it’s also something you have the power to control to some degree. The LexisNexis study notes that the number of prevented fraudulent transactions per month rose from 177 to 236, indicating that businesses are taking steps to fight back.
The best way to protect your business is proactive action. Put a range of internal and external controls in place, creating a “fraud limiting baseline,” ensuring that bases are covered.
Essentially, there are two basic types of internal controls, physical and functional.
- Physical Controls: Designed to put physical barriers in place that prevent access to cash, records, or other accounting data that can be used to conceal fraud.
- Functional controls: Designed to prevent and detect fraud, including activities like separation of duties, approving payments, and authorizing transactions.
Here’s a quick list of physical and functional controls that are fairly easy to put in place and offer business-protection dividends over the long term:
- Review your accounts every day and question exception items immediately
- Institute dual controls (procedures whereby the active involvement of two people is required to complete a specified process) and a separation of duties for payment processes
- Purchase insurance coverage to minimize risk
- Discuss cyber theft protection with your insurance provider to determine if it makes sense for your organization
- Never send financial information using regular email, which is unsecure and easily compromised
- Educate employees about fraud risks and how to avoid threats (the Association for Financial Professionals offers excellent risk management and cybersecurity resources)
- Set strict password criteria •Regularly review your privacy policies and delete sensitive, unneeded client information
- Restrict company network access for payments to only company issued PCs or Laptops
- Lock desk drawers and file cabinets that contain sensitive information
In addition, your bank is there to help with security issues.
- Review your bank account and service agreements, as they include both customer protections and responsibilities.
- If you suspect fraudulent activity on your account, possible compromised credentials, a stolen device or cards, etc., immediately notify your banker. The sooner they know of an issue, the faster they can act to help resolve it.
- Build a relationship with your bank contact so they’re familiar with your business’ needs.
Should the need for action arise, you’ll be in a better position to respond after leveraging control procedures and the knowledge of financial partners.