The two primary internal controls are categorized as preventive and detective. Preventive controls serve to stop error or fraud from occurring, and detective controls are intended to reveal inconsistency, error or suspicious circumstances. A third type, corrective controls, refers to controls implemented to mitigate losses or to make changes to existing policy.
Segregation of duties is central to any internal control system. The basic principle is that all transactions should be broken down into steps, and each step in the transaction should be completed by a different person. Examples of control points in transactions where separation of duties should be present include authorizing transactions, processing sales, custody of cash, preparing deposits, processing payments or approving purchases and issuing checks. Maintaining internal controls is an ongoing commitment requiring regular evaluation and assessment of risks in all areas.
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
Internal controls encompass all the methods and procedures that an organization adopts to protect its facilities, assets and property. In a broad sense, internal controls make it possible for an organization to lawfully conduct business operations without interference, loss or interruption. Perhaps most importantly, internal controls act as a deterrent to fraud or abuse, identify evidence of fraud already committed and spot errors in financial information and records.
The most basic level of protection for an organization is the physical protection of facilities and assets. This level of protection includes perimeter fences, doors, locks, video surveillance, security checkpoints and limitations on access to certain areas using keys, passwords or biometric access restrictions. These types of physical restrictions are methods of internal control. Such limitations on access provide a layered set of defenses to protect inventory, cash and employees. Internal controls that protect accounting data, information assets, bank accounts and payments can be understood in the same way.
Physical controls already noted are a legitimate component of the internal control system. The centerpiece to all preventative controls are the written policies and procedures that each employee must understand and agree to follow. Examples of internal controls that will be included in written form include segregating the duties of accounting personnel, requiring monthly reconciliation of bank accounts, registration of all vendors, supervisory approval of new vendor accounts, requiring more than one signature for disbursements over a designated amount, establishing a policy for mandating prior management approval of large expenses and separation of duties concerning receipt of payments and credits to accounts receivable. These represent just some of the internal controls that act to prevent or deter fraud.
Internal controls that can detect the presence of fraud are often referred to as detective controls. This category of internal controls is audit-oriented and would include requiring management review of reconciliations, physical inventories to check against inventory and purchasing records, and internal audit of accounts. According to the Association of Certified Fraud Examiners' 2012 Report to the Nations, the proper approach to detecting fraud is multifaceted. Adding to conventional internal controls, ACFE suggests setting up an anonymous tip line and increased employee awareness and education. Tips were the source of detection for 40 percent of the cases of occupational fraud and abuse reviewed in the study compared to about 14 percent of the cases discovered by conventional auditing techniques.
Internal controls do not exist just to discover fraud. In an organization where internal controls are enforced and compliance is monitored, many red flag indicators will reveal simple errors and unintentional irregularities that need to be remedied. Corrective controls are internal controls developed to remedy errors that can be systematically corrected. At times this may also involve additional training or employee disciplinary action. Following discovery of major fraud, corrective controls are developed to counter the particular scheme employed by the perpetrator.
The Public Company Accounting Reform and Investor Protection Act, better known as the Sarbanes-Oxley Act of 2002, was a reaction to major corporate and accounting scandals involving public companies such as Enron and WorldCom. Section 404 of the Act requires management and external auditors to publish an assessment on the adequacy of the company's internal controls on financial reporting. Despite the increased regulatory and legal requirements for support of internal controls, a high percentage of frauds committed by people at the management level involve the deliberate override of internal controls to allow commission of the fraud. These developments serve as instructive reminders to small business that internal controls are an important matter for any organization.
CEO of Snappt and President of Berlind Properties.
Just prior to Covid-19’s emergence, experts pegged the total annual global cost of fraud at $5.1 trillion. That’s bad — it was reportedly almost as much as the world spent on healthcare per year. But the pandemic has sent that number soaring. Identity theft alone spiked massively during the pandemic. But it isn’t just identity theft. According to a survey by the Association of Certified Fraud Examiners, 77% of fraud examiners have seen a rise in all types of fraud since Covid-19 hit, and 92% expect to see even more fraud over the next 12 months.
Types Of Fraud
For fraudsters, we live in a target-rich environment. Common fraud areas include:
• Cyber fraud
• Payment fraud
• Identity theft
• Unemployment fraud
• Fraud by vendors and sellers
• Healthcare fraud
• Insurance fraud
• Loan and bank fraud
• Bribery and corruption
• Bankruptcy fraud
• Employee embezzlement
• Financial statement fraud
And these are just the broad categories, to say nothing of the niche areas of risk that individuals and professionals in so many industries must be on the lookout for. Our real estate technology firm, for instance, focuses on fraud prevention for the residential leasing industry, and we’ve seen the exact same spike in fraud as the numbers above indicate.
Who Commits Fraud And Why?
The list of types of fraudsters is long, but in general, they fall into four categories:
• Organized crime
As to why, that’s where it gets interesting. Two broad trends are both making it easier to commit fraud and, in the case of insiders and customers, increasing the desire to commit fraud.
• Digital transformation: The world is changing around us. Business is moving online and becoming increasingly digital. That’s generally a good thing — with digital transformation comes an easier, more enjoyable customer experience. Does anyone really want to deliver up Amazon or Uber?
But there is a dark side to digitalization. One of the early memes of the internet was “On the Internet, nobody knows you’re a dog,” thanks to Peter Steiner’s 1993 cartoon in The New Yorker. Nearly three decades later, the updated meme could be “Online, nobody knows you’re a fraud.”
The fact is, fraud is easier to commit when nobody sees you face-to-face. And, it’s easier to avoid getting caught.
• Times are tough: Drastic times require drastic measures. It seems obvious that the Covid-19 pandemic would drive a rise in fraud, and historical research supports this idea. It turns out that not only are people pushed to extremes that make fraud more tempting, but also managers who might spot the fraud are often too busy to notice or may have even been laid off.
What To Do?
So, what can leaders of real estate or other businesses do if more people are creating more fraud in ways that are harder than ever to spot? Here are five tips to keep fraud at bay:
• As bad actors innovate and attack new vulnerabilities, you need to educate your team members so they can be on the lookout. It is a never-ending job with no finish line.
• Dig deeper. More and more, you do business with people you never meet. Make sure you know who they are. Ask for more documentation and thoroughly vet that documentation. If they are a dog, you want to know it!
• Avoid conflicts of interest. Be careful not to have conflicting interests that may lead employees to turn a blind eye to fraud. For example, do you incentivize sales teams for booking new business but fail to hold them accountable if that business turns out to be fraudulent? If so, don’t be surprised if your sales team doesn’t spend much time vetting new prospects.
• Be skeptical. With fraud on the rise, you’re better off being a “glass-half-empty” manager. Expect the worst and be pleasantly surprised if things turn out fine.
• Explore AI and machine learning. Various types of AI can help spot fraud that the human eye misses. In a world where you never meet your customers face-to-face, AI can be your eyes and ears.
As we start to unwind from the pandemic, it is clear that some aspects of life will never be the same. Fraud may well be one of those areas. It’s time to add aggressive fraud detection to your “new normal.”
Forbes Real Estate Council is an invitation-only community for executives in the real estate industry. Do I qualify?