“Cooking the books” is a phrase that refers to falsifying financial statements so one can commit accounting fraud. Perhaps the landmark example of cooking the books was Enron, a U.S. energy company that coasted on accounting fraud until it imploded in 2001, leading to passage of the Sarbanes-Oxley Act the following year.
“SOX,” as the law is known, is intended to reduce the risk of accounting fraud and unreliable financial reporting among publicly traded companies — but financial fraud can still happen. When it does, such fraud can cause stock prices to tumble and saddle shareholders with enormous losses.
Moreover, perpetrating such frauds almost always invites legal trouble for the company, harming its financial position, competitiveness, and reputation.
Can Internal Controls Help to Prevent Fraud?
In almost all accounting fraud cases involving financial statement manipulation, the manipulation happened because internal controls were weak, and failed.
U.S. Generally Accepted Accounting Principles (GAAP) provide considerable latitude in the calculation and reporting of financial data; that gives wrongdoers the means to manipulate financial statements. Meanwhile, senior executives can also be tempted to inflate assets and under-report debt on financial statements because their compensation is often directly tied to the organization’s financial performance. Those bonuses give them a big incentive to lie about the company’s financial condition by manipulating financial statements.
Internal controls are the defenses against those temptations. They provide reasonable assurance to the audit committee, board of directors, and senior management that the company’s financial reporting is reliable and compliant with applicable laws and regulations. Robust internal controls and internal audit functions can prevent the manipulation of financial statements and increase the integrity of accounting records.
It’s imperative to implement various types of internal controls to increase transparency and accountability in the system. A variety of checks and balances will deter employees from fudging financial information and indulging in fraudulent activities and accounting behaviors.
A system of internal controls and audit trails, combined with vigorous document reviews, verification, and sign-off, can also improve fraud detection and fraud prevention, ultimately reducing its likelihood and protecting the organization from severe fallout.
Critical Internal Controls to Prevent Financial Statement Fraud
Internal anti-fraud controls for financial statements and reports begin at the transaction level of accounting. They may also be instituted outside the accounting function to improve its oversight, maintain the integrity of financial statements, and strengthen the company’s operations.
All organizations need to consider internal controls to prevent financial statement fraud. Public companies even have a legal duty to their stockholders and are bound by SEC regulations. The following basic internal controls will reduce risks for banks and private companies, big and small.
Segregation of duties means that no single person in the accounting department has multiple responsibilities that could let the person commit fraud. Record-keeping, authorization, and review activities are divided among different employees. Segregation reduces the risk of error and inappropriate actions that may lead to fraud.
At the very least, organizations should segregate the duties for:
- Receiving cash or checks
- Preparing deposits
- Handling cash receipts and deposits
- Reconciling deposits and other transactions
- Writing checks
- Preparing financial statements
Implement a Reconciliation Process
A systematic, formal reconciliation process for all key accounts is also a critical internal control. All incoming check logs must be reconciled against deposits. Bank statements and canceled checks must be regularly examined to assure that checks are not issued out of sequence (which can indicate the presence of missing checks and fraudulent activities).
Examining canceled checks (processed and cleared by the bank) is also vital to assure that only authorized signers sign checks. It’s beneficial to verify that all endorsements, reimbursements, and expenditures are appropriate and that all vendors are legitimate.
In alignment with the segregation of duties, an independent person who doesn’t have bookkeeping or check signing responsibilities should be in charge of reconciliation. Further, the reconciliation report must be signed and dated by this authorized person to document that the reconciliation was performed, when, and by whom.
It’s also a good idea to inform all employees that accounts will be regularly reviewed and reconciled by an internal auditor and that any discovered differences or issues will be investigated thoroughly. This awareness can reduce the temptation to manipulate financial statements.
Use an External Auditor
Financial statement fraud is often perpetrated by management. To prevent this from happening, an independent external auditor with good credentials should examine financial statements at least annually.
An outside party can bring the objectivity and impartiality required to assure that financial statements are free of manipulation or error. It can also deter employees from making fraudulent adjustments to financial statements and presenting them as-is.
Provide Board of Directors Oversight
The board of directors should oversee all operations and management. In particular, the board should:
- Compare actual revenue and spending to budgeted revenue and expenses, to find and investigate significant variations, mismatches, or errors;
- Review the check register or general ledger;
- Assure that the approval of all financial and audit procedures, as well as substantial expenditures, are documented;
- Evaluate C-suite performance against written job descriptions;
- Require independent external auditors to present the annual financial statements.
Review Inventory, Journal Entries, and Electronic Transfers
Checks and balances to review inventory, equipment, and other assets are also vital. Inventory counts should be done randomly throughout the year by a person who doesn’t have an incentive to misreport. General journal entries should also be reviewed at least monthly. Any large or unusual amounts should be noted and investigated as red flags.
Wire transfers, particularly to offshore bank accounts, are a favored method of fraud, so they should be regularly reviewed to assure that all transactions are legitimate, involve authorized parties, and are supported by appropriate documentation.
Set a Strong Tone at the Top
A vigorous environment of internal accounting controls cannot exist without a strong tone at the top. Management should demonstrate ethical behavior, show its commitment to integrity and honesty, and lead by example. All ethics, values, and procedures should be communicated across every level of the enterprise in the form of written policies.
Policies should be created for:
- Cash disbursements, receipts, and reconciliations
- Expense and travel reimbursements
- Petty cash access, receipts, and reconciliation
- Voiding checks
- Blank check access and storage
- Purchasing guidelines
- Conflicts of interest
The consequences of disobeying these procedures should also be written and clear. Board members should approve every policy.
Set Up a Fraud Hotline
A confidential hotline to report fraud allows employees to safely report any possible manipulation of financial statements. When whistleblowers are well-protected, they are more likely to feel safe raising a red flag and unlikely to leave the organization. Insiders are your best chance of detecting and preventing fraud.
Leverage ZenGRC to Mitigate the Risk of Fraud
Financial statement fraud may not be as accessible or common as other types of fraud, such as asset misappropriation. It can, however, still cause lots of problems for your organization.
In 2018, a report by the Association of Certified Fraud Examiners (ACFE) estimated that financial statement fraud produced the highest median loss of $800,000 among many types of occupational fraud. Effective internal controls can protect your organization from such misstatement frauds.
Mitigate the risk of financial statement fraud by improving visibility into your risk environment with ZenGRC from Reciprocity. Identify relevant risks, improve risk assessments, and see where they’re changing to reduce your risk of fraud.
ZenGRC offers a single source of truth to help you streamline your risk management program. Policies and procedures are revision-controlled and easy to find in the document repository. Workflow management features offer easy tracking, automated reminders, and audit trails. Insightful reporting and dashboards give visibility to gaps and high-risk areas.
To see how ZenGRC works, schedule a free demo.