How Internal Controls could help to prevent Fraud?

 

We encounter or hear many fraud cases in the commercial world every day. The causal factors that should be removed to deter fraud are best described in the “Fraud Triangle.” This idea was first coined by Donald R. Cressey. The Fraud Triangle describes three factors that are present in every situation of fraud:

  • Motive (or pressure) – the need for committing fraud (need for money, etc.);
  • Rationalization – the mindset of the fraudster that justifies them to commit fraud; and
  • Opportunity – the situation that enables fraud to occur (often when internal controls are weak or nonexistent).

Internal control plays an important role in the prevention and detection of fraud. Under the Sarbanes-Oxley Act, companies are required to perform a fraud risk assessment and assess related controls. This typically involves identifying scenarios in which theft or loss could occur and determining if existing control procedures effectively manage the risk to an acceptable level. The risk that senior management might override important financial controls to manipulate financial reporting is also a key area of focus in fraud risk assessment.

In April 2011, a listed company issued an announcement listing the audit related issues identified by its auditor and other issues identified by its independent board committee. We are summarizing the identified issues below with our recommended general internal controls to prevent and detect them.

 

Issue 1: Serious doubt about to the authenticity of bank statements and bank-in slips

Some general internal controls to address the issue:

  • Stringent payment controls for issuance of cheques and cash withdrawal should be implemented;
  • Receipts in cash should be prohibited, all received cheques should be payable to the company only;
  • All bank-in and withdrawal slips should be checked by finance department for accounting records;
  • All cheque books should be locked and maintained by finance department with a log book recording their usage;
  • Regular bank reconciliations should be performed by preparer and checked by reviewer;
  • Effective segregation of duties;
  • Establishment of or amendment to the company’s operational policy and procedures in order to build effective controls; and
  • Periodic internal control review by independent accounting firm.

 

Issue 2: No insurance policy was purchased for the forests of the company

Some general internal controls to address the issue:

  • Designated personnel should be assigned to manage and maintain all insurance policy for all forests;
  • Effective filing system and log should be established for ease of management; and
  • Periodic review of existing insurance policy should be conducted to ensure accuracy and completeness.


Issue 3: Handwritten logging permits with substantial identical number and manual chops

Some general internal controls to address the issue:

  • The forest management team should be responsible to apply for, maintain and renew all relevant logging permits;
  • Effective filing system and log should be established for ease of management;
  • Periodic review of logging permits should be conducted to ensure validity and completeness; and
  • Regular reports about logging activities should be submitted to the board.



Issue 4: Issue dates shown on relevant forest ownership certificates predated the establishment of the relevant Group Company

Some general internal controls to address the issue:

  • Designated personnel or professional should be employed to manage and maintain all forest ownership certificates;
  • All ownership certificates should be checked by finance department for accounting records;
  • Effective filing system and log should be established for ease of management; and
  • Periodic physical check of certificates/ and forests should be performed.

 

Issue 5: Almost all of the sales were conducted by way of cash transactions

Some general internal controls to address the issue:

  • Effective ERP system with integrated modules of sales, purchase, inventory, fixed assets and accounting etc. should be considered. All transactions initiated in sales module will be automatically captured in accounting module. This can help to increase the accuracy or reliability of accounting records.
  • Receipts in cash should be prohibited, all received cheques should be payable to the Group only;
  • All cheques should be banked in on timely basis (say, within 1-2 days);
  • There should be proper segregation of duties among receipt, recording and reconciliation;
  • Effective cross checking system should be implemented for preparing accounting records with relevant supporting documents; and
  • Also refer to Issue 1 above.


Issue 6: Purchase of wood logs

Some general internal controls to address the issue:

  • All cash purchases should be prohibited;
  • Purchase requisition, orders and contracts should be reviewed and approved by appropriate personnel;
  • Approval grid should be established;
  • All purchases should be checked and recorded upon receiving;
  • Physical count and relevant valuation should be performed on periodic basis; and
  • Supplier invoices and goods received notes should be checked by finance department for accounting records.

In addition, some general controls should be considered for effective monitoring of the company’s operations:

  • The company should establish or improve the operational policy and procedures in all major areas including sales and receipts, purchase and payments, bank and cash, financial reporting, asset management, compliance, etc. to ensure that effective controls are properly built;
  • Periodic internal control reviews (e.g. once/ twice a year) should be conducted by professional accounting firm;
  • Internal control review results should be directly reported to the Audit Committee on regular basis; and
  • Whistle-blowing system should be established for effective reporting of irregularities from bottom to top.


In conclusion, a strong internal control system could help to prevent and detect fraud effectively. Regular internal control reviews could provide useful information to board of directors and audit committee so as to ensure the company is operating properly with a good control environment.

 

 

If there are any aspects which we may assist, please do not hesitate to contact our partner Mr. Roy Lo at 3583 8096 (roy.lo@shinewing.hk) or our Risk Principal Ms. Helen Lee at 3583 8519 (helen.lee@shinewing.hk).

 

SHINEWING Risk Services Limited

 

 

 

chi_index