Hand using calculator, magnifying glass, glasses laptop on table looking closely at paper

The High Cost of Internal Fraud


Every so often a dramatic case of financial fraud makes the headlines because of the sheer amount of money involved. But, on average, companies with fewer than 100 employees suffer the largest median loss and 42% of fraud cases are caused by a lack of internal controls.

Internal fraud exacts a high cost in terms of financial losses (only about 39% of stolen monies are recovered), company reputation and company culture. No one wants to think that someone at their company is capable of fraud, but most cases of frauds are perpetrated by someone at the managerial level or higher. Many involve more than one person.

Common Types of Internal Fraud

Following are the five common types of internal fraud:

  • Billing Fraud: Inaccurately reporting spending, creating fictitious vendors or overstating payments made.
  • Check and Payment Tampering: Diverting payments made to the company into personal accounts or writing company checks to personal accounts.
  • Payroll Fraud: Inaccurately recording payroll or paying fictitious employees or vendors.
  • Theft and Larceny: Stealing petty cash, cash collected from customers, company property or personal property of company owners or employees.
  • Skimming: Using a card swipe or other device to collect credit card information, processing credits to personal cards.
Controls to Prevent Fraud

Having the right controls in place can prevent fraud. Most internal controls fall into the following categories:

  • Tone at the top: This is used to define management’s leadership and commitment towards openness, honesty, integrity and ethical behavior.  It is the most important component of the internal control environment.
  • Company code of conduct: This document sets out in writing the company’s expectations for employees. It doesn’t need to be complex, but it does need to define what the company expects from each employee.
  • Procedural controls: These controls define the standard operating procedures at your company. They trigger automatically when a particular action is initiated. For example, having all company checks signed by two people or having the payroll prepared by one person and checked by another before it is sent to the payroll company. These controls are designed to create checks and balances.
  • Embedded controls: These controls work automatically all the time. They are always running in the background and don’t need to be turned on and off. Examples include things like requiring the use of standardized contract forms for vendors and independent contractors and using standardized forms for invoices, internal materials requests, inventory receipts and travel expense reports. Embedded controls help your business run efficiently. But you also need to have procedures to monitor exceptions, such as change orders or costs that exceed a set amount.
  • Accounting system access controls: These controls limit access to sensitive financial information in various ways. They also track electronic access to the system. This allows management to audit usage and identify unauthorized access.
  • Dashboards: Dashboards generally are used by management to monitor various metrics of the company’s operations, such as sales figures or usage of company financial systems.
  • Approval authority requirements: Requiring specific managers to authorize certain types of transactions, such as large payments or expenses, can add a layer of transparency to accounting records.

For more information about the internal controls necessary to prevent fraud, contact us today.