Wipfli logo
Insights - Articles, Blogs and on-demand webcasts

Articles & E-Books


Internal controls and 3 other proactive approaches to fraud prevention

Sep 09, 2019

Fraud prevention is a pretty well-searched topic, and for good reason. Business owners want to keep their organizations safe and secure. They want to be able to trust their employees. They don’t want to just react to fraud; they want to be proactive and prevent it.

When talking about fraud, there always needs to be a disclaimer that there is no 100% fraud prevention method out there. If you have an employee who is determined to steal from your business, they will probably find a way to do so eventually. But you can certainly make it much more difficult to commit fraud (or any other crime), and you can certainly make it easier to detect and respond to an incident.

So while there may not be a way to completely prevent fraud, there are ways your organization can be proactive and minimize your risk. Below are four strong ways you can help prevent or deter fraud:

1. Perform an internal audit and/or internal control assessment

An internal control assessment is where a third-party goes into your organization and assesses your areas of risk. Once the third-party identifies these primary areas, they walk you through the gaps in your internal controls, provide examples of how someone could exploit these particular gaps and then create a resolution program to close those gaps. The third-party can also help implement additional controls and perform regular tests to help ensure the controls are being adhered to.

You may be surprised to discover the seemingly minor risks that employees take without realizing the potential consequences. We often see blank checks sitting on top of filing cabinets, inventory that hasn’t been locked up or that access to financial systems hasn’t been secured.

Payroll is another big area of risk, especially in small organizations. If the payroll clerk does payroll for everyone, including himself, he may have the ability to manipulate his own paycheck. Enforcing segregation of duties, meaningful management review or even access controls on bank websites as internal controls can provide the oversight needed to help prevent misappropriation.

2. Use data analytics tools

One of the fastest ways to check and see if anything fishy is going on in your organization is to use data analytics. Wipfli uses a tool called IDEA to look at an entire population of transactions for our clients.  We use information created by the organization in the normal course of business, which is more effective than sample testing because we use 100% of the data, even in large environments. Data can come from different systems or be in different formats and can be analyzed to help identify mistakes and process breakdowns in addition to fraud.

For example, if you want to investigate whether any if your employees have set themselves up as a vendor and are paying themselves for services not performed, the IDEA tool can take a list of employee names, addresses and Social Security numbers and crosscheck your vendor list for matches. 

Or if you want to see if any of your sales personnel are pushing sales through at the end of the month to meet sales goals, Wipfli can use IDEA to look at the full sales ledger to identify the date and sales person of any potentially suspicious transactions to then guide further investigation.

Read more in: Using Data Analytics to Identify Errors, Waste and Abuse

3. Perform insurance reviews

One great way to be proactive is to ensure you have adequate insurance coverage. We often see that organizations have an insurance policy, but when it comes up for renewal, they don’t take a close look at whether it still matches their needs. 

If you experience fraud or other disasters on the level where it interrupts your business, your insurance carrier may reimburse you for income lost while you’re down. However, if your business grew significantly from when you first purchased your insurance policy, you may not be paid out what you deserve. Your loss will be measured based on the coverage limit of the policy currently in place. If that limit is not high enough to cover your current sales volume, there is a chance your payment will be less than it otherwise should be. 

Furthermore, in the event that a fraud does occur at your organization, there is insurance coverage, such as employee theft coverage, that can help recover some or all of what was taken. 

However, the limits on these policies need to be reviewed as well because once policy limits are maxed out, there is a low probability that you will be able to recover additional funds from the fraudster. Without reviewing your coverage ahead of time and looking at the worst-case scenarios you could face, you could be underinsured when disaster strikes. 

This is another area where a third-party can assist you. Wipfli helps our clients review their policies, look at their financials and then determine whether their current business interruption coverage is adequate based on their current level of revenue and expenses. Additionally, if a loss does occur, Wipfli can help measure the damages and prepare your claim, often with our fees covered by insurance.

Don’t forget that there can be extra expenses incurred due to loss, which may or may not be reimbursed. If your place of business burned down, would you have to get a temporary space and start paying a second rent payment? Are you going to continue paying your employees so that you still have them when you reopen? These are the types of considerations to review when deciding if you need extra coverage. 

Read more in: Here’s the Coverage Your Business Interruption Insurance Program May Be Missing

4. Perform contract compliance audits

Are your vendors adhering to the terms of your contract?

A contract compliance audit can uncover if vendors are not billing in compliance with agreed upon rates or billing in excess of an agreed upon amount. Wipfli has often analyzed contractor payment applications and vendor invoices to determine contract compliance. 

Contract compliance is especially a concern for businesses with million-dollar contracts in place. While these businesses may or may not have the time or manpower to audit contract compliance, they certainly want to make sure they are paying/receiving what they should, in agreement with what they signed. A third-party like Wipfli can verify contract compliance.

Fraud prevention questions?

Let us know if you have any questions about fraud prevention and how to minimize your organization’s risk of fraud. We provide many fraud and forensics services, which you can learn more about here.

You can also read more on fraud in our other articles:

The secrets of fraud prevention

How to respond to fraud

Financial fraud: What to do when an employee steals from you


Carly S. Jacobson, CIA, CFE, CRMA
View Profile