Internal controls
These are the policies and procedures companies use to protect assets, improve operating efficiency and ensure reliable financial statements. A strong system of internal controls, including fraud training programs and whistleblower hotlines, is a company's first line of defense against fraud. Other examples of internal controls that minimize fraud risks include:
​
-
Restricted access to physical assets, including locks, passwords, electronic surveillance and security systems.
​
-
Formal job descriptions, codes of conduct and employee manuals
​
-
Mandatory vacation and job rotation policies
​
-
Segregation of duties, such as record keeping, authorization and custody over assets
​
-
Duplicate signatures on checks above a preset dollar amount
-
​
-
Monthly bank reconciliations and physical inventory counts
-
-
Background and reference checks on prospective job candidates
​
-
Have bank and credit card statements mailed or emailed to owner. Owner then provides statements to bookkeeper (if bookkeeper reconciles the statements)
​
-
Annual (or surprise) audits conducted by owners, internal auditors or a CPA firm.
Internal controls can be intentionally circumvented and thus are less effective if managers override the system or become lax in supervising subordinates. These loopholes undermine a company's efforts to detect and prevent fraud