Victim Of Fraud? What Can Be Done To Prevent It From Happening?

Victim Of Fraud? What Can Be Done To Prevent It From Happening?

Receive-EmailAbout our GRC Services

It is not necessarily a question of “if” but possibly “when” and “how” your company will be a victim of fraud. While fraud can occur in any area of the business, it has been more commonly noted in the areas of Purchasing, Disbursements, Payroll and Inventory. When the dust has settled and the fraud investigation is completed, the Board of Directors and senior management will be asking the question – Why did the fraud happen (without being detected in a timely manner) and how can we prevent this from happening again?

Primary Reasons Fraud Occurs

Fraud usually occurs because of the following primary reasons:

  1. There is lack of segregation of duties.
  2. Authority and decision making is centralized to a few persons.
  3. Access to key applications and administrative system accounts are not controlled nor monitored.
  4. Review and oversight functions are inadequate or weak.

So how can we reduce the risk of fraud?

Yes, you guessed it! Internal Controls!

Although strong internal controls do not completely eliminate the risk of fraud, they do help in strengthening the control environment and significantly reducing the opportunities for fraud to occur. The company should use its own Internal Audit department or engage a third party consultant to perform an assessment of its internal controls. The purpose of the assessment is to identify control weaknesses and then take remediation steps to close the gaps.

Further, the following steps may be taken by management:

ONE Have a policy of mandatory vacations. There have been numerous cases where fraud was detected because the perpetuator was on vacation.
TWO Have a formal Code of Ethics and obtain acknowledgement from all employees on an annual basis.
THREE Senior Management and the Board of Directors should continuously demonstrate the importance of internal controls.
FOUR Set up an easy method for vendors and employees to report fraud such as a whistleblower hotline number.
FIVE Monitor employees’ access to key applications and privileged system accounts and the roles assigned on a periodic basis.

The following are two sample areas where fraud can occur and the suggested steps that can be taken to prevent it:


How fraud is perpetuated What controls can prevent it?
The Payroll Employee will present the Pre-Check Payroll Register generated from the payroll application to the Supervisor for approval. After approval, the payroll data is fraudulently changed and then the payroll is submitted for the final processing. The Supervisor does not bother to look at the final Payroll Register or match it with the approved Pre-Check Payroll Register and thus does not know that an unauthorized change was made.
  • This can be easily prevented if there a review process in place of the final Payroll Register.
  • Review of the Payroll Change Report and the Payroll Register should be performed by someone other than the Payroll Employee.
Ghost employees or terminated employees accounts are used by the perpetuator to pay him/her. The checks received are then endorsed by the fraudster in his/her name or the direct deposit bank account in the system is manipulated.
  • A thorough review of the Payroll Register would help detect such instances and act as deterrence. Further, most of the payroll applications have various audit reports such as “Payments made to terminated employees,” which should be reviewed by the Supervisor.
  • The Supervisor should run tests on employee data to identify if duplicate direct deposit bank accounts exist between employees and whether or not they are related.
  • Payroll checks should be received and distributed by someone other than the Payroll Employee.


How fraud is perpetuated What controls can prevent it?
Ghost vendors are set up in the system, fraudulent invoices submitted and payments made to such vendors. Further employees may setup own company and provide services to their employer without disclosing the ownership.
  • There should be proper approval procedures for setting up new vendors along with a policy to disclose any related party interests. Adequate documentation should be obtained such as W-9 before the vendor is set up in the system.
  • Setting up new vendors and changes to vendor master file in the Accounts Payable system should be performed by someone other than the persons making disbursements.
  • Further, tests such as review of the vendor master file for similar names and addresses should be performed to detect duplicate vendors. Also the vendor and employee addresses should be compared to identify any companies owned by employees.
Fraudulent wire transfers are made from the company’s bank account. Most of the banks now provide the functionality of having separate employees perform the following:

  1. Initiate and Set up the Wire Transfer
  2. Approve the Wire Transfer
  3. Release the Wire Transfer

At least two persons should be required to send a wire transfer.

Fraudulent withdrawal is made by a vendor approved for ACH withdrawal from Company’s bank account. Most of the Companies provide ACH pull facility to some of their vendors exposing their balances to the risk of unauthorized withdrawals. A maximum withdrawal limit should be set up for such vendors to reduce the exposure of funds of the company. Alternatively, vendor should obtain prior approval before making any withdrawal.
Duplicate payment is made to the same vendor. Most of the General Ledger applications have functionality to prevent duplicate payments. Management should ensure that this functionality is enabled. Further, review of the Check Register by someone other than payment processor would reduce the risk.


Vivek Agarwal Vivek Agarwal
[email protected]

Vivek Agarwal LinkedIn

Ask Our Experts

To ensure compliance with U.S. Treasury rules, unless expressly stated otherwise, any U.S. tax advice contained in this communication is not intended or written to be used, and cannot be used, by the recipient for the purpose of avoiding penalties that may be imposed under the Internal Revenue Code.

Previous Post

Next Post