Prevent Loss with Internal Controls - dummies

Prevent Loss with Internal Controls

By Kenneth Boyd, Lita Epstein, Mark P. Holtzman, Frimette Kass-Shraibman, Maire Loughran, Vijay S. Sampath, John A. Tracy, Tage C. Tracy, Jill Gilbert Welytok

The procedures and processes that a business uses to prevent cash losses from embezzlement, fraud, and other kinds of dishonesty go under the general term internal controls. Internal means that the controls are instituted and implemented by the business.

Many internal controls are directed toward the business’s own employees to discourage them from taking advantage of their positions of trust and authority in the business to embezzle money or to help others cheat the business.

Many internal controls are directed toward the outside parties that the business deals with, including customers (some who may shoplift) and vendors (some who may double bill the business for one purchase). In short, the term internal controls includes the whole range of preventive tactics and procedures used by a business to protect its cash flows and other assets.

Weighting internal control costs and benefits

Some businesses put the risk of cash losses from fraud near the bottom of their risk ranking. They downgrade these potential cash seepages to a low priority. Accordingly, they’re likely to think that internal controls consume too much time and money.

Most businesses, however, take the middle road and assume that certain basic internal controls are necessary and cost effective — because without the controls, the business would suffer far greater losses than the cost of the internal controls.

Some companies boldly assume that the company’s internal controls are 100 percent effective in preventing all embezzlement and fraud. A more realistic approach is to assume that some theft or fraud can slip by the first line of internal controls.

Therefore, a business should install an additional layer of internal controls that come into play after transactions and activities have taken place. These after-the-fact internal controls serve as safety valves to catch a problem before it gets too far out of hand. The principle of having both kinds of controls is to deter and detect.

Understanding collusion

Collusion is broadly defined as two or more parties working together to commit fraud. Internal controls operate based on two assumptions:

  • Employees are basically honest. If assets are lost or mishandled, the loss is likely due to an employee mistake, not fraud.

  • Internal controls are designed to catch errors and fraud when one party is involved. If more than one employee is involved, most internal controls won’t catch the error or fraud. If the transaction is discovered, it may be long after the fact.

The strongest fraud deterrent is the likelihood of being caught. Even so, desperate people still take their chances of being caught.