Fraud Prevention Tip #20: Determine Why Anti-Fraud Controls Break Down

Hands down. Not even close. The number one question asked during my live fraud prevention seminars is (drum roll please!):
Why Do Anti-Fraud Controls Break Down Over Time?
From my work with clients, here’s a list of ten reasons why controls break down. How many do you have today? And as you keep score, here’s a hint – the effect of these weaknesses is cumulative. The more you have, the greater the risk of anti-fraud control failure.
1. Executives, managers and employees simply don’t understand the control implications of what they do. Do you have people who don’t understand the control purpose of policies, procedures and reports they see every day? People who don’t know the questions they should be asking? Yes or no?
2. Reviewers who don’t have the information they need to know whether the transactions they’re reviewing are proper. Do you have people who routinely approve invoices from vendors and suppliers but have never seen the underlying purchase order or contract? A client’s executive once told me, ‘I review invoices in our international operations written in a language I don’t understand. But they look reasonable compared to what we paid last month.’ Do you have any situations like this?
3. Not enough time. Do you have people who don’t have enough time to perform the control procedures completely? I’ll save you the trouble. The answer is “YES! – We have this problem.” Every major business, every small business, every not-for-profit, every school district, bank and credit union has the challenge
of not enough time. Not enough time is a huge weakness in anti-fraud controls.
4. Blind trust. Do you have people who blindly trust what’s put in front of them? That manager who signs anything given to him or her as long as the paperwork looks straight, but they don’t really understand the underlying details. Remember these risks are cumulative. There is a compounding effect. When we don’t understand, don’t have the information, and blindly sign everything put in front of us, control failure is the inevitable result With each ‘yes’ answer on this list, the situation gets worse.
5. Willful blindness. Do you have people who choose not to see a problem? I call this willful blindness. “I choose not to see problems. I have subordinates who report to me who approve anything, but I choose to do nothing about it. Because, let’s face it, you can’t fight City Hall. It’s just the way that it is.” That old excuse has been thrown at us too many times by people who willfully choose not to see problems. And important anti-fraud controls fail as a result.
6. The process mentality. Do you have critical positions that are so process-oriented that it’s difficult for the people performing those tasks to stop and look at each individual transaction with any degree of precision? People who enter data. People who approve travel expenses or journal entries over and over and over, dozens of times a day. The process mindset is, “I’m so busy keeping up with the process, I don’t have time to look at the quality of what I’m doing.” And there are many positions in both large and small organizations where the process takes over. Everyone is in a little bit of a trance and they fail to pay attention to the details simply because of how busy they are.
7. Not questioning the strange, odd and curious. Do you have people who don’t question strange, odd and curious of things that are put right in front of them? That manager who sees something that doesn’t quite look right, a variance report, a month-end report that tells them there is a problem, but they choose to do nothing about it. Do you have people like that in your organization? Yes or no?
8. Not enforcing documentation requirements. Do you have people who don’t enforce documentation requirements from vendors and contractors? They say, “I know these guys. It’s probably okay. I trust them, so I don’t need all the documentation behind it.” Or, “That wire transfer is okay to send out because I know who requested it.” Can you think of anyone like that? Yes or no.
9. Inadequate prevention and detection skills. Do you have people with inadequate prevention and detection skills? I’m going to guess the answer to this one is “YES”. Because when I ask client employees and managers if their organization has ever taught them in a meaningful, deep way what they need to know to fight fraud in what they see in their business transactions, they say no. Over 95% of the time. A lot of them put their hands up when I ask the follow-up question: Have you been given awareness training where the central message was ‘pay attention to what you see, speak up when something doesn’t look right.’ But in-depth training? Real skill knowledge? Maybe one in twenty. Usually less.
10. Intentional override. Do you have people, perhaps a division or location manager, who intentionally overrides the rules? Who say by their actions, “These rules don’t relate to me. I’ve been here long enough. I’m high enough up in the food chain or the corporate pyramid. I can override the standard procedures because of my position or my length of service.”
How many of these ten weaknesses do you have?
Think – what’s the cumulative effect on fraud prevention
and fraud risk management?
If you know you have these weaknesses, it’s time to step up actions to replace them with Better! controls, Better! behaviors and Better! actions. Let us know if we can help.
John J. Hall, CPA
John J. Hall, CPA, is an author, speaker and results expert who presents around the world at conventions, corporate meetings and association events. Throughout his 35-year career as a business consultant, corporate executive and professional speaker, John has helped organizations and individuals achieve measurable results. He inspires audience members in corporations, not-for-profit organizations and professional associations to step up, take action and “do what you can.”