page contents
USA Real Estate Blog

HOW TO PREVENT FRAUD – Steve Watkins Barlow – Medium

0 4


Is it even possible? Well, yes and, perhaps, no. The ‘no’ is pretty much only if the appropriate internal controls are either not in place or not monitored. And the ‘yes’? When they are in place and monitored.

What do I mean by ‘internal controls’? Business defines them as follows:

Systematic measures (such as reviews, checks and balances, methods and procedures) instituted by an organization to:

  • Conduct its business in an orderly and efficient manner,
  • Safeguard its assets and resources,
  • Deter and detect errors, fraud, and theft,
  • Ensure accuracy and completeness of its accounting data,
  • Produce reliable and timely financial and management information, and
  • Ensure adherence to its policies and plans.

As you can see fraud — or at least the deterrence and detection of it — is only one of the reasons for internal controls. And the reality is that the controls must be robust and robustly followed if this deterrence and detection ability is to function.

To explain this let’s discuss what internal controls, these interlocking pieces of risk protection, are. You will note that many of them are accounting-related. This is because it is the numbers that should tell the story of what’s happening in the business (and where it’s at), and — to do that — they (the numbers) must be right. It is also these numbers that will highlight where things are not going right — including where fraud may be happening. This is just one reason why (up-to-date, accurate) accounting is so important.


Here are the key internal controls:

  • Separation of duties,
  • System Access Controls,
  • Physical Counts of Assets,
  • Standardized Financial Documentation,
  • Daily or Weekly Trial Balances,
  • Periodic Reconciliations in Accounting Systems
  • Approval Authority Requirements,

Let’s discuss these one-by-one.


This is about making sure no one person can manipulate ‘the system’ for their own gain. It means, for example, that the person doing the banking should not have access to also making payments. Similarly, the person auditing the accounts should not be the person who prepared them. The first of these can be an issue particularly in small businesses with small accounting teams. Meanwhile, small sports teams regularly strike the second example. Other examples include:

  • The person authorizing creditor payments from the business should not be the person who enters those payments into the system.
  • The person authorizing the payroll should not be the person who enters the payroll.

What do these examples prevent? Well, a person doing the banking who also has the ability to make payments could very easily have the company paying out the banking they have just deposited. Anyone auditing their own accounts could miss any inadvertent errors but is also in the position to cover up any deliberate errors.

A person who can both enter creditors and authorize payments can readily set payments up to their own bank account by:

  • By setting creditor payments (including those due to the Infernal Revenue) to go to their own bank account, or
  • By way of creating a dummy creditor and entering dummy invoices against it.

Meanwhile, a person who can both enter employee information and authorize payments to them can do similar things within the payroll system.


This refers particularly to the accounting system — seeing that’s where the money manipulation can be done — but also includes other parts of the business’ computer systems. A particular area of concern is the stock system, where a person — with the relevant access — could alter the records as regards the quantity of stock held, and then steal the item(s). Unwarranted access to systems could also assist an individual in carrying out the fraudulent activities discussed above.

Modern day systems are well set up to assist with the prevention of this kind of thing. They use tools like passwords, and lockouts — so the entry screen does not remain open for the perpetrator to continue trying to guess the password. Also of great use are the activity logs systems now retain, which records who tried to log into what. So, here, we have both a deterrent and a detection mechanism wrapped up in one.


Stocktakes. Everyone hates them. But it is these, with accuracy and good systems, that show up where stock has gone missing. And it’s not just stock. This also applies to (petty) cash and fixed assets, including tools. It’s usually the smaller things that go because they are easier to steal. But small things add up. And some valuable things are small. While petty cash might only be counted monthly — depending on usage — cash in a retail store should be balanced up at least daily, and if not per shift. Inventory is a bigger ask, but should probably be done at least annually. Sometimes, the easiest way is to implement rolling stocktakes, so it’s all counted across the year. Just not all at once. Tools and fixed assets tend to be less often, but tools should probably be annual.


You’ll recall that one of the reasons for internal controls is efficiency. Well, that’s a good reason to make sure your forms make sense, are up to date, and don’t duplicate each other. Then keep it that way. This makes sure documents are treated the same way each time, and none go missing. It’s also a good thing to make sure the forms are of such a size they’re not easily lost.

Having standard forms also makes it easier when searching through the documents — for whatever purpose, but particularly when searching for any discrepancy. Part of this standardization involves having pre-numbered forms, meaning a sequence must be maintained. It is a break in a sequence that sometimes highlights something is not being done right.


This has long been considered a good thing. The reality is that accounting systems these days do not allow the system to be put out of whack. So, reviewing the trial balance to see if it balances it not necessary. However, I have left this in because every business should review its financial data frequently, and particularly its KPIs — financial and non-financial. The sales team should be reviewing PoS (Point of Sale) daily, other KPIs — such as retail margin achieved (down to product/category level) — should be reviewed weekly. Similarly, those responsible for managing the business’ debtor ledger should be on top of its status at all times.


There are multiple parts to this, including:

  • Ensuring balances in the Debtors Ledger are agreed with the Debtor concerned,
  • Similarly, ensuring balances in the Creditors ledger are agreed with the creditor concerned,
  • Making sure bank account balances in the General Ledger are reconciled to what the bank records show,
  • Matching any Loan balances with Lender records,
  • Verifying investment balances, and
  • Reconciling balances owing to the Infernal Revenue.

As you can see there is potential within any of these for error. Including fraudulent error. The regularity with which they are done will depend on the size of the business and the account. These days, with online accounting systems, the bank account data is imported directly, so can readily be reconciled daily.


This is where a layer of checks and balances can be put in place to give assurance that things are being done correctly. The authority levels can be arranged as to a dollar level of authority — i.e. a person can only authorize up to a certain dollar level — or even can only order up to a certain dollar level. Modern accounting systems can assist with this in terms of determining who can authorize an amount for payment. Similarly, debit cards can be put in place with limits as to dollar value, type of item to be purchased and even type of store. Usually, credit card expenses require approval by at least the one-up manager.

Accordingly, payments can sometimes travel up a chain before getting authorized in full. Each of these steps, understandably, puts a roadblock in the way of someone wanting to commit fraud. This doesn’t just apply to payments — but to acceptance of liability in the first place — for example, approving an invoice for payment (because a service has been performed, or goods have been received). An extra check and one not necessarily recognized (or, often, welcomed) is that of the accounting team ensuring items are coded to the correct expense codes.

Beyond all these things there are other practices every business should have in place, including:

  • The security and location of cash, voucher, keys or other system/premises access items,
  • The authority/controls around access to various areas of the business, and
  • The security and regularity of systems backups.

Finally, there are audits — internal and external.

I think, by now, you can see that good internal controls, stringently followed, and closely monitored, will go a long way in the prevention of fraud. They will also be of great assistance in the detection of fraud. And other risk reduction. As Benjamin Franklin put it:

The rest comes down to who you hire. As Agatha Christie is quoted as saying:

This blog was first posted on 16 May 2019 at

قالب وردپرس

You might also like

Leave A Reply

Your email address will not be published.

Pin It on Pinterest

Share This

Share this post with your friends!