Fraud costs companies millions of dollars every year. However, for most accountants and auditors, catching or preventing fraud is not the focus of their job. We look at what’s involved, and what potential solutions may be available to help tackle the problem.
In a recent report, auditors were found to have detected only 4% of occupational frauds committed, and it is not difficult to understand why. Consider the level of attention to detail managing and keeping tabs on such a wealth of numerical data requires. To then mine said data for suspicious activity is an incredibly complex task, and it does not end with the data.
A needle in a haystack
It goes without saying that there is more than one way to commit fraud. Accountants and auditors would need to be on the lookout for evidence of secret cooperation or conspiracy within the company including, but not limited to: redirected payments; false invoice payments; misappropriation of funds; non-purchase payments; anonymous vendor payments; anonymous customer payments; falsified or changed client names, addresses, and payment information; imaginary vendors, refunds, and purchase orders; and overcharged hours or workloads.
Man VS Machine
While people may not be able to detect fraud easily, we might have a better shot with the aid of accounting software and fraud detection software.
Accounting software typically manages the financial activity of a company, including sales and purchase orders, expense handling, electronic payments, billing/invoicing, and timesheets. It also compiles financial reports, including income statements, balance sheets, and profit and loss statements.
Beyond the usual accounting software, there is also ERP, Enterprise Resource Planning for businesses, which is software that not only manages data and promotes internal information sharing, but can also play an effective role in fraud prevention.
As well as the standard accounting software functions mentioned above, ERP accounting software is also able to track assets and hours worked; manage customer relations, product life cycles, and supply chain management, produce reports, and perform data analysis.
Obviously to successfully catch and prevent all fraudulent activity you would need to perform a complex analysis of ERP system logs, phone logs, and email logs. You may also need to analyze door logs, office layouts (to identify people working in the same location), and interpersonal relationships. Few people have the time or patience for such an undertaking. It’s a job for a full-time specialist.
Internal fraud detection can usually spot fake financial reporting by management personnel, and abnormal transactions by employees, and data mining and statistical approaches can detect suspicious user behavior, activity logs, and transaction logs. An alternative approach would be to use specific fraud detection software with programming that is able to detect, identify, and stop potential fraud setups in their tracks.
Getting back to ERP software though, while it cannot usually detect multi-transactional fraud, and it is important to note that it is not the be-all and end-all of fraud prevention, what it can do very effectively is limit individually-operating fraudsters, and go some way towards limiting multi-transactional fraud.
Considering the similarities, if you have not yet used ERP software, you might be wondering about the difference between that and traditional accounting software. Assuming you already know traditional accounting software reasonably well, let’s take a more in depth look at some of the more useful applications of ERP software.
In addition to the functions of traditional accounting software, which handles the pure financial aspects of your business, ERP software includes those things as well as tracking assets, human resource functions, and supply chain management. It may include the ability to track billable hours, product life cycles, key performance indicators, and customer relations. Because these things can impact the company’s finances, they can be considered an integral function of the finance department, and so it is easy to see why having one software program to contain them all, is highly useful.
Restricted access and file integrity
ERP software can deny unauthorized operations such as changing names, addresses, amounts, or other data, without a higher authority reviewing and approving the request. It can also automate electronic fund transfers, removing the need for human interaction, and help companies follow industry-specific regulations, laws, and practices.
In addition, the general ledger gives accurate financial data in real-time and can be accessed from any device. It can be protected to prevent unauthorized access or data tampering.
You can enable customizable alerts on certain form fields so that you are notified of any changes. The software can also monitor file integrity and detect intrusion, alert system administrators of suspicious file activity, and detect unauthorized access to the network.
An ERP system can produce activity reports, grant access to transaction history, verify external data sources, display time/date/user identification data, and integrate reporting with other features.
Users can also look up cash transactions and access source documents.
Keeping track of receivables, payables, and assets
You can access incoming payments, and see which clients paid on time and which are still due. Tracking all transactions, purchases, billing, as well as recurring and deferred payments will prevent sending outdated invoices and enable you to send reminders to customers who haven’t yet paid.
As for payments, you can track invoices and automatically pay for any purchases made. This prevents accidentally paying for services twice, or missing payment dates. You can also access transaction history to see how efficiently the system is functioning.
Tracking the lifecycle of assets can be complicated, but with ERP software, it becomes much easier to track, and can be monitored on mobile apps that enable you to choose which employees can access it. It also automates salary calculations, taxation issues, hiring, retiring, vacation or sick leave payments, and any other personnel-related expenses.
ERP software can go a long way towards preventing fraud, however only if good controls are implemented as part of the system. Dummy company fraud is only possible if a user is able to access all processes in the setting up of suppliers and the processing of false transactions. ERP software should be modified to break these processes up to ensure that no one person can perform all of the tasks in the process.
Key personnel should be notified if a supplier’s bank details are changed, or if a salary is increased without justification. Audit trails on key transactions can also help, although this is definitely something that is better left to automation.
And lastly, regular access reviews by managers are important to help prevent security breaches and ensure that users’ access rights are in-line with their role. As responsibilities change, users are often granted additional access rights, but something that is frequently overlooked is the removal of redundant rights.
It is relatively easy to identify individual fraudulent transactions. However, fraud involving a combination of multiple legitimate transactions is extremely difficult to detect and can lead to significant financial losses. It is also more complicated and increasingly difficult to detect when mid- and upper management are involved, as they are more likely to be able to conceal fraudulent activities.
While ERP software should not be considered as a stand-alone solution to detecting fraud, it can be considered an extremely powerful component in a larger, more comprehensive strategy. Besides ERP software, additional preventive measures such as CCTV, advanced locking solutions, and authentication technology, including ID badge, fingerprint scans, and facial recognition, is recommendable.
Risk management is a key strength of ERP software capabilities. Businesses should analyze potential risks and configure the software accordingly. This in turn will not only prevent accidental and deliberate future losses but will also help with documentation and compliance with regulations.
Businesses should also hold employees accountable for maintaining internal control. In combining ERP accounting software with employee professionalism and well-established policies, you can ensure a strong system that can help to detect, eliminate, and prevent fraudulent activity.