Sunday, September 27, 2009

Using an internal audit facility

An internal auditor can be a great tool to help prevent and detect fraud. The role of the internal auditor can really be what the organisation wants and needs. An internal auditor usually assists in areas of corporate governance and risk management.

An internal auditor can review, test and recommend improvements in controls and processes, test the reliability of the financial reporting process, ensure the organisation complies with standards and legislation as well as deterring and investigating fraud. The board can make use of an internal auditor to cover areas where the board is concerned, is suspicious of inconsistencies or improve controls where gaps or weaknesses exist.

If an internal auditor is appointed he or she needs to be able to report directly to the audit committee or if your organisation does not have an audit committee, a board member such as the treasurer or chair of the board.
For organisations that cannot put a full time internal auditor or have an internal audit department, there are other options. It is possible to either hire an internal auditor on a part time basis (eg. one day a week) or engage the internal audit division of an accounting firm to assist.

Sunday, September 20, 2009


Collusion is when two or more people agree (usually in secret) to deceive, mislead or defraud others.

If collusion is occurring, it usually is the result of a breakdown in controls. Collusion does, in some way, cost your organisation money. For example:

  • Consider collusion occurring between an employee and an employee of a contractor who is tendering for major construction works. It is likely that either the tender will be cheaper for the contractor to win and thereby it may result in poorer quality workmanship and / or materials used or may be overvalued and the organisation may be charged more than should be; or
  • As the purchasing officer in the organisation, the employee allows the supplier to charge more than the items could be purchased for elsewhere, thus incurring additional costs for the organisation.

To attempt to avoid collusion:

  • All employees should be required to disclose any potential conflict of interest that may exist;
  • All employees should be required to, at least yearly, sign off that they understand all policies and procedures;
  • Ensure that vendors and suppliers are fully aware that gifts and gratuities are not to be given to employees or volunteers. If they wish to support the organisation, it should be made by way of donation;
  • Ensure employees, volunteers and suppliers have a way of reporting suspected collusion. It is surprising the number of times collusion is picked up by another organisation who also has an employee involved in the collusion.

Collusion is very difficult to discover and also very difficult to investigate as any benefit is usually received by the individual. Any suspicion of collusion needs to be investigated thoroughly.

Sunday, September 13, 2009


Payments are usually made in one of three ways: cash, cheque or electronic payments. Each payment method has its own risks.

Cash Payments

When making cash payments (eg. out of petty cash) an invoice or receipt should be obtained for every payment made and the invoice / receipt needs to be confirmed to the cash amount paid. The person controlling the cash should not be the same person who reconciles the cash and the invoices / receipts, so any discrepancy can be adequately investigated. The fewer the cash payments needed the better.

Cheque Payments

The question is, is one signature enough? The answer is no. Not even if the cheque is for a small amount. Cheques need to be signed by two people. Also the following should also be undertaken:

  • Cheques should never be pre-signed;
  • When the cheque is prepared for signing, all documents supporting proof of the requirement for payment should be attached;
  • The people who are signing the cheques need to thoroughly review the documents supporting the payment and sign the documents showing the appropriate approval;
  • The amount and payee on the cheque needs to be the same as on the supporting documents and needs to be confirmed by the people signing the cheque.

Electronic Payments

The first thing people who are authorising electronic payments need to remember is that their password for signing in to authorise the payments is the equivalent of their signature on a cheque. A person would not allow a person to forge their signature, so why let a person use their password.

The following should be undertaken when making payments electronically:

  • When the electronic payments are prepared for payment, all documents supporting proof of the requirement for payment should be thoroughly reviewed by the people authorising the payment;
  • The amount, payee and bank account details on the electronic payment authorisation needs to be the same as on the supporting documents and needs to be confirmed by the people authorise payment.

It needs to be remembered that a common way for someone to commit fraud with electronic payments is for the person who sets up the payments puts in their own bank account number instead of a creditor’s bank account number. The people authorising payments need to be aware of this issue.

Sunday, September 6, 2009

Is your identity or your organisations information at risk?

There has been a lot of media about identity theft. However, you don’t just need to worry about someone stealing your personal papers, credit cards, drivers license or passport.

Norton Symantec has released a list of the 100 most dangerous website on the internet and warn about malware.

For details of this very important topic, click here.