When promoting internal controls, you’ll often hear me say that it’s imperative for managers to review all of their department’s business transactions. Additionally, when I teach internal controls and fraud prevention and detection, a technique that I share with folks is to simply read material from top to bottom and left to right – in its entirety. Please do not skip around and target data that you think is the place that errors or fraud will arise. If you invoke critical thinking when reviewing your documents, questions should come to mind that will help you put together the relevant pieces and expose what may be missing.
Back when I worked in the banking industry, it was through this technique that I spotted fraud. (It’s important to note that I was also using artificial intelligence at the time –reviewing algorithms supported my hunch that something wasn’t right). In the case in question, I discovered a person was altering documentation sent to our organization by changing the dates on the supporting documents that were required of the vendor. Upon reviewing those documents, I noticed the font and the number height was somewhat off on the copies sent to us – that was unusual since these should be authentic documents (not copies). Also, the algorithms indicated that the date the document posted wasn’t consistent with the expected expiration date on my tracking sheets – the system flagged this, too. I contacted the third-party agency that was supplying business support to our office and we discussed the discrepancies over the phone. The issue surfaced quickly: the original documents, which were expired, had been altered. There were significant consequences, including financial implications to our firm and resulted in us voiding that contract in its entirety. It turned out the documents were altered by the vendor who was trying to get out of paying for necessary requirements that were well within our contract.
Managers, I ask that you review supporting business transaction details. Please do not get in a habit of seeing a type of documentation so often that you assume the information is the same and that you avoid properly reviewing them. While it is good for folks to be able to anticipate what should be in the documentation, fraudsters prey upon the weak human tendencies to skim over what they assume they already know. They believe that their fraud will somehow slip between the cracks.
Always look for ways that we can improve/enhance our controls. For example, when preparing contracts, we should obtain certificates of insurance directly from the insurance providers versus just receiving them from the vendor that we’re contracted with – this would be an enhanced control and it allows us to reconcile documents at a higher level.