Compensating Controls

25 Mar 2020

According to the Association of Certified Fraud Examiners (ACFE), businesses with fewer than one hundred employees experience the highest percentage of fraud. It is imperative for small businesses and non-profit organizations to implement an effective system of internal control to prevent fraud, detect embezzlement, and provide users with accurate financial statements. Small businesses tend to struggle with incorporating a major component of internal control into their daily operations; the segregation of duties. To achieve the segregation of duties, no individual should be able to perform two of the following duties; authorization, recording, custody, and reconciliation. This difficulty stems from staffing constraints, forcing an incompatibility of responsibilities. In such circumstances, it’s crucial for management to implement compensating controls to mitigate the increased risk.

1.) Tone at the Top

Tone at the top refers to management’s commitment to ethics and values. It stems from management’s behavior and interactions with both employees and clients. To create positive company culture, management should lead by example and communicate company values on a continuous basis. A lack of core values and communication can lead to a gray line between right and wrong. If management violates company values, it sends the message that they are not important, and the employee will be able to justify their wrong-doing.

2.) Implement an Ethics Policy

Similar to a code of conduct, an ethics policy can portray to an employee management’s commitment to deterring fraud. It also enforces company values and integrity by sending the message that fraud will not be tolerated. An ethics policy ensures that all issues that arise are handled in a manner reflected in the policy, and not on an individual basis. Employees should be asked to read and sign a copy of the policy annually.

3.) Reviewing Monthly Bank Statements

It is recommended that the company owner open and review monthly bank statements to detect any transactions that may be unusual, as well as determine if deposits and payments to vendors are more or less than expected. This task is especially beneficial to small business owners as they are likely to be involved in daily operations. If employees are aware of the bank statement reviews, they will be less likely to participate in embezzlement schemes.

4.) Forced Vacations and Cross Training

Forced vacations allow for fraudulent activity to be discovered while the individual is on vacation. Therefore, it is beneficial for employees to be cross-trained to perform other jobs when responsibilities need to be temporarily rotated.

5.) Random Spot Checking

Management should be unpredictable when reviewing the work of others. While some reports should be reviewed on a monthly basis such as bank and credit card statements, invoices and other supporting documentation should be spot checked to ensure that employee’s cannot predict what will be looked into more thoroughly, making it more difficult to execute a fraudulent scheme.

6.) Extensive Hiring Process

Potential employees should receive a background check or screening to ensure a few things; They are who they claim to be, verify their credentials on their resume, and check for prior criminal history or other unusual behavior. This is not only an option during the hiring process but should be an ongoing practice. If your staff knows that it is a continuous process, then this will discourage them from fraudulent actions in the future.

7.) Third Party Involvement

A small business can hire a consultant or even a CPA firm to handle or review certain aspects. These aspects include handling cash receipts, payroll processing or securities recording. You may also want to send bank or credit card statements to your CPA/ third party first and then to your bookkeeper to catch unusual or fraudulent behavior.


This article was also featured in our newsletter NFP Advisor Vol. 21