Management establishes the tone at the top and the standards followed by an entire organization. A good place to begin establishing a constructive tone at the top is by adopting a written code of ethics. For the code to be of any value, it must first be followed by management and then communicated throughout the organization. The code of conduct should be consistently enforced throughout all levels of the organization and transgressors appropriately punished. Newly hired employees should be made aware of the code of conduct and the consequences of failing to comply.

Management should also periodically review policies and procedures that involve internal controls and fraud prevention and make sure those policies and procedures are up-to-date and enforced. Management should consider setting up a process for employees to report potentially fraudulent activities like a hotline, or confidential contact in the legal or human resources department.

Management should be aware of, and come to understand the purpose and operation of, their organization’s controls and should periodically review them for effectiveness.                            

Risks Risks Risks
Accounting Data Accounting data can be compromised as easily as inventory or cash. Criminals can do considerable financial damage by manipulating accounting records as well as by physical theft.

Protect all servers and computer workstations with passwords.

Hire a third-party network security expert to secure access to files.

Compare internal financial data with bank statements and financial documents to ensure records remain accurate.

Separate duties.

Conduct independent audits.

Prepare internal reports.

Helpful Links:

An intentionally or unintentionally weak internal control environment that permits, encourages or disguises fraudulent activity.

Reluctance to provide information to auditors

Managers engage in frequent disputes with auditors

Management decisions are dominated by an individual or small group

Managers display significant disrespect for regulatory bodies

Accounting personnel are lax or inexperienced in their duties

Decentralization without adequate monitoring

Because of management's ability to override and circumvent controls, the threat of management-related fraud is always present and, if it exists, hard to prevent. A code of ethics is one of the tools any organization--private or public sector–should adopt and enforce.

Management does not emphasize the role of strong internal controls

Management does not prosecute or punish identified embezzlers

Management does not have a clear position about conflicts of interest

Highly placed executives are less than prudent or restrained on expenditures for travel and entertainment, furnishings of offices, gifts to visitors and directors, etc.

Internal auditing does not have authority to investigate certain executive activities

Accounting policies and procedures are lax, non-existent, undocumented or unenforced.

Frequent changes in external auditors

Excessive number of year end transactions

Excessive number of management overrides of policies or procedures

No monitoring of effectiveness of internal controls

Low employee morale is pervasive

Unexpected overdrafts or declines in cash balances

Refusal by agency or division to use serial numbered documents if required (e.g. receipts)

Compensation program that is out of proportion to standards

Any financial transaction that doesn’t make sense - either common or business

Contracts that result in no product or service

Missing documents

Management ignores irregularities

Staff is not trained

Lack of oversight

Lack of fraud hotline or a failure to support whistleblower programs

Failure to respond to identified issues

Lack of management understanding or support for systems, processes and controls

No checks and balances

No segregation of duties

Improper use of funds

Subordinates signing for managers

High personnel turnover

Employee overly protective of information or is reluctant to train others

Annoayance at reasonable questioning

Providing unreasonable responses to questions

Refusing vacations or promotions for fear of detection

High employee turnover rate, especially in areas more vulnerable to fraud

Lack of segregation of duties in areas more vulnerable to fraud

Rewriting records under the guise of neatness in presentation

National Association of State Controllers (NASC) Control Questionnaire for Control Environment

Association of Certified Fraud Examiners (ACFE) Management/Key Employee Assessment

KnowledgeLeader's Fraud Detection: Red Flags

When a number of red flags are present, sometimes the best course of action is to notify the entity's external auditors.

Collusion With Employees or Other Vendors on Bids/Awards

Procurement files are missing standard forms and/or signatures.

Competitive process was not followed.

Ensure that all required forms are submitted prior to contract award and verify information provided.

Ensure contracts are awarded in accordance with applicable procurement processes, laws, regulations and sound business practices.

Conflicts of Interest

Failure to file financial disclosure forms.

Employee declines promotions.

Vendor/contractor and employee address/phone match.

Sometimes an employee has a direct or indirect interest in a vendor. This may cause the employee, if he or she is in the position to do so, to favor the vendor or contractor in which he or she has an interest. Conflicts of interest can result in higher contract costs, significant contract changes, and purchases of goods or services not needed.

Damage Products get damaged during normal business operations. Some products have a higher risk of damage than others.

High risk damage products need special inventory control policies in place to minimize damage.

Helpful Links:

False Billing

Frequent invoice/voucher errors.

Claims for unallowable costs.

Double counting costs as both direct and indirect.

Unauthorized changes.

Payments made that are unsupported by invoices.

Misdirection- goods or services to be delivered to the business or job site are delivered, instead, to an employee's home.

Double billing.

Improper indirect cost pool components.

Altered/missing documents.

Irregularities between styles/logos found on stationary/invoices/statements.

Documents presented as originals are actually photocopies.

Failure to claim discounts.


Any of these red flags can and frequently do point to false billing schemes. It is important that vendor management work with accounts payable to identify and follow up should any pattern of these Red Flags develop. Software exists that can be used to identify some these patterns, such as double billing. Other false billing fraud can be reduced by introducing policies that require expenditures be properly supported by documentation. Segregation of duties and appropriate review of documents by someone outside of vendor management, procurement and accounts payable also make the perpetration of these types of fraud more difficult.

False Pricing Data

Frequent invoice/voucher errors.

Poor cost documentation.

Material mischarging - price.

Material mischarging - quantity.

Material mischarging - quality.

Restricted/delayed access to records.

Some contracts are based upon cost recovery or cost plus profit. A common fraud is to overstate the cost or use of materials. Since costs, prices and quantities are being manipulated (the vendor's records are not being used to produce the invoice), errors are more common than is normal. To cover the manipulation up, a vendor often does not provide appropriate documentation to support the billing and/or restricts access to records. When applicable, contracts should allow the buyer unrestricted audit rights. Also, material utilization rates should be checked against budgets/plans/expectations/industry norms. Prices should be verified against market prices. Goods received should be physically inspected to determine appropriate quality and quantity.

False Time Records

Labor mischaring- time.

Labor mischaring- rate.

Professional fees with large sums charged for "services rendered" but with few details.

Restricted/delayed access to records.

If the actuals are equal to or very close to budget estimates.

Altered time cards.

Time cards filled out by management.

Inconsistencies between time cards and charges.

Job misclassification.

The actual amount of labor that will be required to complete a task is often difficult to predict. When the actuals equal the estimates, it may be a cause to investigate.

Some work needs to be done by licensed professionals. Administrative tasks should not be billed at the professional rate.

When auditing vendor time cards, alterations or execution by managment are both signs of potential trouble. Extend audit procedures to identify patterns of fraudlent activities.

Always require professional invoices to have sufficient detail. Review the detail for reasonableness. If suspicions arise, examine the time sheets or time cards.

Fraud, Waste and Abuse

Inadequate grant monitoring processes.

Unrealistic performance targets.

Lack of risk assessment.

Missing communication channels.

No fraud reporting hotline.

State of Oregon Internal Controls/Best Practices for Federal Grant Management and Monitoring
Fraudster Tries to Reroute Payments From a Legitimate Vendor

Change in address, bank account info is not signed by an authorized agent of the vendor.

Documents submitted are not on official vendor stationery.

Establish process to verify that all changes to vendor records (name, address change, bank account) are submitted by an authorized vendor signatory, and approved by an agency signatory.

Displaying results 1-10 (of 37)
 |<  < 1 - 2 - 3 - 4  >  >|