Although internal controls are designed to protect a company against fraudulent schemes by its employees, all too often those controls prove  to be ineffective.

This happens most frequently when senior personnel in the  company collude to cover up a fraudulent scheme in which they have been engaged.

Many of the recent major frauds that have been in the  headlines were conducted by employees in senior management positions.

two business men discussingWhen fraud at that level is conducted by one individual,  internal controls will eventually catch the perpetrator. But when senior management personnel act in collusion to steal from the organization they are  supposed to be managing, fraud can go undetected for a long period – and result  in severe losses.
Median losses caused by fraud  committed by nonmanagement employees is $80,000; by managers $200,000; and by executives a whopping $723,000, according to the Association of Certified Fraud Examiners 2010 Report to the Nations. When  managers and employees conspire, losses are even higher and the detection times much longer.
Senior personnel can often act out of sight of other  employees, who might otherwise become suspicious about unusual conduct.  Moreover, senior personnel are often the very persons responsible for ensuring that the internal control structure functions properly. As such, in some organizations, they may operate without meaningful oversight except by one  another. When the corporate watchdogs act together to defraud the company, it  is difficult for those on the inside to detect the fraud or to stop it.
For very small companies, it is difficult to construct an  effective internal control structure because management consists of a very  small group of people, or even a single person. If management is the problem, there is no one for an employee who discovers or suspects a fraud to go to  other than the authorities. This decision may carry some risk. Having at least  one director or investor who is not involved in management gives an employee  who suspects fraud somewhere to go.
For any organization, a strong internal audit function may  be the best guard against employee thefts. An internal auditor, or even an external auditor, who comes in periodically to review all company transactions,  provides a mechanism by which fraud can be detected and reported.
For the audit function to be effective, procedures must be established so the auditor has access to documentation relating to all transactions. In addition, there must be procedures for safeguarding those  documents from alteration or destruction.
Preservation of the documents in electronic read-only form  is perhaps the most effective method, particularly with a system that keeps a  record of when the document is created and when any attempts at modification  were made.
Creating the internal audit function and assuring  preservation of and access to key information is only part of the job. It is  equally important to assure that the auditor has someone to report to, either within the organization or outside.
When there is a nonmanagement director on the board, or  where an effective audit committee exists, the auditor must have the authority to report any suspected irregularities directly to that person or committee.
If there are no independent directors, the internal auditor  should still have the authority to report to an outside investor or oversight committee if necessary.
While some companies will prefer to hire their own  internal auditor, a CPA can be engaged to act as the “external” internal  auditor. Independence rules will generally require that the CPA who performs the external audit not also be the organization’s financial statement auditor.
Every accountant who audits financial statements knows that detecting a collusive fraud is difficult at best. The creation of an internal  or external audit function to oversee a company’s transactions and financial  record keeping as they are occurring can be a vital step in assuring that the  system of internal controls is not frustrated or rendered ineffective from within.