Internal Control/Anti-Fraud Program Design for the Small Business
eBook - ePub

Internal Control/Anti-Fraud Program Design for the Small Business

A Guide for Companies NOT Subject to the Sarbanes-Oxley Act

Steve Dawson

Share book
  1. English
  2. ePUB (mobile friendly)
  3. Available on iOS & Android
eBook - ePub

Internal Control/Anti-Fraud Program Design for the Small Business

A Guide for Companies NOT Subject to the Sarbanes-Oxley Act

Steve Dawson

Book details
Book preview
Table of contents

About This Book

A how-to guide to small business anti-fraud protection and internal control

Internal Control/Anti-Fraud Program Design for the Small Business is a practical guide to protection for businesses NOT subject to the Sarbanes-Oxley Act. Written by an expert with three decades of forensic investigation experience, this book is geared specifically toward private, non-public small businesses and their unique needs in the realm of fraud protection. Covering all elements of an internal control structure applicable to the small business community, this guide provides a step-by-step roadmap for designing and implementing an effective, efficient internal control structure/anti-fraud program tailored to your business's particular needs. Case studies are used throughout to illustrate internal control weaknesses and the fraud that can result, and follow-up analysis describes the controls that would have reduced the probability of fraud had they been in place. You'll learn how to analyze your company's internal control issues, and implement a robust system for fraud prevention.

Guidance toward Sarbanes-Oxley compliance is readily available, but there is little information available for the many businesses not subject to the act —until now. This book is the step-by-step guide for instituting an internal control program tailored to your small business.

  • Understand the five elements of internal control
  • Avoid gaps in protection with relevant controls
  • Design the ultimate anti-fraud program
  • Implement internal control tailored to your needs

The majority of small business owners simply do not know the elements of or implementation process involved in internal control, and Sarbanes-Oxley guidelines don't necessarily scale down. Internal Control/Anti-Fraud Program Design for the Small Business helps you design and install the internal control/anti-fraud protection your business needs.

Frequently asked questions

How do I cancel my subscription?
Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is Internal Control/Anti-Fraud Program Design for the Small Business an online PDF/ePUB?
Yes, you can access Internal Control/Anti-Fraud Program Design for the Small Business by Steve Dawson in PDF and/or ePUB format, as well as other popular books in Business & Auditing. We have over one million books available in our catalogue for you to explore.



The Anti-Fraud Environment: The Blueprints, the Foundation, the Ground Floor

I REMEMBER VIVIDLY THE EXPERIENCE OF BUILDING my own home. I still remember the dinner with my wife where we crouched over napkins, illustrating each detail of our dreams. As we left the restaurant, we blissfully knew that this was a great idea. Little did we know that our dream home construction would turn into the single most frustrating process of our lives.
Early in the process, after having looked through what seemed like hundreds of magazines and catalogues, we selected what we wanted for items such as faucets, cabinet hardware, and lighting fixtures. Yes, we had finished out our new home. Then it dawned on us that we had not even started the process of finding the architect or a home building contractor. Stepping back for a moment, we realized that some things have to come first, mainly all of the foundational work.
Similar to building a home, the construction of an effective anti-fraud program includes certain issues that must be addressed in the proper order.
First, there must be a plan; a framework must be designed, similar to an architect's blueprint for building a home.
Second, the foundation must be put in place on which to build the structure. Accordingly, certain foundational policies must exist to support the structure of an anti-fraud program.
Once the plan is in place and the foundation is down, the ground floor is ready to be installed. The ground floor, the fraud risk assessment process, is necessary to move forward.
Chapters 1 through 5 address all of these issues that, when approached in the correct order, will result in a reliable anti-fraud environment.

The Architect’s Blueprint
Establishing the Framework

IN 1992, THE COMMITTEE of Sponsoring Organizations of the Treadway Commission (known as COSO), developed and issued a framework for internal control design. According to its website,, “the Committee is a joint initiative of The American Accounting Association, The American Institute of CPAs, Financial Executives International, The Association of Accountants and Financial Professionals in Business, and The Institute of Internal Auditors. COSO is dedicated to providing thought leadership through the development of frameworks and guidance on enterprise risk management, internal control and fraud deterrence.”
The COSO internal control framework is a picture of the proper design of an internal control structure. It contains certain elements that must be included in developing internal controls as a part of an anti-fraud program. There have been certain modifications of the framework recently, but the overall elemental design has stood the test of time for more than 20 years.


The original COSO framework outlines five elements of internal control design: (1) the control environment, (2) risk assessment, (3) control activities, (4) information and communication, and (5) monitoring. While keeping with the intent of this structure, I have modified the names and format of some of these elements to best present the architect’s blueprint for the design process of the anti-fraud program. The revised six elements are shown in Figure 1.1.
Figure 1.1 Revised Six Elements
Each reference to program design in this book includes a categorization of the guidance into one or more of these elements. As the elements are addressed, more specific definitions of each will be provided. However, a basic description of each element is provided next to familiarize you with the concepts.


The anti-fraud environment is best described as the tone at the top. What is the level of concern for fraud prevention from the business owner, the board of directors, or those bodies tasked with governance of the company? If there is no concern from these parties, assuredly there will be no concern from those below. Conversely, if the owners or governing bodies of a company exhibit an appropriate concern for fraud prevention, then the staff should follow suit.
Evidence of these concerns is demonstrated through the anti-fraud environment: the environment that includes processes and policies established to address fraud risk. Specific best practices for the proper design of a sound anti-fraud environment are presented throughout further sections of this book.


In my experience, I have seen that fraud risk assessment is the most neglected of the six elements. I attribute this to the fact that fraud risk is a concept not dwelled on by most small business owners. Small business owners possess an entrepreneurial spirit, the ability to cast a vision, an understanding of their product or service, and the ability to profit from these attributes. Fraud prevention, accounting, and risk assessment are delegated to the accountants. We all have our own set of gifts and talents that, when working together, provide the best operating results for a company.
However, the responsibility for an effective anti-fraud program lies with those with governing authority over the company. Those individuals may certainly seek the advice of the accountant types in designing the anti-fraud program, but the overall responsibility cannot be delegated away from the governing body.
To illustrate, let’s look at one example of a risk assessment issue for a company. Assume Company A sells computer parts, such as chips and the numerous electronic insides of a computer. When considering the risk of fraud in a company like this, we would most likely focus on the sales, billing, and collection processes more than the inventory processes. The risk of fraud in the inventory area may be relatively low since electronic components, while costly in nature, are not necessarily susceptible to quick conversion to cash. Some rogue employee swipes a handful of computer chips. What can the employee do with them? Unless he happens to be a participant in a major underground market for these chips, he probably won’t profit much in the way of cash. So the risk assessment team will focus less on inventory fraud risk and more on the sales, billing, and collection areas.
Conversely, Company B sells the computers that use Company A’s chips and electronics. Now, when considering inventory fraud, there is a whole new level of risk. Company B has a warehouse full of laptop computers. These items are relatively small, fit in a backpack, and are easily converted to cash through sales on the street. A rogue employee carries off a couple of laptops in his backpack every day and sells them on the street for $500 each. That’s $1,000 per day. Over the span of 20 working days per month, that adds up to $20,000, or $240,000 annually—which, in my opinion, isn’t bad beans! Therefore, Company B’s fraud risk is in inventory, whereas Company A’s lies in another area entirely.
This type of thought process is necessary to understanding how to perform a fraud risk assessment. Because of the importance of this aspect of the framework, an entire chapter is devoted to this subject.


This element of internal control is represented by the actual checks and balances that exist. Con...

Table of contents