Strengthening Your Organization’s Internal Controls – Keiter Knowledge Sharing

Insights from Keiter’s Fall Seminar on fraud and internal controls

Fraud remains a persistent threat to organizations of all sizes. At Keiter’s 2025 Fall Seminar, our Assurance specialists Amy Menefee, CPA, CFE, Scott McAuliffe, CPA, CISA, CFE, and Mary Margaret Sword, CPA, shared the latest statistics, practical strategies, and real-world examples to help businesses protect themselves from common fraudulent practices. Here are a few key takeaways from the session:

Factors that contribute to fraud risk

Fraud typically arises from a combination of three factors known as the “Fraud Triangle”:

1. Pressure: Motivations such as financial need or the desire to show better results.
2. Opportunity: Weak or absent internal controls make it easier for fraud to occur undetected.
3. Rationalization: Perpetrators justify their actions, often believing they deserve the benefit or that their actions are harmless.

According to the ACFE Occupational Fraud Report, 69% of fraud cases relate to poorly designed or missing internal controls. Key weaknesses include a lack of internal controls or management review, override of existing controls, and insufficient documentation and oversight.

The three main types of fraud

Fraud can be categorized into three main types:

1. Asset misappropriation is the most prevalent form, involving the theft or misuse of an organization’s resources, such as skimming, expense fraud, or payment tampering; while common, it typically results in the lowest financial losses.
2. Corruption refers to the abuse of influence for personal benefit, including practices like bribery and extortion.
3. Financial reporting fraud, while the least frequent, poses the greatest financial risk, as it involves the deliberate misstatement or omission of information in financial statements.

Detecting and reporting fraud

Tips are the most effective method for detecting fraud, especially when employees feel empowered to report suspicious activity. Active detection methods, such as management review, account reconciliation, and data monitoring, help limit losses. Most tips are reported to direct supervisors or executives, highlighting the importance of open communication channels.

Companies should incorporate both preventive controls, designed to stop errors and fraud before they occur, and detective controls, which focus on identifying issues after they have happened. Effective internal controls are necessary for:

• Protecting against fraud, errors, and regulatory noncompliance
• Providing accurate, timely data for decision-making
• Reducing audit risk and improving accountability

Internal control best practices

• Segregation of Duties: No single person should have responsibility for:
  • Authorization of transactions
  • Custody of assets
  • Recording transactions
  • Reconciliation and control activities

• Financial Review: Use month-end checklists, automate recurring entries, prioritize reconciliations, and analyze budget vs. actuals.
• Journal Entries: Limit access, maintain consistent support, and require independent review.
• Cash Disbursements: Validate vendor changes, use ACH payments, separate vendor maintenance from invoice processing.
• Cash Receipts: Deposit funds promptly, use lock boxes, limit cash transactions, and separate handling from posting.
• Payroll: Use third-party providers, review changes, reconcile payroll, and link HR systems.
• Information Technology: Limit system access, enforce strong passwords, conduct periodic reviews, implement multi-factor authentication, and provide security training.

Fraud prevention is an ongoing process. By understanding the risks, implementing robust internal controls, and fostering a culture of accountability, organizations can significantly reduce their vulnerability. Regularly review and update your controls, educate your team, and maintain open lines of communication to stay ahead of potential threats.

For more information or guidance, reach out to your Keiter Opportunity Advisor | Call 804.747.0000.