Concepts of Fraud Prevention

It is important to distinguish between Internal Audit's role and University management's role concerning fraud. Many individuals believe that frauds and other transgressions are only the concern of Internal Audit and Campus Police. However, this is incorrect. University management is responsible for maintaining an adequate system of internal control by analyzing and testing controls. Internal Audit's role is to independently evaluate the adequacy of the existing system of internal control. We also perform fraud investigations, and promote a positive control environment throughout the University.

Fraud takes many forms. Some examples include: embezzlement, kickbacks, theft, fraudulent financial reporting, environmental crimes, software piracy, bid rigging, computer-related crime, identity theft, credit card fraud, check fraud, fraudulent workers compensation claims, ghost employee schemes, expense report schemes, "dummy" vendors, unreported conflicts of interest, etc.

Most people who commit fraud against their employers are not career criminals.  The vast majority are trusted employees.  So the question is, what factors cause these otherwise normal, law abiding persons, to commit fraud?  To understand why individuals commit fraud, we must understand the fraud triangle.  The risk of fraud occurring is contingent upon a combination of factors affecting an employee:  pressure, rationalization, and opportunity.

Pressure can be due to personal financial problems, personal vices such as gambling, drugs, etc, or a desire for status symbols.

Rationalization occurs when an individual develops a justification for their fraudulent activities.  Some examples include:

• “I really need this money and I’ll put it back when I get paid.”
• “I just can’t afford to lose everything—my home, car, everything!”

Opportunity is generally provided through weaknesses in internal controls.  Some examples include:

• Lack of supervision and review
• No separation of duties
• Inadequate approvals

There are two approaches to help reduce fraud risk:  prevention and detection.  The best approach is to prevent illegal and inappropriate acts from occurring in the first place.  As a BC employee, you are responsible for ensuring departmental funds, property and equipment are safeguarded from loss.  The following procedures can be adopted to help reduce the risk of fraudulent activity:

• Ensure that transactions are accurate and complete.
• Create adequate documentation for all critical processes.
• Provide adequate separation of duties.
• Establish sufficient safeguards over all assets.
• Institute formal policies and procedures.
• Perform periodic physical inventories.
• Ensure that only authorized personnel have access to critical transactions.
• Confirm that funds are collected and deposited to the appropriate account.
• Establish procedures to reconcile all accounts.

It is important to recognize that as a Boston College employee, you have stewardship responsibility for safeguarding University assets under your purview.

Each University employee is further expected to report any instance of suspected fraud to the Director of Internal Audit.  If an instance of suspected fraud is reported instead to a supervisor, chairperson, director, dean, vice president, or other responsible person, that person is to report the instance to the Director of Internal Audit.

Related useful web sites: