Internal Controls Help Construction Industry Fight Fraud
According to the Association of Certified Fraud Examiners (ACFE) Report to the Nations on Occupational Fraud and Abuse, 2014 Global Fraud Study, the median loss per fraud scheme in the construction industry is a staggering $245,000. For most small and mid-size companies, a loss of this magnitude can be devastating. These fraud schemes can be carried out by employees, owners, subcontractors, vendors, and joint venture partners. The construction industry is even more vulnerable to fraud than other industries, because companies often have widely dispersed spending authority across numerous project managers and field supervisors. Implementing controls can also be difficult when operations are spread out geographically.
Successfully mitigating fraud risk entails understanding the motivations of fraudsters, recognizing behavioral red flags, identifying the areas of risk, and implementing controls to mitigate risk.
Motivations to commit fraud
The well-known fraud triangle theory states that those who commit occupational fraud tend to have a perceived financial need. Financial pressures often come from personal problems such as addictions, divorce, debt, spousal job loss, or health issues. But they may also stem from poor financial decisions or living beyond one’s means. In any case, life situations often provide the motivation that is the first step toward fraud.
Fraudsters frequently do not have criminal records. They may rationalize their actions by convincing themselves that the fraud is acceptable; the money is just a loan; that they’ll pay it back. Or they may persuade themselves that the company doesn’t need or won’t miss the assets. Some rationalize fraud because they feel they aren’t compensated fairly or they have been slighted by a supervisor. But even with rationalization and motivation present, the third necessary ingredient is the opportunity to commit fraud.
Fraud opportunities in construction
It can be difficult for management to influence an employee’s motivations or rationalizations, but by limiting opportunities for fraud, the organization can reduce risk. The ACFE notes the construction industry’s most common fraud schemes include the following:
- Corruption — In the construction industry, this category includes conflicts of interest, bribery, illegal gratuities, and economic extortion.
- Billing — Invoices are submitted for fictitious goods or services or from fictitious vendors. Invoices may also be inflated or for personal purchases.
- Expense Reimbursements — Employees make claims for fictitious or inflated business expenses.
- Check Tampering — Fraudster may intercept, forge, or alter checks drawn on one of the organization’s bank accounts in order to divert assets.
- Bidding — Personnel may gain unauthorized access to confidential bidding information and share bids with contractors.
A lack of formalized policies and procedures and poor segregation of duties are common control weaknesses that provide these opportunities. Therefore, organizations should periodically perform formal risk assessments and internal control reviews to identify areas of risk.
Often times, employees will exhibit certain behavioral clues that should prompt a closer investigation of their work. By recognizing these clues we may identify fraud early and minimize its costs. Some of these behaviors include:
- Close relationship with vendors — Strong relationships are important in the construction business, but close relationships between contractors, subcontractors, employees, and owners can lead to inadequate review processes and informal agreements outside of established controls.
- “Wheeler-dealer” attitude — Field supervisors and project managers that intentionally work outside of prescribed control procedures are, at very least, ignoring your business practices.
- Control issues — Employees who are over-protective of data or documents, who never take vacations, or refuse to let others help them may need to control their environment to keep their schemes hidden.
Mitigating risk with internal controls
After identifying risks and watching for red flags, the next step is to implement controls where the risk of fraud is greatest or where the consequences of fraud would be most damaging. The following are crucial elements of a successful fraud prevention program:
- Tone at the top — Strong values trickle down; employees reflect the behavior of their bosses.
- Formal procedures for receipts, payments, payroll, inventory, vehicles, and equipment
- Tools such as segregation of duties, lockboxes, dual check signatures, direct deposit, and the automated fraud detection tool Positive Pay
- Consistent policies and procedures across the organization
- Whistleblower hotline or a secure means for people to communicate concerns
- Disclosing and monitoring conflicts of interest
- Right-to-audit clauses and surprise audits
- Formal review and approval of vendors and subcontractors, including monitoring of policies requiring multiple bids and on-going vendor management, and new vendor set up
- Data analysis to assess effectiveness of controls and compliance with procedures, and to identify questionable transactions
How we can help
CliftonLarsonAllen can help you understand fraud. Whether you are responding to a fraud allegation or simply need a better sense of the risks your company faces, CLA’s industry-specialized team can perform risk assessments, recommend controls, and help you explore best practices. Our forensic data analysis practice can extract, interrogate, and analyze your data for anomalies indicative of fraud and other types of misconduct as part of internal investigations or external litigation. We can help you understand your risks and take specific steps toward mitigation.