Defining Fraud ..............................................................................................
Fraudis a deliberate misrepresentation of events that causes another person
to suffer damages, usually monetary ones. Fraud — or the opportunity to be
fraudulent — is all around us. We are faced with the opportunity to commit
fraud every day. We can walk out of grocery stores with items we haven’t
paid for, either by accident or on purpose. How we respond to a situation —
either returning or concealing the items — depends on our situation,
integrity, and character.In companies, through lack of compliance and bad governance, employees are
presented with opportunities for fraud all the time. The onus is on manage-
ment to ensure that these opportunities are as rare as possible. Management
must be proactive about fraud, removing the conditions from the workplace
where fraud can occur.106 Part II: Diving into GRC
Preventing the abuse of power
by segregating duties
In the U.S. government, the well-known doctrine
of separation of powers ensures that the execu-
tive, legislative, and judicial branches don’t have
undue control over their respective branches of
government. In the world of business, this con-
cept is called segregation of duties (SoD). The
concept of segregation of duties has been in
place in the business world for quite some time,
but it is now being more fully implemented in the
U.S. and around the world, due to laws like
Sarbanes-Oxley and J-SOX.
Segregation of duties involves dividing up job
functions so that the likelihood of fraud is
greatly diminished and putting controls in place
to ensure that key processes can be monitored.
SoD helps ensure that no one party has too
much power, much like in government, and that
when two or more parties collude to commit
fraud, it is detected before it is too late. Without
such oversight, a single party or group could
commit fraud, leading to damage of the institu-
tion and its shareholders, as was the case in the
Barings Bank scandal (see the “The BaringsBank scandal — Operations risk extraordi-
naire” section for more information).
Segregating duties follows a pattern. This pat-
tern helps keep key employees of a business in
check. It starts with identifying a function that
must be performed — a function that the com-
pany cannot afford to eliminate. This function,
in order to be carried out, involves a power that
could potentially be abused.The functions to examine in this way generally
fall within four categories of duties or responsi-
bilities: authorization, custody, record keeping,
and reconciliation. In a perfectly segregated
system, different employees would perform each
of these four major functions. One person should
not control two or more of these responsibilities.
Sometimes, a branch office is too small to assign
these functions to different people and one
person musttake on more than one of these
functions: In this case, a manager is assigned to
oversee all of that person’s transactions. This is
an example of a mitigating control.