Week 12 — Internal Controls & Fraud Prevention

Overview

Week Overview

Week 12 introduces internal controls — the policies, procedures, and checks that organizations use to protect assets, ensure reliable financial reporting, and prevent fraud. Students learn how segregation of duties, approval workflows, and strong documentation standards reduce fraud risk and support accurate bookkeeping.

Objectives

Weekly Learning Objectives

By the end of this week, students will be able to:

Define internal controls and explain why they are essential to accounting.
Describe the fraud triangle and relate it to real-world fraud risks.
Apply segregation of duties in typical bookkeeping workflows.
Explain the purpose of approval workflows and authorization limits.
Identify documentation standards needed for a strong audit trail.
Classify controls as preventive, detective, or corrective.
Recognize common red flags that may indicate fraud or control breakdowns.
Follow and support internal control procedures in daily bookkeeping tasks.

Concept 1

What Are Internal Controls?

Internal controls are the policies and procedures designed to ensure:

Accurate and reliable financial information.
Protection of assets from loss or misuse.
Compliance with laws, regulations, and policies.
Prevention and detection of errors and fraud.

The bookkeeper’s role: Follow established controls, maintain documentation, report issues, and support audits.

Concept 2

The Fraud Triangle & Fraud Risks

Students learn the classic fraud triangle model, which explains why fraud occurs:

Pressure: Financial or personal stressors.
Opportunity: Weak or missing controls that make fraud easier.
Rationalization: Justifications like “I deserve it” or “I’ll pay it back.”

Key point: Strong internal controls are designed to reduce opportunities for fraud.

Common bookkeeping fraud risks:

Creating fake (ghost) vendors or employees.
Diverting customer payments or misposting cash receipts.
Submitting false reimbursement claims.
Altering invoices, checks, or payment details.

Concept 3

Segregation of Duties (SOD)

Segregation of duties is a key control principle stating that no single person should control authorization, custody, and recordkeeping for the same transaction.

Function	Example Role	Notes
Authorization	Manager / CFO	Approves purchases, payments, and adjustments.
Custody of Assets	Cashier / Warehouse staff	Handles cash, checks, inventory, or equipment.
Recordkeeping	Bookkeeper / Accountant	Records transactions in the accounting system.

Students analyze workflows (e.g., cash receipts, AP, payroll) to identify when one person has too much control and how duties can be separated.

Concept 4

Approval Workflows & Authorization Controls

Approval workflows ensure that transactions are authorized by someone with the appropriate level of responsibility before they are processed.

Examples:

Purchase orders must be approved before orders are placed.
Invoices must be matched to purchase orders and receiving documents (3-way match).
Expense reports require manager approval and receipts.
Timecards and overtime must be approved before payroll processing.

Approval limits:

Supervisors can approve up to a set dollar amount (e.g., 2,500).
Managers or controllers approve larger amounts.
CFO or owner approves very large or unusual transactions.

Concept 5

Documentation Standards & Audit Trails

Good documentation provides evidence that a transaction is valid, properly authorized, and recorded correctly.

Examples of required documentation:

Vendor invoices showing vendor name, date, description, and amount.
Purchase orders and receiving documents.
Customer invoices and contracts.
Receipts for employee reimbursements.
Bank statements and bank reconciliations.
Payroll records (timecards, rate approvals, pay summaries).
Journal entry support (calculations, memos, approvals).

Key rule: If it isn’t documented, it may be treated as if it didn’t happen.

Concept 6

Types of Controls: Preventive, Detective & Corrective

Students classify controls into three broad types:

Preventive Controls

Segregation of duties.
Approval requirements and authorization limits.
System access controls and user permissions.
Vendor onboarding procedures.

Detective Controls

Bank and account reconciliations.
Exception and variance reports.
Audit logs and system history.
Physical inventory counts and surprise cash counts.

Corrective Controls

Policy changes and process improvements.
Additional training after an incident.
Adding or tightening system restrictions.

Concept 7

Red Flags & Fraud Indicators

Common red flags include:

Missing, altered, or inconsistent documentation.
Duplicate or unexplained payments.
Vendor addresses matching employee addresses.
Unusual write-offs, voids, or manual adjustments.
Employees who refuse to take vacations or share duties.
Sudden lifestyle changes not explained by salary.

Students review short case studies and identify which red flags were present and which controls failed or were missing.

Concept 8

The Bookkeeper’s Internal Control Checklist

Day-to-day responsibilities that support strong internal controls include:

Following approval workflows for all payments and adjustments.
Maintaining complete and organized documentation.
Performing or supporting timely reconciliations (bank, credit cards, subledgers).
Respecting segregation of duties and not bypassing controls for convenience.
Keeping system logins and passwords confidential.
Reporting unusual or suspicious transactions promptly.

Activities

In-Class Activities

1. Segregation of Duties Mapping

Students examine AP, AR, and payroll workflows where one person performs multiple tasks. They identify control gaps and rewrite the workflow to improve segregation of duties.

2. Fraud Case Study Analysis

Students read a short fraud scenario and answer: Which controls failed? What red flags were present? How could the fraud have been prevented or detected earlier?

3. Documentation Review Lab

Students evaluate sets of documents supporting transactions (invoices, POs, approvals, receipts) and decide whether documentation is sufficient, incomplete, or missing.

4. Control Classification Exercise

Students are given a list of controls (e.g., password policies, bank reconciliations, training) and must classify each as preventive, detective, or corrective with a brief justification.

Homework

Homework Assignments

Assignment 1: Internal control assessment — analyze a sample workflow diagram and identify missing or weak controls.
Assignment 2: Fraud scenario worksheet — for several scenarios, identify the fraud type, failed control, and proposed fix.
Assignment 3: Documentation audit — review a set of transactions and mark which ones have adequate support.
Assignment 4: Audit trail writing — write short, clear audit trail descriptions for five example journal entries.

Discussion

Discussion Board Prompt

Why is segregation of duties considered one of the most powerful internal controls? Give an example of a situation where combining authorization, custody, and recordkeeping in one person could create an opportunity for fraud.

Quiz

Quiz Topics for Week 12

Definition and purpose of internal controls.
Elements of the fraud triangle.
Segregation of duties and examples.
Approval workflows and authorization limits.
Documentation standards and audit trails.
Types of controls: preventive, detective, corrective.
Common fraud red flags.
The bookkeeper’s role in maintaining and supporting internal controls.

Summary

Week 12 Summary

Week 12 emphasizes that good bookkeeping is not only about recording transactions, but also about protecting the organization through effective internal controls. By understanding segregation of duties, approvals, documentation, and red flags, students learn how to help prevent and detect fraud in real-world accounting environments.

These concepts prepare students for future topics such as audits, risk management, and compliance in more advanced accounting and auditing courses.