I recently read an article discussing how approximately $1.2 billion in cash went missing from the coffers of MF Global Holdings, simply “vaporizing” in the wake of the company’ s collapse, according to The Wall Street Journal. It seems astonishing that they didn’t have the internal controls in place that would have prevented this from happening: the CEO and CFO certified that the company’s internal controls were effective less than 90 days before the company went bankrupt.
The following controls—which are always part of our standard reviews—could have prevented this massive loss.
Segregation of duties (SOD): Traditional internal control systems rely on assigning certain responsibilities to different individuals or segregating incompatible functions. The general premise of SOD is to keep an employee or group of employees from being in a position to perpetrate and conceal errors or fraud in the course of their duties by preventing one person from having both access to assets and the responsibility for maintaining the accountability of those assets. The principal duties to be segregated are custody of assets, authorization or approval of transactions affecting those assets, and recording or reporting related transactions.
Monitoring controls: Monitoring can refer to evaluations of internal controls, either ongoing or separate. These evaluations enable management to determine whether the components of internal control continue to function over time, identifying deficiencies and communicating them in a timely manner to the people responsible for taking corrective action and to management and the board.
Fraud controls: The risk of fraud can increase significantly when three factors—pressures/incentives, opportunity and rationalization, commonly referred to as the “fraud triangle”—are all present. Of the three, opportunity can most effectively be managed to address fraud risks by designing and implementing a control environment that prevents, detects and deters most fraudulent behavior, whether it’s conducted by employees, vendors, consultants or senior management.
Simply put, if these three controls had been in place, the money would not have disappeared. Therefore, the internal controls never existed.