Strong Internal Controls Can Help Deter Manufacturing Industry Fraud

To reduce the chances of loss, manufacturers and distributors must recognize unprotected areas and build strong, consistent internal controls to prevent, detect and correct fraud.

It almost always comes as a surprise when a business uncovers fraud or theft, especially when a trusted employee lurks behind the trouble. But once the initial shock fades, company owners and executives may look back and find clues. Perhaps someone had unsupervised access to warehouse merchandise, or one employee handled nearly all financial documents, or a worker faced dire personal financial issues.  

No industry is immune from fraud, and losses in manufacturing and distribution can be particularly high, according to the Association of Certified Fraud Examiners (ACFE) in its Report to the Nations 2018 Global Study on Occupational Fraud and Abuse. The median loss per case in manufacturing industry fraud was $240,000, and the median loss in transportation and warehousing was $140,000 per case. Across all industries, ACFE found the median loss per case was $130,000.  

Much of the sector’s vulnerability comes from the sheer volume of materials and products coming and going. Several steps are involved in documenting the arrival and use of parts, and in the departure and distribution of finished goods. In many cases, a single floor manager may oversee all of those steps. And each step can be an opportunity for theft or fraud. Technology introduces ever more vulnerabilities; as the sector becomes more dependent on it, employees who have access to that technology have the potential to commit significant fraud.  

To reduce the chances of loss, manufacturers and distributors must recognize unprotected areas and build strong, consistent internal controls to prevent, detect and correct fraud.  

Best Practices for Managing Fraud Risk 

Internal controls may be based on existing frameworks, such as the  Internal Control–Integrated Framework by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). There are four main types of internal controls: preventative, detective, directive and corrective. While specific internal controls should be tailored to a company’s size and other attributes, the following principles are relevant to nearly every manufacturing and distribution company: 

  1. Conduct background checks on potential and current employees. This is one of the simplest internal controls to implement and should not be neglected.  

  2. Assign specific employees to oversight roles.  

  3. Segregate financial duties whenever possible. For example, you should task more than one person with authorizing and recording transactions and balancing accounts. In larger companies, several people are usually involved in handling critical functions, but that isn’t always true in smaller organizations. Many companies in the manufacturing and distribution space have been victimized by a trusted employee who was not well-supervised and who was in position to oversee the entire transaction cycle, from approving orders, through cutting checks, to approving payments. Try to split up these processes.  

  4. Documentation should define each position’s duties in writing and should outline policies and procedures in detail. That means defining who checks in parts and supplies, who documents where they go, who approves shipping requests, or who manages the purchasing of various items. Also, you should document key financial details such as how cash is managed; who handles the banking, accounts receivable and payable procedures; and how and when financial statements are reconciled and recorded. Approvals and authorizations should delineate clear lines of responsibility. 

  5. Divide tasks into smaller chunks, which both allows for greater transparency and enables segmented duties to be easily assigned and re-assigned. Thus, no one person is the “czar” of any department.  

  6. Restrict IT system access so individuals are only able to use the parts of your system that are required for their jobs.  

  7. Have people sign off on their work. Otherwise, knowing who did what and when can be difficult, or almost impossible.  

In addition to preventative controls, which can minimize the chances of fraud, businesses should also implement fraud detection measures to find errors or irregularities after they have occurred.  

For example, reviewing bank reconciliations is one commonly used detective control. Requiring mandatory vacations is another. By forcing each employee to take time away from his or her job, you will have more opportunities to detect any fraud that might be tied to that employee. Segregating financial duties as mentioned above makes a mandatory vacation policy easier to enforce. 

Internal controls are essential to identify and mitigate your company’s vulnerabilities. One highly effective way to shore up your controls is to engage risk advisory professionals to interview employees, learn details about typical processes across the entire enterprise and evaluate the internal controls you may already have in place.  

But even the best internal controls will not function optimally unless they are managed and monitored. It’s understandable that these tasks often move to the back burner, as company management is primarily focused on growing the business and looking ahead. That said, you can hire an outside firm to evaluate your internal controls, but it’s also important to set aside time to do so directly. Reviewing sales, expense accounts, payrolls, invoices, and shipment arrivals and departures pays off in preventing and detecting fraud.  

Many Roles to Play 

Your employees, suppliers and customers can also play an important role in identifying or reducing fraud. According to ACFE, nearly 45 percent of the fraud that manufacturers detected during 2018 came from tips, as did 37 percent of the detections at distributors. In addition to training people to spot fraud and encouraging them to report it directly, consider establishing a hotline that includes the opportunity for anonymity (or at least confidentiality), and make your customers and vendors aware of the hotline by including it in contract terms and conditions.  

Data analytics and IT monitoring are also essential components of fraud detection. Artificial intelligence (AI) systems can flag suspicious transactions or out-of-the-ordinary events. While these tools may seem daunting, the right advisor can assist you with these platforms. 

Understanding Fraud Risk Factors 

It’s also helpful to understand how and when fraud tends to occur. Studies show that a constellation of elements typically underlie successful frauds: pressure, rationalization and opportunity (otherwise known as “the fraud triangle”). Typically at least two of the three elements will exist for a person to commit fraud. For example, it might start when an employee is facing financial pressures, which might include divorce, high medical bills or other life events (i.e., pressure). That employee may rationalize his or her actions with thoughts such as, “The company doesn’t need this money as much as I do,” or, “I deserve more after all my years of service” (i.e., rationalization).   

An employee’s role or position within the company can present opportunity for fraud. ACFE’s research says the top departments where fraud perpetrators work vary by sector: 



Sales – 11 percent 

Operations –  6 percent 

Purchasing –  11 percent 

Executive/Upper Management –  15 percent 

Accounting – 15 percent 

Accounting – 14 percent 

Regardless of position within the organization, there are common behaviors that many (but not all) fraud perpetrators may engage in. Individuals in oversight roles should be trained to keep an eye out for employees living beyond their means, those with unusually close associations with vendors or customers, employees experiencing financial difficulties, and those who are unwilling to share job duties. Any of these could be signs of fraud, although plenty of employees with these behaviors are doing nothing wrong.  

Fraud may not be entirely preventable, but it can be battled. Experienced risk advisory professionals can assist you in evaluating your internal controls and managing fraud risk across your organization. A combination of appropriate internal controls and written policies and training, with proper oversight by business leaders, can greatly mitigate the risk of internal fraud and theft, and minimize the losses that happen when it does occur. 

Frank Peña, CPA,  is an Assurance & Advisory Services Principal at Kaufman Rossin.

More in Operations