Reconciliation is the process of ensuring that two sets of records (usually the balances of two accounts) are in agreement.
Purpose of this countermeasure
Failing to reconcile records and accounts increases the opportunity for omissions and errors, and can allow fraud to go undetected.
Fraudsters will be less deterred from committing fraud and can take advantage of the weakness to avoid exposure.
Some examples of this type of countermeasure include:
- Monthly reconciliation of travel approvals in the HR system with trips booked via travel vendor.
- Acquittals and monthly reconciliation of credit card expenditure and receipts.
- Monthly reconciliation of overtime budgets against spending.
- Regular asset stocktakes.
- Reconciliation of assets ordered versus assets received.
This type of control is supported by:
- Governance, accountability and oversight
- Managerial, independent or expert oversight
- Staff are trained to apply correct processes and decisions
- Staff and contractor rotation
- Self-disclosure and reporting mechanisms
- A specific form, process or system must be used
- Information is verified
- Duplicates are prevented, identified and corrected
- Segregation of duties are applied
- Requests, claims or activities are approved by the appropriate decision-maker
- Data matching
- Data protected from manipulation or misuse
- Staff are trained and supported to identify and report fraud and corruption
- Tip-offs and Public Interest Disclosures
- Internal or external audits or reviews
- Documentation and evidence storage
How do I know if my countermeasures are effective?
You can apply the following methods to measure the effectiveness of these types of countermeasures:
- Confirm that the reconciliation is segregated from the processing, i.e. the same staff member cannot process and reconcile an activity.
- Review who has access to complete reconciliations.
- Process walk through – sit with a staff member while they complete a reconciliation.
- Confirm that a consistent process exists for reconciliations.
- Confirm that records cannot be manipulated. Test this if required.
- Review the process to determine if it would identify different methods of fraud.
- Conduct interviews, workshops or surveys with staff who complete reconciliations to measure their understanding and thoughts about fraud control policies.
- Check if and how reconciliation results are reported.