Download (direct link):
We may wish to look to Senge and others for guidance on how such constructs operate. Being in a learning organization may be a new experience for many of us, but for those who have experienced them, they bring a new richness and sense of adventure and discovery to work. One does not go to the office every day for more of the same. Certainly, the organization’s work must get done, and these efforts are not a form of endless brainstorming sessions or advanced stargazing. They are hard and serious work that needs to get done while the routine business continues. In this regard, they can be demanding. The reward comes in not only peeling back the onion to see what the next layer looks like, but also in gaining an enhanced understanding of what the mission of the organization is all about. In that regard, it is the most efficient form of organization when great things need to get done, and it can also be a lot of fun, personally and professionally.
Controls are, in many ways, the bedrock infrastructure of the organization’s defensive system against fraud and other types of business risk. They have been described in this role as follows:
Internal controls are the first line of defense against fraud within any organization. A comprehensive, fully implemented, and regularly monitored system of controls is essential to the prevention and detection of losses that arise from fraud. Internal auditors who understand the various types of fraud and their relative rates of occurrence will be more likely to recognize any red flags and be better prepared to fight the high organizational cost of corruption.1
The Fraud Examiners Manual of the ACFE has a chart that breaks down the three main categories of occupational fraud: corruption, asset misappropriation, and fraudulent statements. The chart then subdivides these broad categories into eight major classifications of fraudulent activity, and further segments these into more than 40 subclassifications.2 Suffice it to say that each of these areas has various financial controls that surround it. Some of these controls are unique to the organization, and others are specified by the Generally Accepted Accounting Principles (GAAP) of the American Institute of Certified Public Accountants (AICPA).
The emphasis of this book has not been on organizational control programs and techniques, although they play a significant part in the future of the forensic profession. There are two reasons for this approach. The first is simple volume. A hierarchy of GAAP pronouncements alone has five levels, containing 20 sources of accounting guidance, from Financial Accounting Standards Board (FASB) Statements of Financial Accounting Standards to AICPA Practice Bulletins. Several books of this size could easily be written about technical issues in any of these areas.
The second reason is even more basic: A very common reason many occupational frauds occur is not because there was some defect in the content of the written controls. Often, they are fine. The problems typically occur because there are no controls at all, or the ones in place are not being followed. Almost all occupational frauds involve a failure of controls, but this failure is often one of absence or application, and not content. This is a subtle, but significant, distinction. Now we involve humans, and humans can do terrible things to controls, even if they are not intent on committing fraud or facilitating it. Inexperience, laziness, ego, impatience, inadequate staffing, and pure sloppiness can come into play. For example, it is not unusual to encounter the scenario wherein the star performer, highly visible and lauded frequently by management, has an attitude that “controls do not apply to me.” In this context a star performer can be a person, unit, office, or even corporate division. They are often successful in deflecting attempts to subject their activities to controls procedures, for they have their success to shield them.
A reader of Internal Auditor magazine reflects this view in a letter to the editor that appeared in the April 2002 edition. Barry Lipton, CPA and DABFA, wrote:
After 35 years in the field of internal auditing, I am of the opinion that systems are generally in place. My experience tells me business failures and incidents of financial statement fraud occur because existing controls were not operating, not because they were improperly designed and installed. Often, internal auditors are not permitted to do their jobs. Serious audit results impact executives, and many executives are resistant to change or feel threatened. Consequently, those who can make a difference are stifled.3
Steve Albrecht, the noted theorist and practitioner in the occupational fraud field, some of whose contributions we have examined in thinking about theories of fraud, has commented on this phenomenon as follows:
Fraud occurs when pressure, opportunity, and rationalization come together. Most people have pressures. Everyone rationalizes. When internal controls are absent or overridden, everyone also has an opportunity to commit fraud.