How Collusion Derails Internal Controls

Introduction

Sound internal controls are a must for churches and non-profit organisations to protect their valuable funds and assets from fraud and misappropriation so they can utilise them to fulfil their mission and objectives.  However, no matter how good the internal controls are, they can easily be derailed by Collusion.

A study by the Association of Certified Fraud Examiners in their 2020 Report to the Nations shows that 51% of frauds were committed by two or more fraudsters working together in collusion.

35% of cases involved two perpetrators and had a median loss of $105,000 per case, while 65% of cases involved three or more perpetrators and had a median loss of $350,000 per case.

Losses tend to increase as the number of colluding perpetrators increase, as they are better able to undermine the internal controls that could prevent or detect collusion.

These are mainly the controls of segregation of duties including the independent verification.

This happens when those who are meant to perform separate duties as a control over fraud and error decide to compromise the controls in collusion.

Additionally those who are to ensure that the controls are working as intended through independent verification, also collude to compromise the control.

This article takes you through what Collusion is, illustrates with an example how collusion derails internal controls, and then explains what makes people prone to collusion.

Table Stewards uses a light-hearted scene setting approach to introduce its topics, but if you would prefer to dive straight into any part of the article, please click the relevant link in the table of contents above.

Scene Setting

The Learning & Development Committee are assembling for their pre-meeting with Coach Emmanuel before the masterclass.

Elder Sam: Hello all!  Do you know how I can tell we are making an impact with our learning and development agenda?

Sister Jane: Let me guess…  Your great chairmanship of the Learning & Development Committee?

Elder Sam: Ha ha! That as well! But I measure our impact by the interest shown through the amount of questions and comments we get through the inbox after each masterclass.

Brother Badtrus: Yes, I saw a lot of questions about collusion, which Coach Emmanuel mentioned as a derailer of internal controls, especially that of segregation of duties.  He was meant to cover this today. 

Sister Mary: Can’t wait!

Brother Badtrus: In readiness, as a debit card holder in my finance team role, I think I should distance myself from Sister Jane, who is one of the requisition authorisers, so that people don’t think we are in collusion to defraud the church.

Sister Jane: That is not how it works! What are you implying?! 

Coach Emmanuel: Before you two turn against each other ignorantly, let’s go to the conference room and start the masterclass on How Collusion derails Internal Controls, where all will be explained!

What is Collusion and why should you be concerned?

Collusion basically means a collaborative action between different parties secretly or illegally towards a goal of deceiving, misleading or defrauding.

With regards to segregation of duties, collusion occurs when people responsible for different aspects of a process that is segregated to ensure internal controls, decide to come together to deliberately override the controls for their own benefit.

This could lead to minor to significant fraud, which can expose an organisation to great financial loss and reputation damage.

Usually, people who are bent on collusion for misappropriation, and seem to be getting away with it, will continue to increase the magnitude of the fraud for as long as possible.

Even the news of a small fraud successfully executed against a church or non-profit organisation funds, can deter future donations, giving, or offerings from members who now see the church or non-profit as poor at managing money risks.

Their hard-earned income is not for waste or misappropriation and they let you know that in withholding their giving.  It is therefore important to manage the risk of collusion effectively.

Example of Collusion

This is a fictitious example used simply for illustration, therefore any resemblance to any real life occurrence is coincidental and unintended.

“The ushers reported at the church workers meeting that people are reluctant to sit at the back of the church and in the overflow because of poor visibility of the service. 

A decision is made to increase the number of TV screens for projecting the service so that every part of the building has a TV screen in close proximity. 

The technical team is then asked to assess the number of TV screens required, the specification and then arrange the purchase. 

There are internal controls in place for purchases, which are now expected to be used in procuring the additional TV screens that are needed. 

The technical team assess that 4 more TV screens are needed and the team leader, Alex, takes responsibility for completing the requisition for the purchase. 

He is determined to fraudulently get one of the high specification TVs for himself.  He knows that only one approver is required for $1000 and below, and 2 approvers if higher.

Each TV screen is $400, so if he is to complete the purchase requisition for all 4 TVs, it would require 2 approvers.  He decides to create 2 requisitions, one with 2 TVs and the other with 3 TVs. 

Alex gets the 1^st requisition for 2 TVs approved in collusion with one approver, Jared, who unknown to others owed Alex a business favour. 

He then gets the 2^nd requisition for 3 TVs through the normal processes, which allows Jared to be one of the two approvers for the 2^nd requisition. 

The other approver, Gideon, seeing that his counterpart had approved the requisition, also approves without any suspicion, as he had not seen the 1^st requisition. 

The rest of the process from placing the order to delivery and to payment, bank reconciliation etc. goes well without any issue because the transaction was duly approved upfront.

The technical team also see that they have received the 4 TVs requested and are delighted.  However, Alex ensured that he took responsibility for the delivery and collected the TVs, putting one in his car.

A few months later, the finance team were getting ready for their end of year accounts preparation and audit. 

As part of this process, they conducted a physical verification of the assets on the accounting register.  They found only 4 TVs in place of the 5 purchased and registered.

The deputy technical team leader, Shade, confirmed that only 4 TVs were requested, received and installed. 

The finance team showed her the delivery confirmation and she was surprised.  She tried to get hold of Alex but he was not contactable. 

The finance team then found that the same issue had happened on separate occasions with the microphones, cables …. To cut a long story short, that was the last they saw of Alex.”

This story illustrates collusion leading to asset misappropriation at a basic level in a church setting.  There are other complex scenarios that can lead to high levels of financial fraud through electronic systems, as collusion can occur in any setting where there are determined participants.

Could this have been prevented?

Possibly not, because of collusion.  Collusion nullifies the impact of great internal controls.

However it is possible to put controls in place to identify opportunities for collusion so that it can be prevented or detected when it happens as explained below.

Alex, as the technical leader was trusted to raise a requisition for his department that duly reflected its needs.

Jared as the approver would also not be second guessed as he is entrusted with that responsibility, and the approval is within his limit.

Without knowing that there was a business relationship between them that had put them in a compromising situation, it is almost impossible to suspect any opportunity for collusion to derail internal controls.

Could it have been detected?

The impact of collusion is usually detected late in the day when it is almost too late to recover.

Alex received the delivery at church, and so completed the necessary documents to enable the finance team to complete the accounting records including asset serial numbers.

Where there are good controls in other stages in a process, a fraudulent transaction can be detected before it is completed or in good enough time to recover and prevent future events.

What could have been done to prevent or detect the collusion?

For the example above, let’s see what could have been put in place to prevent or detect the collusion, as well as the alarms that should have been raised during the transaction process.

• Alex as the requisitioner should not also be the one to confirm the delivery of the assets for the accounting records. By receiving the delivery himself, he was able to take away the extra TV and conceal the fraudulent purchase.

• The purchasing department (or role) should confirm delivery, provide the confirmation to the finance team for accounting record keeping, and then hand over the items to the Alex, who then signs to acknowledge receipt as requisitioner.

• The purchasing department (or role) should have raised a query when they received two separate requisitions for TVs from Alex for delivery on the same day, instead of a single requisition.

• Splitting requisitions to limit the number of approvers required for a transaction is another way fraudulent requesters use to perpetuate their wrongdoing.

• If the purchasing department raised a query on the apparent split requisition, that would have put Jared in the spotlight as he was the common denominator in approving both requisitions without questioning why they were split. The fraud would have been stopped at that stage.

What makes people prone to collusion?

Where people do not rate integrity as a high value in their life, there is always a risk that they may not be able to resist the temptation to take undue advantage of opportunities to defraud in collusion with other willing parties for a foreseen reward.

Sometimes, disaffection with the way certain things are done in church or discontent with choices for appointments to leadership positions, can make people collude with others similarly affected.

Rare, but one cannot rule out blackmail or coercion as triggers for collusion.

One can say that people who are fraudulently inclined tend to know how to identify those who share similar inclinations, making fertile ground for collusion.

Those who have previously been successfully at colluding to defraud without detection, develop expertise to try again.  They explore opportunities to benefit from fraud and look for willing participants to collude with to implement their intentions.

Culture of the organisation also plays a key role in determining whether people feel comfortable to attempt collusion.

For example, if the leadership of an organisation have a practice of overriding internal controls, it sends that message of low regard to sound internal controls.  Such management override of internal controls provides a breeding ground for control breaches including through collusion.

Conclusion

Collusion derails good internal controls.  While it may not be possible to prevent determined people from making attempts to collude and circumvent controls, there are things that can be put in place to make it difficult for people to successfully collude to defraud the church. Read more in the article on How to Prevent or Detect Collusion.  Also read more about internal controls and segregation of duties in our dedicated articles.