Skip to content
Skip to main content

About this free course

Download this course

Share this free course

Risk management
Risk management

Start this free course now. Just create an account and sign in. Enrol and complete the course for a free statement of participation or digital badge if available.

3.4 Human factors and internal controls

Internal controls are a widely used component of most risk management systems. But controls that rely on people can sometimes fail.

Of a more sinister nature, deliberate deception or fraud can cause an otherwise high-performing risk management system to fail. Failing to identify risks or to properly assess them, or deliberate subversion of controls for fraudulent purposes, can lead to a risk system failing to operate correctly – fraud effects all organisations, to a greater or lesser extent, and it is something that should be guarded against.

To guard against an individual committing fraud it is common to have ‘segregation of duties’ – this simply means that more than one person is involved in carrying out a task. An example is paying a supplier. Segregating duties would involve one person raising the invoice and another person paying the invoice. Segregation of duties can be subverted (got around) when people collude. For this reason an independent oversight (e.g. by internal audit) is necessary, even when, at face value, appropriate controls are in place.