Smaller companies are more vulnerable to fraud than larger ones ? since they have fewer resources to deal with it.

The disclosure was made by Bill Grieshober, seminar presenter at the Bermuda chapter of the Institute of Internal Auditors (IIA) course last week at XL House.

Mr. Grieshober, a former CEO, who is an advisor with the Small Business Development Centre in Buffalo, New York, was invited to Bermuda to conduct the two-day IIA Bermuda seminar ?Controls Are Everybody?s Business?.

He said the course was introduced because of Sarbanes Oxley legislation and corporate scandals such as Enron. People wanted to know how to implement effective controls.

?There is a clear recognition that fraud is becoming more sophisticated and coming to the Island whether we like it or not,? Owen Martin of the IIA said.

?Business failures led to Sarbanes Oxley but controls existed before Sarbanes, they just became lax. Internal controls are to do with companies and corporate governance,? Mr. Grieshober said.

?The traditional thinking has been that controls are the responsibility of internal auditors and the reason people think that is because internal auditors examine the controls but they don?t own the controls.

?We realised that everyone has a responsibility for internal control and so we rolled out this course.?

Mr. Grieshober said the framework for internal controls were originally set out in COSO (Committee of Sponsoring Organisation) Treadway Commission in 1992.

?It really took the corporate scandals of Enron,Tyco and WorldCom to cause Sarbanes Oxley to be put in place.?

He said Enron made organisations aware that without strong controls, the conditions for fraud and malpractice can emerge.

?One of the fallacies that people have is that fraud occurs more frequently in large companies. They get the publicity but it occurs more frequently in small companies for two reasons,? Mr. Grieshober said.

?There are more small companies than large companies and small companies have less resources able to control fraud and fraud is a big risk.?

?We are thrilled that 190 people registered for the two-day seminar which shows that not only the Institute and its members but the broader business community wants to learn about the IIA and adopt controls that add value and effectiveness to an organisation,? Keith Bernard of the IIA said.