Imagine you just discovered your organization lost a substantial amount of money to fraud. You’d most likely be overcome with various emotions, including dismay and anger. However, as terrible as such a situation would be, there’s something even worse: Suffering financial losses to fraud and not even knowing it.
Earlier this year, payment security solutions vendor Trustmi surveyed 516 finance professionals in the United States, including chief financial officers, treasurers, and accounts payable staff. Perhaps the most chilling results of the resulting report were:
-
- 48% of respondents didn’t know how many times their organizations had been subject to payment fraud attempts during the preceding 12 months
- 51% couldn’t say how much money their organizations had lost to payment fraud during that period
Could you be losing precious dollars to fraud as you read this very article? It’s possible. One way to stay on guard and help ensure your defenses are as strong as possible is to conduct regular fraud risk assessments.
What It Is & Where It Starts
A fraud risk assessment is a formal, comprehensive process for identifying risks, evaluating their severity, developing mitigation strategies, and strengthening monitoring and response procedures.
Who conducts assessments varies depending on an organization’s size and purpose. Larger employers may have internal audit teams capable of doing the job. Small to midsize organizations can engage external auditors, including Certified Fraud Examiners.
Strong internal controls are usually the first thing that auditors check for. They’ll look for ways fraud perpetrators can exploit weak or nonexistent internal controls to commit crimes such as:
-
- Fraudulent financial reporting (for example, improper revenue recognition and overstatement of assets)
- Misappropriation of assets (for instance, embezzlement and theft)
- Payroll schemes (for example, “ghost” employees and inflated expenses)
- Corruption (for instance, bribes and kickbacks)
One key internal control is segregation of duties. To the extent possible, employers should spread job responsibilities related to accounting, financial transactions, and banking across multiple employees. That way, one person can’t control and potentially exploit one or more money-related processes. Auditors look closely at this and other widely used controls to see whether they’re in place and being carried out effectively.
Auditors also assess whether internal controls account for everyone involved in financial transactions. After all, fraud often involves external parties, such as vendor reps and independent contractors. In addition, assessments verify that controls apply uniformly across the organization — including to owners and executives.
Deeper Dive
Top-notch fraud risk assessments go beyond simple checkups of internal controls. Some involve virtual or in-person interviews with executives and key employees to gather insights into how they guard against fraud in their day-to-day activities and what ideas for improvement they may have.
Interviews also help “assess the control environment” and spot red flags. In other words, auditors evaluate interviewees’ statements, attitudes, and behaviors. Do they appear to support a culture of honesty and high ethical standards? Does their tone indicate they take the threat of fraud seriously?
Fraud risk assessments may include statistical and advanced financial analyses, too. Key performance indicators related to, for example, sales targets or inventory management can be analyzed to indicate the likelihood of fraud. And auditors may scrutinize whether and how the organization is budgeting for fraud prevention.
Risk Level
The specific methods of fraud risk assessments vary depending on the size and type of organization, as well as who’s performing the assessment. The bottom line is that every employer should conduct assessments regularly to determine its current level of fraud risk and take action as necessary. Contact us for help evaluating your organization’s accounting-related internal controls and analyzing financial data that may indicate fraudulent activity.