Fraud is a major concern for organizations world-wide.  Governments and regulators are now focusing on management’s responsibility for an effective fraud management program.  It doesn’t matter if your organization is large or small or what country or industry your organization is in.  As long as humans are involved in organizations, the risk of fraud is real. The time is now for management to take a proactive approach to ensure that the proper components and related internal controls are in place to prevent, deter, and detect fraud rather than being reactive and waiting for fraud to occur.

Many internal controls are focused on financial reporting compliance only or are considered to be procedural compliance controls only.  However management has a responsibility to implement programs to prevent, identify and detect fraud – obligations that must be taken seriously and this requires a proactive rather than passive approach to fraud risk management.

But how does one do this?

First, it is important for management to ensure that sound governance activities are in place that establish an effective tone at the top or control environment.  Some examples of this include a code of conduct specific for senior management, in addition to the organization’s code of conduct that applies to all employees; an effective whistleblower hotline program; and establishing a system of monitoring and reporting that will enable them to evaluate whether the fraud risk management program is operating effectively.

Second, a comprehensive fraud risk assessment should be completed.  To protect the organization and its stakeholders, management needs to understand fraud risks.  Moreover, organizations should conduct a comprehensive fraud risk identification process that includes an assessment of the incentives, pressures, and opportunities to commit fraud. Once identified, an assessment is needed of impact and likelihood of each fraud risk scenario and then decisions regarding what types of responses should be made to those scenarios.

Third, effective internal controls must be designed and implemented.  These controls should be balanced between preventive controls aimed at stopping fraud from occurring as well as deterring potential fraud, and detective controls, which will help ensure the timely identification of fraud incidents.  Strong preventive controls include performing effective background investigations, conducting exit interviews, providing anti-fraud training, and establishing authority limits.  Strong detective controls include whistleblower hotlines and process controls such as reconciliations and independent reviews.

Fourth, best in class organizations are moving toward more proactive detection procedures.  Common proactive detection procedures include data analysis, continuous monitoring, and the use of a fraud detection software tool that can flag anomalies, trends, and risk indicators which justify further investigation and follow-up.

Finally, a process must be established to facilitate reporting of fraud incidents, investigation of those incidents, and implementation of remediation efforts and corrective actions.

What if you do this?

A proactive fraud management program will provide the organization with many benefits:

• Reduces legal and reputational risk
• Prevention is much better than any cure
• Saves money and protects assets
• Provides reasonable assurance to stakeholders
• Provides demonstrable evidence of management’s efforts in safeguarding against fraud
• Enables audit committees, CEOs, CFOs, and controllers to assess effectiveness of internal controls and “sign-off” accordingly
• Prevents loss of productivity
• Acts as deterrent against future incidents of fraud
• Helps to attract and retain the best people

It must be noted that a proactive fraud management program will not eliminate fraud risk in its entirety.  It will, however, provide reasonable assurance that fraud incidents are prevented, or detected timely, and dealt with appropriately.  It will provide you with peace of mind enabling the organization to state that appropriate controls are in place and that procedures exist to evaluate the on-going effectiveness of these controls.

If you have any questions about detecting, deterring and prevent fraud, contact us at .(JavaScript must be enabled to view this email address).