Business owners may not want to believe that their employees, vendors and customers are capable of committing fraudulent acts against their companies, but it is a reality that all executives must face. Although it would be naïve to think that any one solution will eliminate all fraud risks, proactive fraud risk assessments can be an effective tool to detect and deter fraud in your company.
It is imperative that an organization understands its entity-level fraud risks as well as the specific fraud risks that threaten it, considering the industry and geography in which it operates. Such risks can be assessed through the development and performance of a fraud risk assessment. According to Donald Cressey, a criminologist and professor, an individual is most likely to commit fraud when the three components of the fraud triangle – pressure, opportunity and rationalization – are presented simultaneously. When conducting a fraud risk assessment, these components should be evaluated in conjunction with existing internal controls to identify potential control weaknesses that can result in opportunities for fraudsters.
There are several stages involved in conducting a fraud risk assessment.
These stages include initial planning, determination of fraud risks, assessing fraud risks and developing a plan to continually test and monitor processes in place. The initial planning should consist of the identification of significant business units, key personnel and responsibilities as well as significant systems utilized within the organization. Various stakeholders, both in and outside of the organization should be involved in the development process, including management and the operations, accounting, human resources, and internal audit departments. Input from throughout the organization will assist in identifying fraud risks and the current controls or alleviating factors that are in place to reduce such risks. Fraud risks and mitigation controls should be assessed by risk level, and testing of the processes and controls should be completed on a periodic basis.
What’s the difference between a traditional risk assessment and a fraud risk assessment?
A traditional risk assessment ultimately addresses risks that are associated with an organization’s key missions and objectives. A fraud risk assessment, on the other hand, expands upon the traditional risk assessment and evaluates the risks of different fraud scenarios that may occur within an organization. Additionally, potential fraud schemes and exposure scenarios are identified, as well as the impact such schemes could have on the organization.
A fraud risk assessment is a continual process that evolves as changes occur within the organization, to its systems and over time. It is not done in a vacuum, but needs to be coordinated with other monitoring and control mechanisms. Understanding an organization’s fraud risks via a fraud risk assessment arms the organization with a weapon in its ever-changing fight against fraud, waste and abuse. Implementing anti-fraud policies and creating an anti-fraud training program for employees also will assist an organization in preventing and deterring fraudulent activity.
Every organization is unique when it comes to size and complexity of operations. Therefore, it is essential that such factors are taken into account when preparing and performing a fraud risk assessment. Mercadien’s team of qualified professionals has extensive experience working closely with boards of directors and senior management to structure customized methodologies to identify and address the risks of fraud, related controls and mitigation factors that help lower risks to an acceptable level.