What is your business worth to you? The answer to that question is often much more complex than a number. There’s the time, dedication and hard work that you’ve undoubtedly expended toward building your company. Though, monetary value may not be the only measurement you use to quantify your success, there may be others within your organization who see your revenues as their next windfall. According to the ACFE’s 2020, Report to the Nations, organizations lose approximately 5% of their revenues to fraud each year. Though access to company assets is key, there are other environmental factors individuals consider before attempting to perpetrate any fraud scheme. The biggest considerations include oversight and control. Is there any? Did you know that a lack of internal controls contributes to nearly one third of all fraud cases1? If you have discovered one of your employees has been cashing in on your sweat equity, there are probably vulnerabilities in your controls or, perhaps, you don’t have any controls at all. Then the bigger question is, how much is your business worth to a fraudster?
Anti-Fraud professionals are often hired to assist a business with identifying and quantifying the amount of losses from a recently discovered fraud. This reactionary response is likely the most common type of engagement these professionals may obtain. However, anti-fraud forensic accountants specialize in fraud risk management services and consulting services related to fraud prevention. We excel at both identifying fraud schemes and quantifying associated losses while also assisting businesses in the identification and mitigation of fraud related risks inherent in their day to day operations.
Formal Fraud Risk Assessments
A fraud risk assessment is a formal risk assessment used to identify an organization’s vulnerabilities to both internal and external fraud. Fraud risk assessments are key to creating effective anti-fraud programs and establishing effective controls which in turn, can help establish and foster an anti-fraud culture within your organization. When performed and used correctly, a fraud risk assessment may be the most important step you take in the fight against fraud.
Fraud risk is the result of financial and operational deficiencies within an organization from individuals. But what makes an individual capable of committing fraud? Well, Cressey’s Fraud Triangle teaches us that there are three elements which, when combined, can create the perfect storm for fraud. These elements include the individual’s motive to commit the fraud (ie. financial need, vengeance, etc.), the opportunity to commit the fraud (often present when internal controls are weak or non-existent), and the ability to rationalize their behavior or “need” to commit fraud. A fraud risk assessment can help businesses identify areas where these risks are present and develop an action plan to mitigate these risks and deter fraudulent behavior.
Because every organization is different, a fraud risk assessment is tailored to each individual organization in order to ensure business specific risks are identified and evaluated accordingly. To begin, a fraud risk assessment should first identify the fraud risks present in the organization and prioritize those risks. As the evaluation progresses, anti-fraud professionals may assist the business in developing a program to successfully manage fraud risk and assist management in identifying new fraud risks as they arise. These programs aim to:
- Improve communication and awareness of fraud within the organization
- Identify areas most vulnerable to fraud and activities which constitute the greatest risk
- Understand the individuals and positions which put the organization at greater risk
- Develop an action plan and techniques to identify, investigate and determine if fraud has occurred, and,
- Assess internal controls.
When contemplating the merits of a fraud risk assessment, it is vital that management understand the importance of an ongoing and continuous fraud risk assessment process. Fraud risk assessments should not be thought of as a one-time event never to be performed again. Let’s be realistic, as new technologies and programs are developed to identify and mitigate an organization’s exposure to fraud, new schemes are also created to circumvent new and existing controls. In order to continue to maintain a relevant anti-fraud program, management must be able to keep up with new and developing techniques in the fraud arena.
Whether you’re a new business looking to institute effective internal controls or an established organization that wants to update your anti-fraud program, a fraud risk assessment can help you establish the controls and processes necessary to allow for early detection, mitigation and deterrence of fraud.
Fraud risk assessments can also be extremely valuable in mergers and acquisitions when each party wants to ensure the current and future values of the businesses are not impacted by fraudulent activities already present in either business.
Fraud Risk Assessment or Financial Statement Audit
You may be telling yourself; I already have an internal control risk assessment during my annual financial statement audit. Is this necessary? The answer is YES. A resounding YES! A formal fraud risk assessment differs significantly from an audit risk assessment in that audit risk assessments test and evaluate controls already in place and are limited by materiality (a previously determined threshold over which missing or incorrect information is considered to have an impact on the users of the organization’s financial statements). In fact, external audits are responsible for identifying only 4% of all occupational frauds committed2. A formal fraud risk assessment evaluates first the business, as a whole, to identify the inherent and residual risks of fraud and then assists the organization with strengthening programs and controls already in place or developing and instituting new programs and controls. The goal of the audit risk assessment is to ensure accurate financial reporting to protect decision-makers and increase their understanding and knowledge of the financial position of the company. The goal of the fraud risk assessment is to protect the company from internal and external fraud risks and proactively respond to those risks in a collaborative and comprehensive manner.
- Report to the Nations: 2020 Global Study on Occupational Fraud and Abuse, Association of Certified Fraud Examiners. ↩︎
- Report to the Nations: 2020 Global Study on Occupational Fraud and Abuse, Association of Certified Fraud Examiners. ↩︎
