If you are like most business owners and executives, you may not actively search for fraud risks — until there is an incident and you are facing possible losses. Although publicly traded companies must conduct fraud risk assessments, privately held businesses do not have the same requirements. Nevertheless, reviewing internal controls for gaps that might allow crooks to slip through is recommended for all companies.
Four major ways
A comprehensive risk assessment might start in the areas where fraud is most likely to happen, such as accounts payable, purchasing, and information technology. But do not stop there. If you close a door in only one department, those bent on fraud will find openings elsewhere.
Look at your internal controls in the same way a dishonest employee would — as opportunities that pose relatively little risk of exposure. In general, there are four major ways employees might exploit weak internal controls:
- Fraudulent financial reporting, such as improper revenue recognition and overstatement of assets
- Misappropriation of assets, including embezzlement or theft
- Improper expenditures, such as bribes
- Fraudulently obtained revenue and assets, including tax fraud
Some schemes, such as payroll fraud or kickbacks, can involve external people in addition to employees. And bear in mind that fraud may be limited or widespread and affect everything from individual accounts to entity-wide processes. Controls should address all levels and all types of fraud.
Where to start
Your assessment should start with interviewing key executives and managers. They will provide you with a first glimpse of potential risk areas. Perhaps more important, these conversations will help you judge whether company leaders are setting the ethical ‘tone at the top’ that is integral to fraud prevention.
Next, identify the number and names of employees who handle or review accounting functions. How many, for example, reconcile bank statements or are authorized to make bank deposits? Spreading accounting and banking duties across multiple employees — or shouldering some of the review processes yourself — provides segregation and oversight that are essential to deterring fraud. Regularly review organizational charts to maintain a constant segregation of duties.
Also consider your company’s key performance indicators. Fraud risks, for example, can show up in the performance of sales goals or in inventory management. And review your fraud-risk management budget. Compliance training, internal controls monitoring, and ongoing risk reviews should be included in your business’s budget.
Good financial sense
When analyzing your findings, remember that your company’s processes, procedures, programs, and policies make you unique. That is why it is a good idea to engage an expert to perform a thorough fraud risk assessment. Contact us for help.