Despite the threat and high cost of fraud, too many businesses fail to adopt comprehensive, integrated, fraud risk management programs. If you have put off taking this important step toward protecting your company, now is the time to act.
The first significant challenge is to understand where your company is at risk. Be specific and realistic. Your vulnerabilities are not necessarily the same as those of similar-size businesses or even of your close competitors.
You need to examine your risk objectively, as well. The question is not if your long-time bookkeeper would embezzle funds but if they could. In assessing your risks, consider both internal and external opportunities for malfeasance and how employees at any level of seniority could work alone or in concert to exploit them.
Next consider the costs of your risk, including the consequences and long-term impact of letting it go unaddressed. Risk management is more than buying insurance. It is working toward reducing your insurance needs because you have taken steps to close exploitable gaps.
Put it in writing
If you do not have a written code of ethics and business conduct, develop both and document them. Fraud prevention begins at the top, with a clearly communicated commitment on the part of management. It is not enough that you have a code of ethics; you must be seen following it.
Then look at your internal controls. Your policies should, at a minimum:
- Segregate financial & accounting duties
- Require annual vacations for employees
- Restrict unauthorized access to offices & other facilities & computers
- Protect electronic files with user IDs & frequently changed passwords
- Address training supervisors & managers to spot fraud
- Mandate internal & external audits that include scrutiny of fraud prevention measures
Not all risk is created equal. Some risk has the potential to cause damage that will ripple throughout the company but, viewed objectively, is highly unlikely to occur. In deciding how best to allocate your fraud prevention resources, assess the probability of different risks, rather than simply their size.
Also set up a continuous monitoring system that will allow you to track and adjust controls as changing circumstances require. We can help you do this. For more information on creating a comprehensive risk control program, contact us.