Managing fraud risk proactively is imperative. It is not only about protecting against financial losses commonly associated with fraud. It is also about surviving reputational risk.
There is a need for Organizations to create an environment and implement appropriate controls for detecting fraud ahead of time. An increasing “perception of detection” is widely believed to be the most effective fraud prevention method within an organization. Directors, officers, and employees in an organization should ask themselves if what they are doing is legal, is it something permitted/encouraged in the organization and what could happen if the information goes public.
The ACFE (the world’s largest anti-fraud organization) publishes a Fraud Prevention Checkup that serves as a self-check for determining if adequate fraud prevention systems are in place within an Organization. The Checkup list consists of the following:
- Is there a process for fraud risk oversight? To what extent are the Board of Directors and Audit Committee involved?
- Is there ownership of fraud risk? Are member of senior management responsible for managing fraud risk across the organization, and for communicating with all business unit managers that are responsible for managing risks within their areas?
- Is there an ongoing assessment of fraud risk?
- Are there tolerance metrics for fraud risk? Has the Board of Directors approved the tolerance for different types of fraud risk? Some fraud risks are more tolerable and are associated with the risk of doing business. Other fraud risks can create financial as well as unwanted and unacceptable reputational damage.
- Is there a management policy for fraud risk? Is there a policy approved by the Board of Directors that identifies the “risk owner” responsible for managing fraud risk and identifying which risks will be rejected (rejecting certain types of business, transferring to third partied or internally managing the risk).
- Are there implemented measures for fraud risk? Are there measures to eliminate or minimize fraud risks identified in the assessment through process reengineering (segregation of duties, asset custody and recordkeeping/reporting transactions)? Are these measures designed to prevent, deter, and detect the fraud risks identified in the assessment?
- Is the environment in the workplace anti-fraud? Is there a strong emphasis on promoting ethical behavior deterring wrongdoing and encouraging all employees to communicate suspected or known wrongdoing to the appropriate person?
- Is there Proactive fraud detection? Are there fraud detection tests in place such as audit hooks and email monitoring?
Ensure that your Organization has the appropriate controls in place to manage fraud risk
Under the Sarbanes-Oxley Act (SOX) Organizations are required to have an Audit Committee in place that will establish the procedures for receipt of complaints and anonymous employee tips with respect to irregularities in accounting methods, internal controls or auditing matters. SOX affects public (and private) U.S. companies and non-U.S. companies with a U.S. presence. SOX is “all about corporate governance and financial disclosure”.
Consult a Certified Fraud Examiner (CFE) to ensure that your Organization has the appropriate controls in place to manage fraud risk.