Assessing your company's fraud risk

By Dan Ramey

The most recent study by the Association of Certified Fraud Examiners (ACFE), The Report to the Nations – 2010, indicates that, on average, an organization loses 5 percent of top-line revenue to internal fraud alone.
In these uncertain economic times, have you done everything reasonably prudent to prevent or detect fraud? How susceptible is your organization? A fraud risk assessment might be the next logical step to lower the potential for fraud against your organization. You cannot afford to be losing money to controllable factors.
What is a fraud risk assessment?
A fraud risk assessment is a tool that organizations can utilize to determine their exposure to internal and external fraud. The assessment reviews the operations and controls, including policies and procedures, of an organization to determine where gaps exist that could allow a person or group of persons to carry out a fraud against the organization.
The fraud assessment looks at key areas of the organization to determine if actions have been taken that would alert management to a fraud or to effectively deter the execution of a fraud. Each organization has different levels of risk and mitigation techniques depending on their industry.
A manufacturing firm with valuable inventory has different risks than a software technology company with valuable intellectual property. A retail establishment with stores has a different set of risks than a professional services firm. Each risk assessment needs to be tailored for the organization and the specific risks faced by that organization.
Elements of the risk assessment
The risk assessment team begins by determining the scope of the assessment so that critical areas are prioritized in order to analyze the risks and implement the most effective prevention tactics.
The next step identifies the organization’s risks of fraud in the key areas determined in the first step. This is dependent upon the prior fraud risk assessment efforts and industry sector. Understanding the severity of the risks and/or gaps in the control environment is done by ranking, from high to low, the documented risks and control gaps.
An analysis of the specific findings will generate the potential of a fraud, possible impact of the fraud, and recommendations on how to reduce risk. The final and most critical step is for management to implement the advised action steps throughout the organization to reduce the threat of a fraud.

Case study

Recently, PKF Texas performed a fraud risk assessment at a manufacturing company. Over the past few years, the organization had experienced some fraudulent activity internally and externally. Our efforts began with a detailed discussion with senior management regarding the business and operations of the company. Our discussions identified several serious risk areas that needed focus during our engagement. These included inventory, purchasing, vendor selection, sales, and retail store fronts.

Our evaluation process included interviews with middle-level managers to determine actual operating practices in the areas we considered the highest risk. During the interviews we discovered some basic anti-fraud measures were not in place, or not operating effectively. Also, critical internal controls to prevent and to detect fraud were either not in place or not adequate due to changes in business processes over the years.
Working with the management team, we created an anti-fraud program with very specific action steps that would reduce the potential for more fraud in the organization. Many of the action items cost nothing except the time to implement. We advised them to strengthen their controls and adjust their company policies and procedures.
One of the most important action steps was the implementation of a fraud reporting hotline along with a process to deal with the incoming calls. Recent surveys indicate that as much as 40 percent of frauds are uncovered via hotline calls from individuals inside and outside of the organization. Employees comprised 50 percent of the tips with customers next at 18 percent.
The senior management of the company has asked that we periodically meet with them to discuss changes in their business environment and how that might impact the possibility of fraud. By the senior management taking this proactive step to prevent fraud, they are actively securing their company, protecting the organization against internal and external fraud, and thereby protecting the assets and the reputation of the company.
PKF Texas has a diagnostic tool located on our Web site at which can serve as a starting point to begin a dialogue with your management team.
About the author:
Dan Ramey, CPA, CIA, CFE, CFF, is a director of Internal Audit for PKF Texas. PKF Texas can provide assistance to companies looking to implement the techniques detailed in this issue
Dan Ramey – (713) 860-5410,
Karen Love, Director, Practice Growth – (713) 860-1459,
For archived issues of Route to Profits, visit
To listen to PKF Texas – The Entrepreneur’s Playbook tips go to

You may like these other stories...

IRS audits less than 1 percent of big partnershipsAccording to an April 17 report from the Government Accountability Office (GAO), the IRS audits fewer than 1 percent of large business partnerships, Stephen Ohlemacher of the...
Is it time to consider a value added tax?Forbes contributor Joseph Thorndike wrote yesterday that he believes the tax reform proposal by House Ways and Means Committee Chairman Dave Camp (R-MI) was dead on arrival. But he...
Read more from Larry Perry here and in the Today's World of Audits archive.The planning phase of an audit engagement of an entity using US GAAP or a special purpose framework will, with minor differences, include similar...

Upcoming CPE Webinars

Apr 22
Is everyone at your organization meeting your client service expectations? Let client service expert, Kristen Rampe, CPA help you establish a reputation of top-tier service in every facet of your firm during this one hour webinar.
Apr 24
In this session Excel expert David Ringstrom, CPA introduces you to a powerful but underutilized macro feature in Excel.
Apr 25
This material focuses on the principles of accounting for non-profit organizations' revenues. It will include discussions of revenue recognition for cash and non-cash contributions as well as other revenues commonly received by non-profit organizations.
Apr 30
During the second session of a four-part series on Individual Leadership, the focus will be on time management- a critical success factor for effective leadership. Each person has 24 hours of time to spend each day; the key is making wise investments and knowing what investments yield the greatest return.