By Dan Ramey
The most recent study by the Association of Certified Fraud Examiners (ACFE), The Report to the Nations – 2010, indicates that, on average, an organization loses 5 percent of top-line revenue to internal fraud alone.
In these uncertain economic times, have you done everything reasonably prudent to prevent or detect fraud? How susceptible is your organization? A fraud risk assessment might be the next logical step to lower the potential for fraud against your organization. You cannot afford to be losing money to controllable factors.
What is a fraud risk assessment?
A fraud risk assessment is a tool that organizations can utilize to determine their exposure to internal and external fraud. The assessment reviews the operations and controls, including policies and procedures, of an organization to determine where gaps exist that could allow a person or group of persons to carry out a fraud against the organization.
The fraud assessment looks at key areas of the organization to determine if actions have been taken that would alert management to a fraud or to effectively deter the execution of a fraud. Each organization has different levels of risk and mitigation techniques depending on their industry.
A manufacturing firm with valuable inventory has different risks than a software technology company with valuable intellectual property. A retail establishment with stores has a different set of risks than a professional services firm. Each risk assessment needs to be tailored for the organization and the specific risks faced by that organization.
Elements of the risk assessment
The risk assessment team begins by determining the scope of the assessment so that critical areas are prioritized in order to analyze the risks and implement the most effective prevention tactics.
The next step identifies the organization’s risks of fraud in the key areas determined in the first step. This is dependent upon the prior fraud risk assessment efforts and industry sector. Understanding the severity of the risks and/or gaps in the control environment is done by ranking, from high to low, the documented risks and control gaps.
An analysis of the specific findings will generate the potential of a fraud, possible impact of the fraud, and recommendations on how to reduce risk. The final and most critical step is for management to implement the advised action steps throughout the organization to reduce the threat of a fraud.
Recently, PKF Texas performed a fraud risk assessment at a manufacturing company. Over the past few years, the organization had experienced some fraudulent activity internally and externally. Our efforts began with a detailed discussion with senior management regarding the business and operations of the company. Our discussions identified several serious risk areas that needed focus during our engagement. These included inventory, purchasing, vendor selection, sales, and retail store fronts.
Our evaluation process included interviews with middle-level managers to determine actual operating practices in the areas we considered the highest risk. During the interviews we discovered some basic anti-fraud measures were not in place, or not operating effectively. Also, critical internal controls to prevent and to detect fraud were either not in place or not adequate due to changes in business processes over the years.
Working with the management team, we created an anti-fraud program with very specific action steps that would reduce the potential for more fraud in the organization. Many of the action items cost nothing except the time to implement. We advised them to strengthen their controls and adjust their company policies and procedures.
One of the most important action steps was the implementation of a fraud reporting hotline along with a process to deal with the incoming calls. Recent surveys indicate that as much as 40 percent of frauds are uncovered via hotline calls from individuals inside and outside of the organization. Employees comprised 50 percent of the tips with customers next at 18 percent.
The senior management of the company has asked that we periodically meet with them to discuss changes in their business environment and how that might impact the possibility of fraud. By the senior management taking this proactive step to prevent fraud, they are actively securing their company, protecting the organization against internal and external fraud, and thereby protecting the assets and the reputation of the company.
PKF Texas has a diagnostic tool located on our Web site at www.pkftexas.com/FraudSurvey
which can serve as a starting point to begin a dialogue with your management team.
About the author:
Dan Ramey, CPA, CIA, CFE, CFF, is a director of Internal Audit for PKF Texas. PKF Texas can provide assistance to companies looking to implement the techniques detailed in this issue
To listen to PKF Texas – The Entrepreneur’s Playbook tips go to pkftexas.com/ep.