Fraud risk assessments are the process of proactively identifying and addressing a company’s or organization’s vulnerability to both internal and external fraud. Even a well-designed and effective system of internal controls cannot fully eliminate the risk of fraud, but an internal control structure designed with fraud risks in mind can deter it. Consider two scenarios:
XYZ Company (the “Company”) had developed a system of checks and balances, including policies and procedures, and implemented internal controls designed for its size that it thought would prevent any fraudulent activity occurring within its walls. In fact, the Company had spent considerable time and training to promote a trustworthy and friendly working environment for its employees. Yet it happened – embezzled funds.
What the Company failed to realize is the importance of assessing various fraud risks within its organization and how to implement fraud preventive and fraud detective controls. Fraud risk assessments performed by fraud and forensic accounting professionals are one of the lesser used services by organizations today.
We suggested the Company allow us to perform fraud risk assessments throughout the various operational and financial departments to evaluate fraud risks within the company and provide recommendations for fraud detective and preventive controls appropriate for the size of the Company. Upon the completion of our fraud risk assessments, we were able to provide multiple recommendations the company could implement and reduce its fraud risk.
ABC Company (the “Organization”) had an internal audit function in place performed by external auditors. They had not had any issues with fraudulent activity but did want more assurance their internal audit function testing was sufficient to properly address fraud risks associated with their expense reimbursements and payables in particular. The Organization decided with the approval of its audit committee to have fraud risk assessments completed for these two areas. The Organization realized the importance of not only addressing fraud risk but also assessing the appropriateness of the internal audit testing as it related to fraud risk.
In performing our fraud risk assessments over expense reimbursement and payables, we found several “red flags” concerning fraud risks in these areas. We were able to provide the Organization with recommendations concerning its internal control procedures and recommendations for additional fraud risk testing that could be performed by the internal audit function.
Based on surveys completed every two years by the Association of Certified Fraud Examiners, a typical company or organization will lose about 5% of its revenues in a given year as a result of fraud – it is not a matter of if it is a matter of when. Proactively performing fraud risk assessments is a small investment compared to the costs involved when fraudulent activity happens.