Would you like to know where an employee might create a scheme to defraud your organization? As much as 7 percent of top-line revenue may be at risk, so how do you fight back against these employees who want to take advantage of your organization?
As mentioned in my previous article, Detecting Fraud: The Tone at the Top, the presence of fraud is prevalent in today’s business, educational, nonprofit, and governmental organizations. A strong internal control environment is one of the main strongholds to reducing the likelihood of fraud in the organization. As these articles continue, other key proactive characteristics of an organization prepared to reduce the occurrence of internal fraud will be addressed.
One of the first steps an organization should take to evaluate its fraud risk is to perform an enterprise-wide fraud risk assessment. A fraud risk assessment allows the organization to identify potential areas where fraud may occur and who the perpetrators might be.
The fraud risk assessment team should consist of employees across many disciplines of the company. This include the following:
- Accounting and finance individuals from all levels, not just senior management, because they are familiar with the processes of the transactions and existing controls.
- Individuals in operational-type positions should be included due to the wealth of information they have regarding their day-to-day operations and the opportunities that might exist from external forces and management pressures for performance.
- Legal and compliance representatives should be included due to their knowledge of the regulations surrounding your individual industry.
- If an internal audit function exists within the organization, the audit staff is a great source of information of current control weaknesses and opportunities for fraud within the organization. The staff is trained to look for fraud and be aware of the opportunities for fraud.
- Senior management should be included due to their responsibilities for the overall control environment and are usually keenly aware of fraud issues within the industry. They also have a fiduciary responsibility to the organization’s stakeholders.
- Lastly, include forensic accounting experts who deal with fraud investigations on a daily basis – they have seen a wide variety of fraud schemes and broken controls which allowed the fraud to occur in the first place.
One of the first steps after assembling the team is to populate all the potential fraud risks. The best way to get a full understanding of this task is to use the fraud tree developed by the Association of Certified Fraud Examiners. This “tree” divides fraud schemes into three main branches or areas, Financial Reporting, Misappropriation of Assets and Corruption, with detailed fraud schemes under each branch. This will provide members of the assessment team a full list of the potential schemes that then will need to be applied to each individual organization and/or process.
Some of the fraud schemes the team should consider by category include:
- Revenue recognition – recording receipts in incorrect period
- Expenditure Recognition – holding invoices at end of reporting period
- Misclassification of Balances – recording expenses as fixed assets
- Skimming of cash – taking cash before it is recorded in the books
- Accounts payable – fictitious vendors
- Payroll – ghost employees
- Capital Assets/Inventory – theft of assets/inventory
- Kickbacks – payments for purchases
- Conflicts of interest – improper bidding to related parties
- Inventory and/or assets that easily converted to cash
- Poor controls over cash
- Remote locations with cash transactions
- Poor IT controls and processes (i.e., multiple users of a single password)
- Lack of controls to indicate an override of the system
- Lack of segregation of duties between employees within the same process
- Lack of forced vacation for people in key processing positions
- Failure of management to monitor controls and review transactions