May 19, 2010

Don't Let Yourself Be a Victim – Protecting Your Company From Financial Fraud

Don't Let Yourself Be a Victim – Protecting Your Company From Financial Fraud

The last decade has shown that anyone, from Fortune 500 companies to individual consumers, is susceptible to fraud. Despite the fact that the government has increasingly enacted laws that impose more aggressive corporate governance and internal controls, fraud is as prevalent as ever and shows no sign of letting up. But that does not mean that companies and their management must roll over and accept the financial injuries and inevitable blame that result from being defrauded. Moreover, a company cannot simply rely on government enforcement agencies, external auditors or regulators to prevent it. There are ways to avoid being the victim of financial fraud, or at the very least to reduce the risk of being defrauded, and it is incumbent upon management to take steps to avoid it.

Fraud is often described as being driven by “three pillars,” referred to collectively as the “Fraud Triangle.” The first pillar of fraud is economic pressure. The more financial pressure that a person faces – personally or professionally – the more likely it is that a person will commit fraud. There can be no doubt that current economic problems have exacerbated fraudulent activities.

The second pillar of fraud is the rationalization of behavior. People that commit fraud generally find reasons to justify their actions (e.g. “I am only borrowing the money from the escrow account; I intend to pay it back”; “I need this money more than they do”; “This money should have been paid to me in the first place,” etc. ).

The third pillar of fraud is opportunity. This is the pillar that is the easiest to target in terms of taking steps to prevent financial fraud. It is management’s responsibility to mitigate fraud by instituting internal controls that reduce opportunities for employees, managers and investors to misappropriate the company’s assets through surreptitious means. Internal controls designed to eliminate opportunity include preventive, deterrent and detective controls.

Prevention is the first step in combating fraud. By utilizing processes that reduce or eliminate the threat of fraud, management can remove opportunities that might otherwise exist. For example, there are tools that can be used to reduce human involvement in procedures, processes and recording of transactions. In addition, there are internal controls available when employee involvement cannot be reduced or is necessary to performing a task. Such controls include check signing authority at specific dollar thresholds, restricting access to assets, password implementation and many others. Employees need to be made aware of and trained in the use of these tools and controls. Employee awareness and training will make a potential fraudster think twice because the chance of being caught is increased.

Deterrence is another method of reducing and combating fraud. Methods of deterrence are designed to discourage fraud in situations where it is impossible to prevent fraud altogether. Examples include the use of equipment such as cameras (or even “dummy” cameras that are visible but don’t actually work), establishment of fraud programs, implementation of preventive measures such as “surprise” audits and other means. For deterrence to be effective, management must let it be known that they are serious in eliminating fraud and in assisting authorities when fraud occurs.

Detective controls include procedures that monitor employees and alert management of areas of risk. These controls are necessary for an effective anti-fraud program. They allow management to become aware of a fraud and stop it before serious economic injury occurs. These controls include such activities as reconciliations, cash counts, inventory coding and IT alerts regarding account intrusion.

Management needs to understand risks in order to exercise their responsibilities. They must also understand risks and be able to gauge the impact of a fraud occurrence within their organization. Sound risk assessment programs are therefore essential to enabling management to gauge the risk within their organizations. Such programs are best established with the assistance of professionals that have the business process and management consulting experience and knowledge that helps determine the cost-benefit of various programs. By tackling the pillars of fraud – and by reducing opportunity through prevention, detection and deterrence – a company and its management can minimize the risk that they will be victims of even the most creative and determined fraudsters.

Laurie Holtz – [email protected]
Josh Shilts – [email protected]