Is It Worth the Risk to Not Perform a Fraud Risk Assessment?
By Frank Suponcic, Partner, Valuation, Forensic & Litigation Services
Of all the fraud prevention tools and techniques available to companies, my personal favorite is the fraud risk assessment. It is not the most cost-effective tactic, but it will yield the greatest results.
Without any justification, most business owners and corporate executives believe that their business is adequately protected from internal theft. The euphoric feeling commonly associated with thinking your accounting system is “airtight” is a false sense of security. We strongly encourage businesses to independently examine their accounting system vulnerabilities by engaging a professional to perform a fraud risk assessment. It’s a once-in-a-many-year investment in your business profitability, your accounting department, your viability, and – to many – your invaluable peace of mind.
The fraud risk assessment objectives are clear. We want to identify:
- Internal and external vulnerabilities
- Which employees put the company at the most risk?
- Potential fraud schemes specific to your business
- Who has financial incentives, pressures and opportunity?
- Can management override any internal controls?
- IT risks and vulnerabilities
- Internal control weaknesses and propose suggestions for system enhancement
- Activities and transactions that are the most vulnerable
- Red flags that may have gone unnoticed by management
A good forensic assessor needs to think like a criminal in order to determine how an employee could exploit the controls and accounting system. Several factors influence a company’s fraud risk. Fraud risk originates with the effectiveness of the existing system of internal control. Second, risk can be affected simply by the type of business. Finally, and as mentioned previously, the effectiveness of the company’s ethics also play a factor. We’ve found a considerable amount of vulnerabilities in every company that we have ever examined—and that spans small family-owned businesses to even a Fortune 100 company!
A fraud risk assessment is not a typical internal control analysis—our focus is on security, asset preservation, preventing fraud, ensuring a system is in place to quickly detect fraud, and identifying factors that could allow a fraud to occur. We attempt to evaluate the internal controls, policies and procedures, but we are not diagraming the flow of documents or rewriting your internal control policies and procedures. If they are deficient, you will be advised. The faster a company can identify and respond to fraud, the smaller the corresponding amount of financial loss.
Fraud risk assessments are, without a doubt, much more valuable to smaller companies simply due to the identification of fraud risk and a greater volume of recommendations presented.
Prior to commencing the interviewing of targeted employees, we need to learn as much about the business in advance. We want to examine current and prior financial statements and income tax returns, review the company’s online presence, scan the general ledger, and tour the facility. In most fraud risk assessment cases, the client drives the overall cost, as they are the ones to frame the amount of time (and dollars) they are willing to commit to the project. We work backward from their budget and expectation. We will interview the targeted employees and management, if so desired.
How the engagement findings are communicated is crucial. It’s most cost effective to sit down with the client and talk about the findings. Other times, and quite often, the client wants a tangible, written document that not only outlines the observations and findings by area, but also compiles a corporate game plan for addressing the issues, based on the severity of the weakness identified. Written reports can be costly, but many clients like to refer to the document in future years, almost like company owners refer to a business plan.
We hope that your organization or business never falls victim to a case of internal embezzlement. While implementing many of these measures will help, even the strongest controls cannot guarantee that someone won’t find a creative way around them. Clients that have had a forensic assessment performed usually incur less in financial losses and sleep better as a result of taking the proactive initiative associated with a forensic risk assessment. We strive to convince business owners to not think that “Employee Theft Cannot Happen To Them.”
The best way to identify those weaknesses is to have a forensic expert examine your business before you make the vaunted call to tell them that you have been “taken for an unsuspecting financial ride” by a trusted employee.
As a child I recall seeing a Midas Muffler commercial. I vividly recall the gruff voice of the narrator saying, “You can pay me now, or pay me later.” When it comes to fraud prevention, and 40 years later, the same tagline applies.