Assurance
Tax
Wealth Management
Consulting
Staffing
Internal Controls Are Fraud Insurance
 
By Clark Keeler, BPM Director in Assurance & Consulting Services
 
Clark Keeler
For more than thirty years I’ve been investigating fraud: figuring out how it happened, tabulating the costs, repairing the failed internal control systems and consoling the victims. Although the case studies vary, there is one constant: it is always a surprise! Even worse, Management’s response is invariably the same: “We never saw it happening. We never thought he/she could do something like that.”

That’s the way it is with fraud. It is an act of betrayal by your own employee, and, unlike other losses, you can never fully shrug it off as “just part of the cost of doing business.” It is far too personal.

Yet in most of these cases, the company’s leaders had never implemented serious fraud prevention measures. They had addressed their other business risks, routinely scrutinizing business operations from a cost/benefit perspective and making control decisions accordingly. They bought property, liability and D&O insurance, even though they did not anticipate losses. But when it came to fraud protection, their standard evaluation methods were somehow forgotten, and they blithely plunged ahead without noticeable concern.

Implementing Your Fraud Protection Program

The sad truth is that no one has figured out how to eradicate fraud. You can, however, effectively reduce its risk by being proactive and taking preventative measures.

There are three major components in building prevention programs that involve developing strong control environments, risk programs and internal control processes. It is important to identify and assess fraud risks as well as take the corrective actions that can prevent, deter or minimize losses.

The steps include:

1. Begin with a fraud risk assessment. This is the process of brainstorming about your organization’s structure and business activities, and determining where fraud might occur. The assessment allows you to gauge the likelihood and impact of possible fraud activities, and the harm they are likely to cause to your reputation, profits, regulatory compliance and legal standing. The identification of the factors that could result in fraud will help guide your company through an evaluation of the inherent risks, and the determination of what is acceptable.

All fraud programs rely on the commitment of an organization’s leadership. The nurturing of an ethical culture that does not accept or tolerate fraud is critical. Consequently, it’s important that you examine a company’s governance practices in order to implement and improve anti-fraud training programs.

 
2. From the results of the initial risk assessment, focused programs can be implemented that address areas where risks are unacceptable. In addition, you should implement basic, well-proven controls that address the identified risk areas. The most common and effective anti-fraud controls are:

  1. Surprise Audits
  2. Job Rotation/Mandatory Vacation
  3. Hotline
  4. Employee Support Programs
  5. Fraud Training for Managers/Executives
  6. Internal Audit/FE Department
  7. Fraud Training for Employees
  8. Anti-fraud Policy
  9. External Audit of ICFR
  10. Code of Conduct
  11. Management Review of Internal Controls
  12. External audit of Financial Statements
  13. Independent Audit Committee
  14. Management Certification of F/S
  15. Rewards for Whistleblowers
3. Finally, it’s important to implement future prevention steps through supervisory programs that monitor the ongoing effectiveness of the implemented controls.
 


Prevention, deterrence and detection are the basis of risk management… and the basis of good business strategy. Make sure fraud isn’t the one risk you ignored.

For help in implementing your fraud protection program, contact Clark Keeler, BPM Director and Certified Fraud Examiner, at ckeeler@bpmcpa.com.

Bookmark and Share



This publication contains information in summary form and is intended for general guidance only. It is not intended to be a substitute for detailed research or the exercise of professional judgment. Neither BPM nor any other member of the BPM firm can accept any responsibility for loss brought to any person acting or refraining from action as a result of any material in this publication. On any specific matter, reference should be made to the appropriate advisor.