As the economy continues its downturn and the financial pressure on business increases, the risk of fraud becomes higher than ever.To help your clients protect their businesses, suggest that they evaluate the current state of their anti-fraud program to minimize the duration and potential loss of fraud. When evaluating a current program, they should consider their preventative measures, not just their detective measures.
EVALUATION IS CRITICAL
The cost of fraud is significant.
According to the 2008 Report to the Nation by the Association of Certified Fraud Examiners, on average, companies lose 7 percent of revenues through fraud. The cost of fraud may be difficult to measure, especially considering the intangible losses, such as brand name and reputation loss, as well as deterioration of employee morale.
Detecting fraud remains a challenge. Regardless of a company's efforts to detect frauds, over 60 percent are identified by a tip or by accident. Unfortunately, there's no silver bullet.
Identifying the potential fraudster is even more challenging. Frauds appear to be committed more by longer-term employees with no history of committing such acts in the past. Based on various studies, it appears that, generally, three factors coming together could result in fraud, including an incentive or pressure to commit fraud (e.g., unrealistic sales goals); an opportunity to commit fraud (e.g., poor controls); and rationalization to commit it (e.g., justifying taking money from the check register because "the owner is underpaying me").
It's challenging to detect fraudsters, as they could be driven by forces beyond an employer's control, such as a family health crisis or drug addiction.
According to the 2008 ACFE report, "78 percent of [fraud] victim organizations modified their anti-fraud controls after discovering that they have been defrauded." At the same time, "In every comparison, there were significantly lower losses when the controls had been implemented. For example, organizations that conducted surprise audits suffered a median loss of $70,000, while those that did not had a median loss of $207,000. We found similar reductions in fraud losses for organizations that had anonymous fraud hotlines, offered employee support programs, provided fraud training for managers, and had internal audit or fraud examination departments."
WHAT CAN YOU DO NOW?
Considering the difficulty of fraud detection and the ever-increasing risks in the current economy, as a first step, a company should assess its current anti-fraud program by answering the following questions:
* Has the importance of ethics been communicated to its employees and vendors?
* If someone has been assigned to oversee the program, have they been provided with the appropriate tools and access to information and people?
* Has the company established a Code of Conduct policy that applies to all employees, including management? Does it extend to contractors with access to facilities and systems?
* Does the company require employees to read and sign (certify) the Code of Conduct at least annually?
* Does the company nurture a culture of openness, empowering employees to express a different view, without the fear of retaliation?
* Has the company established a confidential compliance hotline and a related hotline for investigation procedures?
* Does the company believe it has effective employee background check procedures?
* Has the company communicated to employees the anti-fraud policies and procedures, including the penalties?
* Does the company consider department and employee compliance as part of their annual performance evaluation?
* Does the company incorporate anti-fraud information in new employee orientation?
* Has the company established an intranet site, publications and guides for employees?
* Has the company shared with vendors and customers information on its compliance hotline?
* Does the company perform an annual fraud risk assessment to identify key fraud risk areas, and the controls in place to mitigate such risks?
* Does the company perform periodic reviews of its internal control system?
* Has the company established an appropriate governance structure, through which the anti-fraud function can communicate significant issues?
When establishing or enhancing a current anti-fraud program, remember that fraud can only be minimized, not eliminated, and therefore a cost-benefit analysis should be considered.
Ilan Haimoff, CPA, CIA, CFE, is an audit principal at the Los-Angeles-based CPA firm of Green Hasson & Janks.
