Conducting an exercise to assess fraud risk may seem to be a low priority (and somewhat unexciting) project for a busy manager with pressing and immediate business critical issues to address.
In reality, such an exercise is a critical investment in the future of the organisation, as well as providing valuable information which can be used to help solve current problems.
What is Occupational fraud?
“Occupational Fraud” refers specifically to fraud committed by people at their workplace on their employer (as distinct from fraud committed on unrelated parties).
There are many ways a company can be defrauded by an employees, but they generally fall into the following categories:
- Misappropriation of funds (includes cash, cheques and bank balances)
- Theft of Inventory, plant and equipment (includes raw materials, sales stock, office and factory equipment, and any sort of non-money asset, including information)
- Fraudulent Financial Statements (includes both internal end external statements and reports)
Fraud is usually well hidden, and often not discovered by management until considerable damage has been done. Local and overseas studies indicate that at least 50% of organisations have experienced significant fraud, and that 40% of occupational frauds run for more than two years before being detected.
What increases Fraud Risk?
Organisations usually have internal controls in place to regulate processes and ensure that what is done is in the best interest of the organisation (e.g. signoffs, using correct paperwork).
Controls can be strong – well designed and comprehensive – or weak. However, even strong controls can be ineffective if they are not carried out correctly and consistently.
The prevailing culture of the organisation has a large bearing on how well controls are implemented. Employees who identify strongly with the organisation and its interests will be likely to carry out their duties, including controls, conscientiously, reducing fraud risk.
There are many particular situations which can increase fraud risk. These include: an organisation’s controls not being updated as it grows or changes over time; mergers or acquisitions disrupting culture and procedures; a diverse and geographically scattered organisation; a collection of different sub-cultures throughout the organisation and so on.
What is involved in a Fraud Risk Assessment Exercise?
A typical exercise can involve two components.
The first is a close examination of the organisation’s operating processes and their associated controls by an experienced assessor, involving site visits and interviews with key staff.
The second is a confidential survey of employees which measures cultural perceptions relevant to fraud risk.
The data is analysed and assembled into a comprehensive report which clearly states the findings and improvement recommendations.
The obvious benefit of a Fraud Risk Assessment Exercise, and a subsequent improvement program, is minimisation of future losses to the organisation from fraud, both financial and in reputation (of both the organisation and its management).
There are other significant benefits as well. Where possible, the report extends its discussion and recommendations beyond pure fraud-related matters to comment on the organisation’s processes and controls and how they could be changed to improve effectiveness and also provide better management information. In our experience, many of these actions are simple and can be implemented quickly at minimal cost.
Similarly, the analysis of the cultural survey provides a rich source of information for company management about the attitude and perceptions of employees on a range of important subjects, useful for more than just fraud risk assessment. This includes job satisfaction, recognition and reward, team spirit, commitment to achieving the organisation’s goals, management effectiveness and so on.
Finally, a Fraud Risk Assessment Exercise, followed by an improvement program, can satisfy a Directors statutory requirement to address and minimize risks, in this case risk of occupational fraud.