Is your organisation at risk of fraud? The simple answer is yes. Any organisation holding assets is in danger of having those assets targeted by dishonest individuals. While fraud is not something an organisation wants to deal with, in practice most organisations experience fraud to some degree.
Unfortunately, a big part of the threat comes from the very people who have been hired to carry out the organisation’s operations and so it can be hard to prevent.
Publicised fraudulent activity negatively impacts the reputations and brands of many organisations around the world. Recent studies have shown that fraudulent activity typically goes undetected for 1-2 years. As the global study below shows, around one third of victim organisations discovered their fraud only when notified by police, by which time they had suffered substantial losses.
Smaller businesses continue to be the most common victims of fraud and are likely to feel the impact of losses more acutely than larger organisations, with the most common areas of fraud being:
- Fraudulent disbursement schemes
- Payroll schemes
- Misappropriation of cash
Simple, inexpensive anti-fraud measures
While small businesses do not have the resources necessary to invest in some of the more expensive internal control measures, several anti-fraud initiatives can be implemented with minimal investment including:
- Developing a strict code of conduct
- Management review procedures
- Fraud training for staff
- Restrictions on access to information
The importance of good governance
Legislative changes have heightened the responsibility for fraud risk mitigation by those charged with governance.
Good governance principles demand that an organisation’s Board of Directors ensures high standards of ethical behaviour, in addition to public, private, government or not-for-profit financial reporting and operating responsibilities relevant to each organisation.
The Board’s role is critically important because, historically, most major frauds are perpetrated by senior management in collusion with other employees. The Board is expected to explain how the organisation is responding to heightened regulations, public and stakeholder scrutiny, how they identify fraud risks, what they are doing to prevent fraud or at least detect it sooner, and the processes in place to investigate fraud and promptly initiate corrective action.
Policies and procedures to address fraud risk
Most organisations have some form of written policies and procedures to manage fraud risks, and a few have documents to assist in communicating these policies and evaluating their internal processes. This relatively inexpensive measure can help smaller organisations address fraud risk.
While each organisation needs to consider its circumstances in terms of size and complexity, the following fraud risk elements should be considered in your fraud risk management policies:
- Roles and responsibilities
- Fraud awareness
- Conflict disclosure
- Risk assessment
- Reporting procedures and whistleblower protection
- Investigation and corrective action
- Continuous monitoring
The above diagram indicates the three contributing factors to fraud risk. One of the best ways to mitigate exposure to fraudulent activity is to take a pro-active approach and eliminate opportunity where fraud might occur.
Organisations can take constructive steps towards fraud prevention through a combination of effective fraud risk governance, a thorough fraud risk assessment, strong fraud prevention and detection processes and timely investigations. Generally, frauds that are detected through active methods such as these tend to be caught earlier and cause smaller losses than frauds detected passively.
An audit can be procured as a preventative measure or in response to a suspected fraud, so external audits could be considered as either active or passive detection methods, depending on the circumstances.
Accru professionals provide guidance to numerous clients on the principles of fraud risk management and assist organisations of various sizes and types to establish their own effective fraud prevention and detection procedures.