When thinking about your companies fraud risk there are a number of factors to consider, and understand to mitigate that risk. One of the first things to consider is the size of your organization; the level of risk will scale with the size of your company. Secondly, the type of organization you run can also indicate some of your fraud risk, if you are a non-profit or government entity you will have a much higher risk for fraud than all others. Lastly is the industry you operate in, if you are in financial services or banking you will have a high risk of fraud, same with retail. In this blog I’ll try to help you understand how to build in fraud protection based on these different factors.
When considering the size of your organization it is best to know that you will need internal controls, and they should be implemented as strong as possible regardless of size. You should always assume that your company is too large for you to monitor at all times, even if it isn’t, once you operate under this assumption you will need internal controls that can deter even the most creative fraud schemes. When the size of a company grows, so does the ability for someone to get lost in the weeds so to speak, this means that they are a much smaller part of the team, and the amount of money they are dealing with might be small but over time can become extremely large. Remember most fraud schemes span well beyond a year before beyond discovered, and the bigger your company is the longer this could be.
Internal controls are a fantastic way to control risk within an organization for all of these factors, but when it comes to type of entity sometimes audits may be equally important for mitigating fraud. A lot of non-profits and government entities receive external audits, but the scope of these audits are almost always too narrow for finding fraud. We know from the ACFE that non-profits and government entities have an extremely high rate of fraud and are audited frequently so why would I recommend more audits? Well, in most situations people know the audits are coming, they know what will typically be looked for, and they know that it will be done pretty quickly. Asking for a new audit team, or an entirely new firm to conduct the audit could be helpful to deterring fraud.
If your company is in a higher risk industry such as the financial services, banking, or retail industries you are at a higher risk for fraud. Understanding the fraud du jour, or fraud of the day for your industry can help you understand how to stop fraud before it happens. One of the best tools in this area is not just understanding and creating internal controls to stop fraud but also having a tip line that is anonymous. The number one fraud detection method is tipsters and giving your employees the opportunity to anonymously report fraud if they believe it is occurring.
Please take the opportunity to follow this blog or leave a comment.