Testing the high risk waters in today‚Äôs business environment
The absence of a fraud risk management (FRM) program exposes a company to financial losses and legal liability if a fraud investigation is not properly handled and the employee is wrongfully discharged, or his or her privacy rights are violated. A FRM program addresses the above concerns and establishes controls every company should have to identify risk factors.
John was the president of a small manufacturing company.¬† He employed approximately 150 people and produced a variety of products used in the construction industry.¬† The company employed a bookkeeper, Susan, to properly maintain the books and records of the company.¬† She paid invoices, managed the accounts, deposited customer payments, and performed other duties as required by the business.¬† As John‚Äôs business grew, Susan‚Äôs role expanded and she became overwhelmed.¬† Her performance suffered by the increased workload and her mistakes became more frequent, which negatively impacted the business.¬† John hired another bookkeeper, Karen, to assist Susan and absorb a portion of her workload.¬† Karen began noticing unusual transactions and deposits in one of the company‚Äôs accounts.¬† She requested copies of the canceled checks from the bank and soon discovered a $7,000,000 embezzlement scheme perpetrated by Susan over a four-year period.¬†
This story is a summation of a real event that occurred in Massachusetts in the early 2000s.¬† The story demonstrates the risk of fraud and the need for companies–of all sizes–to develop, implement and maintain a comprehensive fraud risk management (FRM) program.¬† Recent regulations and guidance, along with a heightened business risk, have increased the need to implement effective and efficient controls to detect and reduce the likelihood of fraud within an organization.¬† To accomplish this, companies are implementing comprehensive FRM programs that aim to detect red flags of fraud and identify risk factors that, ¬†if left unchecked, increase the opportunity for fraud to occur.
Consultants, such as forensic accountants and fraud examiners, are often retained by organizations and/or legal counsel in response to a crisis such as a fraud or other misconduct occurring within the business.¬† An investigation is conducted and, often times, an expert report is prepared.¬† Generally speaking, it details the steps taken to investigate the matter, contains the overall findings, and reveals any loss suffered by the business.¬† The report is usually prepared in anticipation of civil and/or criminal litigation. During the pendency of litigation, the consultant waits for his or her deposition and, if applicable, the subsequent trial.¬†¬† However, we must take a step backwards.¬† Before the consultant is retained and even before the fraud is committed, we must acknowledge that a set of circumstances and an environment existed that enabled this malfeasance to occur.¬† These combined factors are elements that enable one to evaluate what risk factors are present that could potentially encourage or facilitate the opportunity for wrongdoing.¬† Thus, we as consultants should examine the organization‚Äôs FRM program and controls to determine if a weak link exists within and, furthermore, how this link could be compromised by the fraudster.¬†
A comprehensive FRM program contains a variety of programs and controls designed to specifically deter, detect, respond and remediate fraud and misconduct within the organization.
Further, a well-designed FRM program consists of the elements identified above and significantly provides a holistic approach to managing and mitigating fraud risk.¬† Many organizations respond to fraudulent events in a reactive manner.¬† Typically, an allegation is made and an investigation is launched internally.¬† However, there are many benefits to implementing a more comprehensive approach similar to the one described above.¬† The theory that an ounce of prevention is worth a pound of cure holds very true when managing fraud risk.¬† A reactive approach serves little to reduce fraud risk.¬† Organizations must consider factors that increase the opportunity for misconduct and work to implement controls to manage this risk.
For example, a recent survey by the Corporate Executive Board (CEB) found an increase in fraud risk when one or more of the following events occur within any organization1:
- Organizational Restructuring
- Change in Senior Leadership
- Change in Job Responsibilities
- Reduction in Benefits
- Change in Direct Manager
- Wage Freeze
- Hiring Freeze
In addition, the study shows that progressive organizations will: 1) clarify the communication expectations for managers, 2) provide practical tools and trainings such as role-based ethical scenarios and clear decision-making rules, and 3) empower managers to adopt corporate communications to increase the relevance and practicality for their teams2.¬†¬† The elements listed under the fraud deterrence component of an FRM program help manage the organization‚Äôs culture and provide guidance to all employees on what is considered acceptable and ethical behavior.¬† This includes policies, clearly written job descriptions, awareness training, code of conduct and risk assessments to identify key risks.¬† A strong tone-at-the-top and tone-in-the-middle helps ensure employees act in accordance with the prescribed values and standards established by the organization.
However, there will always be examples of poor decision-making and instances of fraud and misconduct.¬† For this reason, organizations must ensure the implementation of strong fraud detective controls, such as segregation of duties, use of computer-assisted audit techniques, effective monitoring and management oversight of employee activities and business transactions.¬† These controls help identify instances of fraud before they become too large and result in a considerate loss of assets or negative impact on the organization‚Äôs reputation.
The fraud-response component involves elements to formalize the investigation of fraud and misconduct, which includes an investigation guideline, reporting standards and evidence-management techniques.¬† Far too many organizations conduct investigations in an inconsistent manner, which exposes the company to legal liability.¬† An internal investigation must be done in accordance with legal, ethical and other relevant standards in order to protect the rights of employees while ensuring the allegation is promptly addressed and conclusions properly attained.¬† The inadvertent violation of employee privacy laws or the mistreatment of employees during an interrogatory-type interview may result in civil or criminal action against the organization.¬† Therefore, companies must be mindful of these laws and ensure that investigations are conducted in accordance with them.
The fraud remediation component of the FRM program includes elements to recover assets, pursue civil or criminal action, conduct root cause analysis and ensure the reduced risk of future occurrences.¬† Many companies fail to properly remediate instances of fraud.¬† They often complete the investigation, terminate the employee, and move forward with a business‚Äďas-usual attitude.¬† This business-as-usual approach falls short of expectations as companies need to protect themselves from future loss while also gaining a complete understanding of what control failures allowed the fraud to occur.¬† Additionally, many companies ignore the possibility of recovering lost assets by not seeking legal recourse.¬† By legally pursuing the fraudster, the company enjoys the opportunity to recover lost assets and send a clear message to the organization that fraud will not be tolerated.
A comprehensive FRM program provides a clear, positive return on investment for any organization.¬† Any consultant involved in a fraud or forensic accounting matter should evaluate their client‚Äôs FRM program and make suggestions for improvement whenever necessary.¬† Our clients should be counting on us to not only aid in the investigation of fraud, but also to holistically manage the risk.
[author] [author_image timthumb=’on’]http://m.c.lnkd.licdn.com/mpr/mpr/shrink_200_200/p/1/000/018/151/3a9ddfc.jpg[/author_image] [author_info]Paul Zikmund, MAcc, MBA, CFE, MAFF, is director of Global Ethics and Compliance at Bunge.¬†Bunge is a leading global agribusiness and food company with integrated operations. Paul can be reached at:¬†firstname.lastname@example.org[/author_info] [/author]