Benjamin Franklin famously stated that, “an ounce of prevention is worth a pound of cure.” This is definitely true when it comes to financial frauds – a fraud risk assessment (the prevention) is definitely better than fixing an internal control deficiency after a fraud (the cure). Let’s look at some numbers, according to the Association of Certified Fraud Examiners’ most recent report:
- An estimated 5% of a company’s annual revenues are lost to fraud;
- The median loss caused by fraud is $145,000 and 22% of fraud cases result in losses of at least $1 million, and;
- Fraud is a significant threat to small businesses; the smallest organizations in the study suffered median losses almost equal to those suffered by the largest.
So how can a business provide the proverbial “ounce of prevention” against fraud? A fraud risk assessment reviews existing internal controls and processes to identify and address potential internal control deficiencies and fraud risks before a fraud has occurred. While no accounting or internal control system is completely fraud proof, understanding and addressing your company’s potential control weaknesses is a good place to start.
Fraud Risk Assessment
A fraud risk assessment can be a comprehensive, one-time review of a company’s entire internal control system (that is, unfortunately, often performed after a fraud has occurred). A comprehensive review can be both time consuming and a significant use of limited financial and human resources. As an alternative, companies may develop a fraud risk assessment strategy that creates a longer-term plan to conduct assessments of each operational and accounting function on a rotating basis over a period of years.
There are several advantages to this type of fraud risk assessment strategy:
- The operational impact of the fraud risk assessment is reduced since only certain functions are reviewed in a particular year;
- The financial cost of reviewing the entire internal control system is spread out over a period of years, and;
- The rotating functional area reviews provide an annual reinforcement of the company’s commitment to effective controls and fraud prevention.
Whether a company elects a comprehensive or rotating internal control review, a fraud risk assessment will identify potential risks, each risk’s likelihood of occurrence and the magnitude of its potential loss. The design and operating effectiveness of the current internal control structure is then evaluated. Any significant internal control deficiencies identified in the assessment – especially those related to the risks that are both most likely to occur and could result in significant losses – should be addressed with new, redesigned or re-implemented controls, as appropriate.
Interested in learning more about fraud risk assessments, internal controls or fraud investigations? Contact Keith Hock at (513) 505-4590 or firstname.lastname@example.org, Rebekah Smith at (614) 947-5300 or email@example.com or Tom Powers at (614) 947-5215 or firstname.lastname@example.org.