Risk Assessments Help Find Vulnerabilities — Before They’re Exploited
It’s natural to believe that your employees are entirely honest, but that’s not always the case. Fraud risk management is a vital part of keeping your company safe. A fraud expert can evaluate your organization and spot vulnerabilities before a criminal can.
Looking for opportunities
A fraud expert will look at your business’s internal controls in the same way a fraud perpetrator would — they’ll try to find fraud opportunities where there’s relatively little risk of exposure. One of the primary ways to find weaknesses is by interviewing key executives and managers. They can provide a first glimpse of potential risk areas. In addition, these conversations help an expert determine whether company leaders are setting the ethical “tone at the top” that’s essential to fraud prevention.
An expert will also identify the number and names of employees who handle or review accounting functions such as reconciling bank statements and making bank deposits, and ask how much vacation time accounting employees are required to take. The fewer employees involved in financial functions, and the less time off they take, the greater your company’s risk for fraud.
Most major functions of your business — from purchasing to shipping, IT to HR — will be reviewed for risk. A fraud expert is also likely to ask about your:
Key performance indicators. When management sets aggressive performance goals, employees may feel they need to do anything, including cheating, to meet them.
Fraud-risk management budget. Compliance training, internal controls monitoring and ongoing risk reviews take time and money and should be included in your annual budget.
Acting on results
When you receive the results of your assessment, concentrate on the greatest risks specific to your business. For example, a manufacturer that regularly purchases parts inventory may have more risk of procurement fraud.
Next, consider less-critical areas. Typically, you should have one key control for each risk. So if payment authorization is a vulnerability, you could require multiple approvals for expenditures over a certain amount.
Be sure to assess all the risks associated with processes, too. For example, you’ve probably surrounded your IT system with protections from outside invaders. But are you guarding against intrusion from inside the fence? Finally, businesses that don’t have a fraud hotline are usually encouraged to establish one.
Even if your fraud risk assessment shows that your company is in the clear for now, an anti-fraud policy can ensure that you have the internal controls in place to remain safe from fraudulent activity. JLK Rosenberger can evaluate your business’s unique risks and create a policy to address your particular vulnerabilities. Call us at 949-860-9902 or click here to contact us to learn more.