The Business/Legal Investigator |
January 15, 2009 |
| In This Issue: |
The Perfect Storm
(Fraud in an Economic Downturn)
by Joseph T. Wells, CFE, CPA
Part 2 of 2 parts
Welcome!
It's hard to believe that the Holidays are upon us already! As this will be our last E-Newsletter this year, I wish to thank you all for your readership and your continuing interest in fraud-based business issues. This periodical is intended to inform you, the business professional, how to protect your business from internal and external fraud. We appreciate the positive feedback we've received thus far, and will continue to bring you educational and thought provoking material throughout 2010!
Last month we brought you the first of a two-part presentation by Joseph T. Wells, CFE, CPA, and founder of the Association of Certified Fraud Examiners. In this issue, Part Two, Mr. Wells guides us through fraud risk assessment and assembling your fraud risk assessment team. As Mr. Wells indicates, this is only a "bare-bones" representation of a fraud risk assessment. Should you find the need to undertake a complete and in-depth examination of your company's fraud risk, we are ready, able and willing to assist you.
Have a joyful Christmas and a healthy, happy and prosperous 2010!
Respectfully,
David B. Watts, CLI
ALLIED BUSINESS SOLUTIONS, solely owned d/b/a of
Interprobe Affiliates, Inc. a Florida Corporation
(Our twentieth year serving our clients in Soutwest Florida!)
FL Lic. No. A89-00394
THE PERFECT STORM
(Fraud in an Economic Downturn )
by Joseph T. Wells, CFE, CPA
Part 2 of 2 parts
THE FRAUD RISK ASSESSMENT
Here are the bare-bones steps that must be considered in conducting a basic fraud risk assessment.
..Identify potential inherent fraud risks. This requires brainstorming to learn incentives, pressures, and opportunities to commit fraud; the risks of management overrides of controls; specific assets, corruption schemes, and the manipulation of financial statements; risks of regulatory and legal misconduct; reputational damage as a result of fraud; and information technology vulnerabilities.
..Assess the likelihood of identified risks occurring. The likelhood should be classified by three categories: remote, reasonably possible, or probable.
..Assess the significance to the organizataion of the fraud risks. They can be categorized as immaterial, significant, or material.
..Evaluate those people and departments most likely to commit fraud and identify the methods they're most like to use. For example, the purchasing department is most likely to engage in kickbacks and the chief purchasing agent is the most likely suspect. In the accounting department, the common schemes include fictitious vendors. Each department in the company has its own specific vulnerabilties.
...Identify and chart existing preventive and detective controls to mitigate the relevant fraud risks. This will point out holes in existing controls.
..Evaluate the identified controls to find if they're operating efficiently and effectively. Keep in mind that controls must be balanced. They must be cont-effective and not so onerous that business can't be effectively conducted.
..Identify and evaluate residual fraud risks resulting from ineffective and nonexistent controls. This can include management's override of exisiting congtrols, lack of appropriate prevention and detection methods and noncompliance with established procedures.
..Respond to residual fraud risks. There are only four practical solutions: avoid the risk, transfer it (e.g., insurance), mitigate the risk, or assume it. Decide which is right for your company.
THE FRAUD RISK ASSESSMENT TEAM
It's foolhardy to believe that auditors - internal, external or both- have all the answers to address fraud issues. What's needed is a multidisciplinary approach tusing a wide range of talents including:
..Accounting and finance personnel who are familiar with the accounting processes and controls.
..Non-financial business unit and operations personnel to leverage their knowledge of day-to-day operations, customer and vendor interactions, and issues within the industry.
..Risk management personnel to ensure that the fraud risk assessment process integrates with the organization's risk management program.
..Legal and compliance personnel to identify risks associated with potential criminal and civil liablities if fraud occurs.
..Internal auditors who are intimately familiar with controls and monitoring functions.
..External consultants with experience in standards, key risk indicators, antifraud methodolgy, control activities, and detection procedures.
..Management including senior mangement, business unit leaders, and appropriate others who are ultimately responsible for the effectiveness of the organizations's fraud risk mangement efforts.
Deterring fraud in difficult economic times isn't easy. As I said, most organizations are going to be required to do more with less. But the other choice is equally unatractive - to let fraud go unchecked, which will just make a bad situation worse.