Despite the real threat and high cost of fraud, too many businesses fail to build fraud risk management programs that work. If you have put off taking this important step toward protecting your company, now is the time to act.
The first significant challenge is to understand where your company is at risk. Be specific and realistic. Your vulnerabilities aren’t necessarily the same as those of similar-size businesses or even of your close competitors.
You also need to examine your risk objectively. The question isn’t whether your long-time bookkeeper would embezzle funds, but whether he or she could. In assessing your risks, consider both internal and external opportunities for malfeasance and how employees at any level of seniority could work alone or in concert to exploit them.
Next consider the costs of your risk, including the consequences and long-term impact of letting it go unaddressed. Risk management is more than buying insurance. It’s working toward reducing your insurance needs because you’ve taken steps to close exploitable gaps.
Put it in writing
If you don’t have a written code of ethics and business conduct, develop both and document them. Fraud prevention begins at the top, with a clearly communicated commitment on the part of management. It isn’t enough that you have a code of ethics; you must be seen following it.
Look at your internal controls. Your policies should, at a minimum:
- Segregate financial and accounting duties,
- Require annual vacations for employees,
- Restrict unauthorized access to offices and other facilities and computers,
- Protect electronic files with user IDs and frequently changed passwords,
- Address training supervisors and managers to spot fraud, and
- Mandate internal and external audits that include scrutiny of fraud prevention measures.
Not all risk is created equal. Some risk has the potential to cause damage that will ripple throughout the company but, viewed objectively, is highly unlikely to occur. In deciding how best to allocate your fraud prevention resources, assess the probability of different risks, rather than simply their size.
Work to set up a continuous monitoring system that will allow you to track and adjust controls as changing circumstances require. We can help you do this. For more information on creating a comprehensive risk control program, contact us.