Publicly traded companies must conduct fraud risk assessments but privately held businesses aren’t subject to the the same fraud risk assessment requirements. Reviewing internal controls for gaps that may allow crooks to slip through is recommended for all companies, but if you’re like most business owners and executives, you may not actively search for fraud risks until there’s an incident and you’re facing possible losses.
4 major ways
A comprehensive risk assessment might start in the areas where fraud is most likely to happen, such as accounts payable, purchasing and IT. But don’t stop there. If you close a door in only one department, those bent on fraud will find openings elsewhere.
Look at your internal controls in the same way a dishonest employee would — as opportunities that pose relatively little risk of exposure. In general, there are four major ways employees might exploit weak internal controls:
- Fraudulent financial reporting, such as improper revenue recognition and overstatement of assets,
- Misappropriation of assets, including embezzlement or theft,
- Improper expenditures, such as bribes, and
- Fraudulently obtained revenue and assets, including tax fraud.
Some schemes, such as payroll fraud or kickbacks, can involve external people in addition to employees. And bear in mind that fraud may be limited or widespread and affect everything from individual accounts to entity-wide processes. Controls should address all levels and all types of fraud.
Where to start
Your assessment should start with interviewing key executives and managers. They’ll provide you with a first glimpse of potential risk areas. Perhaps more important, these conversations will help you judge whether company leaders are setting the ethical “tone at the top” that’s integral to fraud prevention.
Next, identify the number and names of employees who handle or review accounting functions. How many, for example, reconcile bank statements or are authorized to make bank deposits? Spreading accounting and banking duties across multiple employees — or shouldering some of the review processes yourself — provides segregation and oversight that are essential to deterring fraud. Regularly review organizational charts to ensure constant segregation of duties.
Also consider your company’s key performance indicators. Fraud risks, for example, can show up in the performance of sales goals or in inventory management. And review your fraud-risk management budget. Compliance training, internal controls monitoring and ongoing risk reviews should be included in your business’s budget.
Good financial sense
When analyzing your findings, remember that your company’s processes, procedures, programs and policies make you unique. That’s why it’s a good idea to engage an expert to perform a thorough fraud risk assessment. Contact Adam Hennen, CPA, CFE, CITP or Andrea Addo, CPA, MBA, CFE, CITP, to discuss how a fraud risk assessment could benefit your privately held business.