The importance of conducting an annual fraud checkup

The Centers for Disease Control and Prevention recommend annual checkups for individuals of all ages. Why? Because “regular health exams and tests can help find problems before they start.”

Not only is this true for our personal health, but also for the health of companies. When unchecked for too long, many companies unknowingly foster workplaces susceptible to fraud, which can cause devastating financial and reputational losses.

Vulnerability to fraud can pose a catastrophic risk to any company, but to a small business, it can mean life or death. Plagued by limited resources, small businesses are a ripe environment for employee misconduct.

The most cost-effective way to limit losses due to fraud is to prevent fraud from occurring. An annual fraud checkup is an excellent opportunity to not only test prevention measures, but also to identify vulnerabilities and implement additional anti-fraud controls before an exposure can turn into a full-blown case of fraud. A fraud checkup should include a collaboration of anti-fraud specialists and organizational leadership with extensive operational knowledge, such as internal audit or senior management.

The fraud checkup should include these topics:

Control environment

The foundation of an effective internal control system is the organization’s control environment. The control environment — commonly called the “tone at the top” — includes management’s philosophy, oversight and responsibilities, setting the tone of the organization and influencing the control consciousness of its people. Without an effective control environment, all other areas of internal control are likely to fail. They are only as good as the foundation upon which they are created.

• Are employees surveyed regarding their view of management’s honesty and integrity?

• Are employees anonymously surveyed to assess morale?

• Has fraud prevention been incorporated into management’s performance evaluation?

• Review performance goals. Are they realistic?

• Is there an established process for the oversight of fraud risks?

Stance on fraud — the perception of detection

The perception of detection is an important deterrent to fraud. That means putting employees and management on notice that all incidences of potential misconduct will be investigated.

• Is there a process in place for actively seeking out potential fraudulent conduct?

• Is the organization’s stance on fraud clearly and regularly communicated?

• Does the organization have a code of conduct for employees based on the company’s core values?

• Does the code of conduct identify how employees should seek advice when faced with ethical decisions?

• Is there a mechanism to anonymously report potential wrongdoing?

Employee education

Educating management and employees about fraud not only increases awareness, but also the likelihood that employees will become additional eyes and ears for the organization. Educational efforts should be positive and non-accusatory, with an emphasis that fraud, waste and abuse eventually cost everyone. Fraud education should be a part of employee orientation and annual training programs.

• Is fraud awareness training provided for departments, employees and managers?

• Do employees know what constitutes fraud?

• Does management communicate annually the importance of accountability and the organization’s zero tolerance of fraudulent activity?

Conflict of interest statement

A conflict of interest occurs when an employee, manager or executive has an undisclosed economic or personal interest in a transaction that could hurt the organization. The most common situations that can give rise to a conflict of interest include accepting gifts from suppliers, employment by another organization, ownership of another company and close relationships with suppliers. The potential for a conflict of interest increases for employees in decision-making positions that would allow them to give preference to a vendor in exchange for anything of personal benefit to themselves, family or friends.

• Are employees required to complete an annual conflict of interest disclosure statement?

• Are employees provided a copy of the employee manual annually and required to sign a statement of acknowledgment and understanding?

Strengthening anti-fraud controls

Internal control plays an important role in fraud prevention. Although a system of weak internal controls does not mean that fraud exists, such a system can foster an environment for fraud to succeed. Conversely, a system of strong internal controls does not preclude fraud from occurring. However, such a system can help deter fraud and reduce the costs of any fraud that may occur.

Performing incompatible duties provides an easy opportunity for employees to commit fraud. For this reason, incompatible duties should be performed by different employees. For example, the responsibility for authorization, recording and custody of assets should never be assigned to just one person, because this person could commit fraud and more easily conceal it.

Segregation of duties can pose difficulties in departments with limited staff. Where there are too few employees to allow proper segregation of duties, direct oversight by management is one alternative to provide necessary control. In areas where it is difficult to add controls without compromising operational efficiency, analytical review and audit techniques such as data mining should be performed.

• Are duties properly segregated?

• Are physical safeguards in place?

• Are jobs rotated?

• Are vacations mandatory?

Independent checks

Independent checks test another employee’s work. They include controls to assure the accuracy and completeness of the accounting records and often serve as an acceptable compensating control when segregation of duties is compromised.

• Are surprise audits performed?

• Is management review required for reconciliations, adjustments and write-offs?

• Does the internal audit function (if one exists) have adequate resources and authority to operate without undue influence from management?

Proactive fraud detection

According to the Association of Certified Fraud Examiners’ 2018 Report to the Nations, 47 percent of all frauds detected are initially uncovered by a tip or by accident. This means that while internal audit, internal control and external audit all play an important role in the prevention and detection of fraud, they are simply not enough.

Proactive detection involves the deliberate search for misconduct, allowing transaction analysis close to the transaction date — helping to detect fraud sooner and more efficiently. A program designed to actively expose anomalies indicative of fraudulent activity should include the use of proactive data monitoring and data analysis. Combined with surprise audits, this trio of activities has been identified by the ACFE to be associated with a significant reduction in both fraud losses and duration.

• Is data mining software or continuous monitoring software used to detect fraud?

• Is a proactive audit approach utilized by the organization?

• Is artificial intelligence software used to identify risky transactions?

Measuring progress

An annual fraud checkup can provide a broad overview of the health of your organization’s fraud prevention program. Conducted annually, the fraud checkup should give way to an ongoing fraud prevention plan. Review the findings of the fraud checkup with stakeholders and weigh the decision to implement additional anti-fraud controls with the organization’s risk tolerance for the identified vulnerabilities.