How boards can champion an anti-fraud ecosystem

A message from Grant Thornton CEO Brad Preber

Private companies are more likely to be the victims of occupational fraud than their publicly held counterparts. According to the Association of Certified Fraud Examiners 2020 Report to the Nations, 44% of reported frauds occurred in private companies compared to 26% in public companies, 9% in nonprofits, and 21% in governmental or other entities. Therefore, having a board of directors and management team that champions a culture of fraud awareness is vital.

While most organizations believe they have strong internal controls, committed fraud actors are often able to find a way around them. According to the American Institute of Certified Public Accountants, “most of the major fraud cases in the past 50 years that had catastrophic results for the organization were perpetrated by senior members of management circumventing or overriding seemingly sound systems of internal control.”

Grant Thornton took part in a five-year study by The Center for Audit Quality in conjunction with the Anti-Fraud Collaboration. The study examined fraud schemes based on an analysis of SEC enforcement actions, revealing four themes:

• The most common types of fraud are improper revenue recognition, reserves manipulation, inventory misstatement and impairment issues.
• Improper revenue recognition appears to be the most prevalent fraud scheme almost every year, and it was among the top two fraud schemes from 2014 through mid-2019.
• The technology services sector is most commonly charged by the government, though finance, energy, manufacturing and healthcare industries also experience frequent accounting and reporting issues.
• CFOs are the most commonly charged employees, followed by CEOs.

The board’s role According to the Committee of Sponsoring Organizations (COSO), “the board of directors and senior management establish the tone at the top regarding the importance of internal control, including expected standards of conduct.” This includes ensuring that proper safeguards are in place.

Fraud historically increases during economic downturns, making the board’s role especially important today. Boards must constantly adapt, as fraudsters evolve new and creative schemes. Consider the government’s Paycheck Protection Program (PPP). While the program only began in April 2020, according to Wired Magazine, as of December, the Secret Service was investigating 700 cases of fraud and the Justice Department has already charged 80 people with attempting to scam $240 million from the program.

The anti-fraud ecosystem Minimizing fraud risk requires extreme diligence from all the participants in the financial reporting ecosystem, from the board, to management, to the external auditor. Companies can effectively fight fraud by continuously exercising professional skepticism, focusing their attention on high-risk areas and conducting ongoing regular risk assessments. As an annual audit is not a part of a company’s controls, boards and management should conduct ongoing fraud assessments throughout the year.

Actions speak louder than words and setting the right tone around fraud is critical. Tone starts at the top with the board of directors and senior management. But it does not stop there. Boards must integrate an anti-fraud mindset throughout the company, reaching senior management, middle management, internal controls and the external auditor.

Skepticism is also critical. Boards should reinforce that management reminds employees, customers and stakeholders to be wary of emails offering assistance, or directives to override internal controls, even if they appear to come from an official source. Oversight by the board should ensure that management has instructed employees to always verify requests through an alternate channel.

Boards also need to focus on internal controls over fraud. It’s critical that internal controls be continually updated for today’s remote workforce. No one knows when COVID will end, but most people believe — myself included — that large numbers of employees will be working remotely on a long-term basis.

Cybersecurity is key, too. Boards should be satisfied that cybersecurity practices and protocols are up to date. This means creating strong firewalls, establishing protocols for remote employees, updating patches, protecting credentials and maintaining effective password-management procedures. It also means controlling employee and senior management access to sensitive systems.

Ensure your company’s plans includes fraud- and cyber-threat intelligence monitoring of the dark web. This includes information on what cyber fraudsters are buying and selling along with the new techniques they use, providing advance notice of future fraud risks for your organization.

Analytical tools are also useful to boards. Fraud-busting technologies such as data matching, anomaly detection and identity analytics should be employed by management and shared with the board. Of course, data collection and governance are essential. The more data organizations effectively collect now, the better positioned they will be to prevent or timely detect and mitigate fraud to acceptable levels as the pandemic plays out.

Having spent my career helping companies avoid and respond to fraud, this area is a personal passion of mine. Fraud attempts have increased significantly due to the unique circumstances of the past year. By raising awareness about increased fraud risk and responsibility, from the board of directors all the way down to the users of the financial statements, we can better protect the business and its stakeholders.

Grant Thornton and the Association of Certified Fraud Examiners have created an Anti-Fraud Playbook, which may be of assistance to both directors and to management teams as they deal with the increasingly complex dynamics of managing fraud for today’s enterprise.

For more pragmatic insights, visit our Boards and Audit Committees page.

Brad Preber is the CEO of Grant Thornton LLP and previous chairman of the firm’s Partnership Board. He has more than 35 years of experience serving as a consultant, expert witness, forensic accountant and fraud investigator. He also serves on the board of governors of the Center for Audit Quality.

Contacts: