According to the Association of Certified Fraud Examiners 2020 Report to the Nations, organizations lose 5% of revenue each year to fraud. Fraud is most likely happening at your organization, both internally by employees and externally by vendors or cyber criminals.
During challenging economic times, fraud and other crimes increase, and the downturn caused by COVID-19 is no exception. COVID-19 introduced massive changes in consumer behavior, which necessarily changes your company’s customer interactions.
“When a board suspects that fraud may have occurred within an organization, they must quickly ascertain whether or not management is involved. If it is deemed that management may be involved, the board then has the responsibility to hire the appropriate outside independent advisors to conduct an investigation. This is why it is so critical that board members have the breadth, depth and business acumen to make a quick assessment about management.”
– The board chair of a public technology company
Private companies have fewer statutory requirements related to fraud risk analysis and fraud reporting, and they might be less prone to undertake these activities as a result. That said, even public companies that follow more stringent anti-fraud requirements sometimes conflate regulatory compliance with fraud-risk mitigation.
The benefits of getting it right
Boards of companies engaging in thorough fraud-risk analysis and carrying out substantive fraud investigations will benefit from it in many ways. Some of these include:
“One of the issues that has really been driven home by the pandemic is the critical importance of resiliency -- the ability to sense, interpret, and respond to idiosyncratic events. Fraud detection is a great example of the need to be able to connect the dots by analyzing customer norms and behavioral patterns using internal and external data. This sense and respond approach requires a culture of decision making as well as supporting systems that are integrated, adaptable, and analytically driven.”
- An increased trust in (and transparency into) the decisions made by management, as they are based on “pressure-tested” information
- A better “finger on the pulse” of emerging trends affecting the company (i.e., risks on the horizon)
- Better insights into management’s ability to maximize returns/cost recovery
- Greater confidence that management’s commitment to fraud detection will resonate positively with vendors, auditors, lenders, and insurance brokers
- Strengthened positioning in M&A activities in terms of minimized fraud exposure
– Shelley Leibowitz, board member
Five key questions to ask management
- Is there a thorough understanding of the organization’s complete risk universe? How is this understanding demonstrated to the board?
While the business must identify its risks, don’t try to boil the ocean. Instead, focus on identifying both the internal and the external risks most relevant to your organization. Document this information in a formal way as part of a fraud risk assessment.
- Is management contemplating fraud risk (both internal and external) within their periodic risk-assessment techniques?
Many organizations focus on perception-based questions as part of a fraud-risk assessment, but the reliability of such perceptions can differ. A better approach is to map out your organization’s objective risks and to design a set of information-based questions aimed at assessing the strength of controls to protect against those sources of risk.
- Has management involved the right people within the organization (from key domains of risk, based on the company profile)?
“Under today’s circumstances, corporations and non-profit organizations are more challenged than ever in avoiding fraud, regardless of the source. Are they capable of detecting it and managing recovery thereafter? Often, meeting such responsibilities are at least partially beyond in-house capabilities. From the perspective of a board of directors, specialized help may be highly desirable to assist management in all aspects of fraud avoidance and remediation when necessary.”
Organizations tend to keep their fraud risk assessment teams small or focused only on senior leadership. Aim for a broader set of perspectives from front-line business staff. Building a risk-assessment team derived from various in-house functional areas can help you train stakeholders on fraud risk, on their role in fraud risk prevention and detection, and on why fraud risk management matters.
It is important that management builds a sound foundation and breaks out of work silos, making the team genuinely multi-disciplinary. This multi-disciplinary approach should begin with the risk assessment and should extend into the communication of outputs from the risk assessment. Properly done, this risk assessment lifecycle strategically integrates the risk perspectives of functional leaders who might not otherwise collaborate in the normal course of business.
– The lead board director at a public company and former chief financial officer of two research universities
- Is management using data analytics to detect, report on, and mitigate fraud?
As you conduct your fraud risk assessment, match your identified fraud risks to your identified anti-fraud controls. Once you assess and score risks, leverage this inventory to understand what controls are in place to combat a known risk and to understand how strong those controls are in practice. Far too many organizations fail to perform this risk-to-control mapping, and this results in controls that are not fit for their purpose and/or do not address specific kinds of demonstrable fraud risk.
- For identified risk areas, is management turning insight into action?
If you are not using the insights gathered during your fraud risk assessment to take meaningful action, you are not making full use of your assessment. Your fraud risk assessment is a tool, one of many, and it should serve as the baseline for action — not be the end in itself. The results of such an assessment should drive decisions, resource allocation, controls rationalization, and process improvements.
Grant Thornton and the Association of Certified Fraud Examiners have created the 2020 Anti-Fraud Playbook
, which may be of assistance to both directors and to management teams as they deal with the increasingly complex dynamics of managing fraud for today’s enterprise.
Practice Leader, Forensic Technology
+1 404 704 0144
Fraud Risk & Analytics
+1 860 781 6744
Fraud Risk & Analytics
+1 703 637 2614