Winston Churchill once said, “Civilizations that forget their past are doomed to repeat it.” A 2008 year-long national study revealed that employees, customers and suppliers stole more than 7% of the average U.S.-based companies’ revenues. The same study showed that during the massive frauds in the late 1990’s and early 2000’s, external CPA firms were complicit or knew about 50% of the biggest frauds—and did nothing! While no organization or consultant can create a truly “fraud-proof” company, the steps in this article will show you how to protect your company by establishing helpful practices for early detection. To begin, a company must form an effective fraud resistance team that will combat fraudulent practices.
Who Should Be Involved?
A typical fraud resistance team should be a cross-functional group consisting of the following:
- Financial professionals
- Internal auditors
- Operational process owners
- Business management professionals
- Project managers
Members of this team should be anyone tasked with the effective and efficient evaluation of potential investments, acquisitions, outsourcing agreements, or long-term contracts with unknown entities. It should be “championed” by a member of executive management who has the ability to commit resources—intellectual, human and economic—to this strategic initiative. This commitment creates an ethical corporate culture that engulfs all aspects of the company’s activities.
Step One: Establishing the Fraud Resistant Company
Management can play a key role in the prevention and detection of fraud. Top management must first develop the strategic, tactical and operational business plans that provide the key components of the “fraud resistant” organization. By allowing a free-form environment, you actually encourage fraud.
The business plans’ structure is important to mandating specific behaviors, requiring ethical conduct and evaluating results. Employees, clients and suppliers must understand what constitutes acceptable practices and behaviors.
Don’t be a rudderless ship at sea; chart your course before you set sail. The rigorous use of budgets, forecasts and performance standards establish a “baseline” of what the results should be. In the case of budgets, employees know that senior management will hold them accountable for results that differ from what was projected. This sense of accountability is a strong fraud deterrent.
Step Two: Maximize the Benefit of Internal Financial Reporting
The internal financial reporting structure of the organization is the “first line of defense” in creating a fraud resistant company. The company’s accounting system shows the economic impact of management decisions and employee behavior. Simple disciplines, such as variance analysis, (measuring actual performance against the business plan) can raise the “red flags” of fraudulent activity.
Step Three: Design and Implement Effective Internal Controls
Internal controls represent how a company will conduct business through any action taken by management that enhances the probability of achieving the objectives for specific processes. The effectiveness of controls to deter and detect fraud is highly dependent on the tone from the business’ top leaders, based on high ethical standards formed by the board of directors and executive management. Through the establishment of a well-documented set of internal controls, CEOs and management effectively deters the commission of fraud.
Effective controls deter fraud by:
- Providing specific accountability for deviations from established procedures
- Requiring monthly analytical reviews and reconciliations of cash and other valuable and moveable asset accounts
- Ensuring deviations are reported timely to the appropriate level of management
- Providing a structure enabling regulatory agencies and audit committees to identify material deviations
- Informing employees that perpetrators will be identified promptly
When compliance with established controls is mandatory and monitored by management, routine reports and reconciliations identify the existence of minor deviations from typical procedures. Controls provide the structure for evidence-gathering to calculate the losses resulting from fraudulent activities. In addition, controls provide the information essential to help identify the perpetrators. However, controls alone cannot ensure the detection of fraud. Meaningful audit evidence from these procedures depends on the seasoned judgment of experienced CEOs and their forensic accountants who have a total understanding of the company’s industry as well as the environmental, institutional, and individual factors that increase the risk of the commission of fraudulent acts.
Article Provided by:
Richard Balog of Balog + Tamburri, CPAs in St. Augustine. He can be reached at (904) 268-1148 or firstname.lastname@example.org.