Let’s talk Fraud Risk Assessment. It’s something we do often in many other areas of life. Protect your wallet? Start by always taking it inside with you. Protect your home? Start by locking the door. Protect your money? Start by using a bank. Protect your identity? Start by discerning when and how to give information on credit cards or your social security number.
Everyone develops procedures of security against perceived fraud risks in their individual lives. You should do the same with your organization.
Every company is different; therefore, every company’s needs are different. What are your areas of fraud risk? How do you determine these? How do you defend against them? The process can become overwhelming quickly if you don’t have the right mindset.
Your Guiding Principle
Fraud risk assessment is largely hypothetical. The objective with this activity is not to design defenses against fraud. It is not to catch fraud you might suspect.
The objective is to imagine what fraud is possible, only to determine what fraud needs to BE prevented. Keep this in mind as you talk with your team. Defenses and control activities come later. Keep. It. Simple.
Your Best Procedure
You can solicit input using several techniques—focus groups, interviews, anonymous forms, surveys—and all of these can be effective. However, all of these can also lead to significant prep time, time summarizing results, and then meeting after meeting after meeting…
My favorite way to begin Fraud Risk Assessment is far simpler:
Gather a team
Talk together in a room
Record risks that are identified
Again, your primary goal is just to identify fraud risks within your company. As risks become apparent, often everyone wants to propose solutions and create defenses immediately.
Avoid the temptation to create specific control activities during your assessment. Everyone will begin to feel overwhelmed by perceived fraud risks and immediately want to find solutions, and you will leave your assessment tired and frustrated.
Once you have your basic fraud risk assessment in hand, you and your employees can rest, refresh, and be better prepared to design customized control activities later.
If your company has few employees, say 1-3, your fraud risk assessment can probably be performed by one person. Larger companies may want to form a team, including managers or supervisors of different departments or teams. As your company grows, make sure your risk assessment team includes individuals from each operation area: upper management, middle management, sales, accounting, human resources, legal, billing, etc.
A great move is to designate a facilitator in the group to guide the process and keep everyone on track. Select a different person to record issues as they are discussed. Together, you will compile a straightforward list of all identified risks.
How do you get the conversation going? How do you assemble a team of people to assess fraud risks without sounding like you are seeking confessions for unethical or even illegal behaviors?
Frame this assessment as a hypothetical evaluation. That is, after all, exactly what it is. You are not accusing anyone of fraud; you are asking them to join you in your efforts to prevent fraud. Always communicate that protecting the business is protecting your people. It benefits everyone. This fraud risk assessment will give everyone the chance to help defend the company before an attack even comes.
Have your employees discuss weaknesses they see in your day-to-day operations. As a team, ask the question, “How would YOU steal from the business?” You will be amazed at the risks you can identify when you have everyone’s unique perspective and creativity.
Bonus thought on performing Fraud Risk Assessments WITH your employees. Involving your workforce in this process does two amazing things for fraud prevention.
It automatically increases the Perception of Detection among your employees. This area of fraud prevention is an increasing passion of mine. Raising awareness of fraud itself in your company shows significant reduction in the likelihood of loss due to fraud.
You are building a fantastic environment of inclusion. Businesses built with their employees invite them to truly be part of the company’s vision, purpose, and yes, even protection. Strengthening everyone’s professional and emotional investment in the company grows a team that strives for communal success.
Fraud Risk Assessment raises awareness of where your weaknesses exist. Keep it simple, and it can provide a fantastic basis for you to create (or improve upon) your control activities.
Empowering small businesses to develop strong Anti-Fraud Programs is our mission. We provide consultations to design, evaluate, and improve your anti-fraud program. You can also get a step-by-step guide to design a program that can be tailored for your specific needs by purchasing Steve Dawson’s book, Internal Control/Anti-Fraud Program Design for the Small Business.
If you think there may already be fraudulent activity in your company, contact us today through our website.