Compliance and Risk Management
4
Minutes to read
Fraud risk poses a unique challenge that involves intentional, deceptive actions within an organization. Discover how to proactively mitigate fraud and enhance your organization's defenses through targeted risk assessments.
Fraud risk is complex and differs from other risk typically found in an organization’s Enterprise Risk Management (ERM) program. Unlike financial, operational, or compliance risk, fraud risk specifically involves intentional, deceptive actions or misconduct by individuals or groups. Fraud is perpetrated by people, not processes, systems, or business units.
According to the ACFE’s Occupational Fraud 2024: A Report to the Nations, organizations lose 5% of their revenue to occupational fraud each year.
“Many organizations are often unprepared to identify and manage fraud risk leading to surprise, confusion, and strong emotions when a fraud is perpetrated against them."
“Many organizations are often unprepared to identify and manage fraud risk leading to surprise, confusion, and strong emotions when a fraud is perpetrated against them,” said David Varner, Solution Lead in Clearview Group’s Compliance and Risk Management practice.
To better understand and analyze fraud risk, many organizations utilize the “Fraud Triangle” to explain the factors that lead people to commit fraud. It consists of three interrelated elements:
While organizations can implement various controls and measures to mitigate opportunities for fraud, they tend to have less influence over pressure and rationalization. Those factors typically lie more within the individual or group's mindset and external circumstances.
Pressure may stem from financial difficulties, job insecurity, or personal motives, making it challenging for organizations to address directly. Similarly, rationalization involves justifying unethical behavior, which can be influenced by personal values, peer influence, and organizational culture.
All these influential factors make fraud risk hard to quantify; it’s either mitigated or not. This makes traditional risk assessment methods that use probability and impact to calculate and rank a raw risk score challenging to apply.
However, many organizations use a targeted fraud risk assessment to identify and manage fraud risk.
A targeted fraud risk assessment begins with understanding an organization’s business units and processes. Identifying where these units and processes intersect is essential, as these intersections represent specific activities where fraud could be perpetrated.
To assess fraud risk effectively, your organization must map these activities to potential fraud schemes. This means identifying the different ways fraud could happen within each activity.
For example, a typical accounting and finance function would have an accounts payable process that consists of many different activities. One of those activities would likely be adding a new vendor to the vendor master file. This would introduce the risk that an employee could add a fictitious vendor and perpetrate a fictitious invoice scheme.
“The ACFE Fraud Tree and Report to the Nations are valuable resources for identifying the various fraud schemes and understanding the current fraud risk landscape,” said Varner.
The next step is to evaluate if controls are in place to prevent or detect these schemes. Types of controls you might find include:
Generally, preventive controls aim to stop fraud, while detective controls aim to catch fraud after it happens. It’s important to evaluate how well each control was originally designed and how effectively it currently operates. Weak or missing controls increase an organization's exposure to fraud and create higher risk.
In the previous accounts payable example, restricting access, segregating functions, and reviewing and approving invoices before processing would likely reduce the risk that a fictitious invoice scheme could happen.
Organizations face ongoing challenges related to fraud risk. Understanding its unique nature and using effective tools can enhance an organization’s ability to prevent and detect fraud.
By taking a proactive approach with a targeted fraud risk assessment, your organization can be ready to respond quickly to any fraud incident.
Are you interested in a targeted fraud risk assessment? Get started today.
We are a full-service management consulting and CPA firm covering all aspects of audit, compliance, risk management, accounting, finance, tax, IT risk, and more. Just let us know what you need help with and an expert will be in touch!
Request Your ConsultationClearview Group is an award-winning, dynamic management consulting and CPA firm offering services that are flexible and scalable to meet the specific needs of our clients of all sizes and industries. Committed to providing real solutions that offer practical and efficient improvements to processes, procedures and operations, Clearview Group delivers exemplary client services normally associated with national firms, but with the hands-on, personalized feel of a local firm.
11155 Red Run Boulevard, Suite 410
Owings Mills, MD 21117
410-415-9700