Four Steps to Better Identify and Mitigate Fraud

According to the Federal Trade commission (“FTC”), U.S. businesses lost a total of $5.9 billion due to fraudulent activities in 2021. This alarming statistic highlights that while fraud is likely present in most companies, it may be hard to identify in a cost-efficient manner because it may not be pervasive. 

Enter the fraud risk assessment. The fraud risk assessment is an invaluable tool, particularly where budget constraints create barriers to examining or implementing controls for every fraud aspect in an organization. For forensic accountants and internal auditors, a fraud risk assessment provides a road map of key areas requiring the establishment of investigative procedures and ongoing monitoring. A fraud risk assessment offers organizations guidance on how to deploy limited resources to mitigate fraud risk in the most susceptible areas. Here are the steps an experienced forensic accountant will typically take while conducting a fraud risk assessment.

Step 1: Provide an Overview of Current Practices

A fraud risk assessment generally begins with trying to understand how an organization’s current established controls and procedures are functioning within the existing organization structure. This will help measure internal risks and how the organization is addressing external industry risks. This understanding is then used to assess the likelihood that an individual in a specific position within the organization could accomplish a given fraud scheme without timely detection. The procedures and controls are never evaluated in a vacuum but within the context of the positions that interact with the controls and procedures.

Step 2: Identify Risk Areas

Once an organization’s internal and external risks have been identified based on specific positions, the next step is to compile a list of the most likely and most easily perpetrated fraud schemes. This process should result in identifying specific fraud schemes rather than broader risks to the organization. For example: Rather than identifying revenue recognition as a fraud risk, a properly conducted fraud risk assessment should identify the organization’s risk of tying incentive compensation to quarterly revenue performance. This would be a more specific fraud risk related to the timing of revenue recognition for contracts.

Step 3: Prioritize Fraud Risk Areas and Analyze the Potential Event Impact

The next step in a fraud risk assessment is to prioritize the identified fraud risks. The results of this step should consider the likelihood a particular fraud scheme will be perpetrated and its financial, reputational and other impacts on the organization. This process helps ensure that the allocation of limited resources is directed at the areas where the greatest probability of fraud and highest material impact reside. 

Step 4: Conduct Continuous Monitoring 

Lastly, the fraud risk assessment shifts to proactive monitoring. The monitoring phase is where you conduct tests to determine if controls are sufficient to deter fraud and if remediation plans are necessary to correct areas of weakness in internal controls. 

The Bottom Line

A fraud risk assessment is an ongoing process. As external and internal factors change, so, too, do the risks that pose a threat to an organization. A fraud risk assessment must be a dynamic process that adapts and considers these changes to best respond to risk. Ultimately, a fraud risk assessment should provide a clear line of sight into the risks that are most likely to impact an organization.

This article is part of EisnerAmper’s Fraud Week Series. For more information on fraud awareness week, visit https://www.eisneramper.com/fraud-awareness