Reprinted with permission by Bloomberg Law.
While studies and surveys are regularly conducted to quantify fraud and its financial impact on businesses, the resulting estimates are inevitably understated: many organizations are unlikely to provide a holistic picture, given the impact fraud can have on such factors as reputation, supplier and customer confidence, and share price.
Many organizations rely on end-of-year financial accounting requirements as a means for preventing fraud. However, this habit is based on a common misconception that the auditors conducting a statutory audit are looking for fraud—but this is not necessarily true. The primary role of an auditor is to ensure the books and records of a company show a true and fair view of the financial position of the company, that the company has adequate controls in place, and that its accounts are not materially misstated. While the work of the auditor may uncover fraud, it is not the audit’s main objective.
The solution? A separate fraud review. Such reviews help businesses, large and small, to pinpoint areas of vulnerability by identifying fraud and areas of significant risk, and prevent future frauds occurring by deterring perpetrators and closing vulnerabilities in internal controls. If you choose to conduct a fraud review, keep the following in mind.
Organizations should not assume that because there has been no issue with fraud in the past, there’s no reason to look for it now. Statistically, frauds can run undetected for many years and are usually uncovered accidentally or by a tipoff. Entities that have not previously identified large-scale fraud may see fraud detection as an added cost eating into additional areas of the budget or profit margin. While many frauds go undetected for long periods of time, often several years, it is the responsibility of the management to ensure that adequate governance and controls are in place to both deter and identify fraud. Fraud reviews, used as part of a wider fraud prevention strategy, can identify fraud early and will typically pay for themselves in both tangible and intangible ways.
For example, a recent fraud review of a construction company’s procurement system and vendors identified several conflicts of interest between suppliers and employees, including a high-value fraud that had been being conducted for nearly three years. As a direct result of conducting a proactive fraud review, the client not only stopped the fraud but recovered losses in excess of $3 million.
It helps to have a checklist of items to search for. End-of-year financial statements are particularly susceptible to manipulation, as managers try to meet year-end budget goals or set up for a successful first quarter. These numbers often impact bonus payments or how resources are allocated for the following year. Reviews should be conducted on end- and start-of-year transactions looking for patterns of financial manipulation.
Common examples of financial statement manipulation include:
- Falsifying or manipulating revenue by accelerating or delaying it to a different financial period
- Timing differences between expenses and liabilities
- Increased discounts, reducing margins but ensuring bonuses or commissions are paid
- Improper asset valuations
Before departing on a widespread manhunt, organizations should begin with an understanding of their blind spots—and prioritize target areas. According to a recent study by the Association of Certified Fraud Examiners, organizations typically only employ 2.21 fraud investigators for every 1,000 employees on staff. In the same study, nearly two-thirds—63 percent—of organizations noted they do not outsource any of their fraud investigations. This means they could be leaving areas of the business vulnerable.
Chief financial officers or internal audit professionals should partner with corporate investigators to receive an external perspective. They should understand the industry, where the business’s weak points are, where its internal controls are lacking, and how and who can override those controls.
For example, a fraud review conducted at an engineering company in the Middle East identified supply chain issues that in turn uncovered a long-running fraud involving the management and several suppliers. Following an investigation, the company, working with its independent investigators, was able to recover kickbacks and overpricing from the vendors totaling $15 million—while levying controls to get ahead of these scenarios in the future.
To mitigate the risk and occurrence of fraud now and in the future, companies should invest in updating and reviewing their controls to reduce loss to fraud in the future. Businesses are dynamic and evolving; controls must adapt in turn to address areas of risk. Following are some steps that can be taken now.
Create a tailor-made review. Would you buy a running shoe in the wrong size, just because it looks nice on the shelf? Much like running shoes, fraud checkups are not a one-size-fits-all solution. Partner with an independent third party, the CFO, and internal audit personnel to gather a deep understanding of what is needed, and make sure the program can hit the ground running and is sustainable.
Fraud detection = fraud prevention. A regular fraud health check-up is essential. This can be done on a rotating basis between different areas of the business at regular intervals—quarterly, biannually, or annually depending on the business unit. If employees know a company is proactively looking on a regular basis, many will be deterred, allowing focus to be placed on higher risk areas.
By setting the tone and instituting regular review processes, organizations can get ahead of fraud risks. Small steps now can have a lasting impact in the future.