How does one
conduct a fraud risk assessment?
Anonymous
(CFO) | Jan 19, 2015
If I was going to audit our existing processes to look for
vulnerabilities what would be the best way to start my assessment?
Answers
Proformative Advisor
(President/Owner at AlphaMac Resources, Inc.) 
|
Jan 19, 2015
Follow the money. That may sound simplistic, but fraud is going to occur anywhere there is value
to be stolen. This includes, cash, fixed assets, product, raw materials, accounts payable, etc. Think of any way someone
can divert assets to their personal use.
Here is a short list of things to look at:
1. Pay to play schemes for vendors
2. False/fake vendors
3. Poor controls over check stock and access to checking accounts.
4. Expense reports - false invoices, etc
5. Poor controls in accounts receivable and accounts payable
6. Poor segregation of duties in cash, A/R, A/P and inventory control
7. Employees living above their means. (example: extravagant spending on cars,
trips, jewelry, parties, etc.)
8. Lack of or poor reconciliations and detailed review by management.
9. Poor physical security of assets (cash, inventories, fixed assets, vehicles, etc)
10. Poor password and network security.
11. Manual journal entries to accounts that should only have automated entries.
Finally, if you don't have a way for employees AND vendors to report issues to you in
a confidential manner, you are not going to get an early warning of problems.
Also look for areas where a person who has information on
wrong doing has been eliminated by the perpetrator. Example: An otherwise
outstanding employee is suddenly fired by their boss for reasons that don't
make sense given their past performance. Could be that outstanding employee
wouldn't go along with the illegal or immoral activity and was eliminated.
By the way, there are computer programs and consulting companies that can help determine if
there is potential fraudulent activity.
(CFO at Tradeworks) |
Jan 20, 2015
Scott's comments are spot on. Something else to consider is
that there are usually three aspects that can lead to fraud:
1) Opportunity. As Scott detailed in his comments, if there
are poor controls then that provides the individual with the access to commit
the fraud.
2) Need. This is difficult to know unless the employee tells
you directly that they need money. It is also subjective, as one person's want
is another person's need. As Scott mentioned, look to see if anyone is living
above their pay grade and evaluate if they have opportunity.
3) Rationalization. Again, this is subjective. Someone might
feel they should be paid more, or that the company can afford the fraud, or
that they dislike the company for whatever reason. Being aware of employee
discontent is important, as in Scott's example.
Lastly, I have sometimes found that employees that never
take a vacation or are very secretive about their work can be hiding something
that they don't want anyone else to know about.
It is impossible to eliminate fraud 100%. If someone wants
to steal they are going to do it. The trick is to make it difficult and to be
able to find it as quickly as possible.
