This article originally appeared in the February 2018 issue of Smart Business Philadelphia magazine.
To determine whether a company is at risk for fraud or mismanagement, business leaders need to move their thinking from “outside the box” to “inside the fraud triangle.”
“Recognizing the key attributes and influences of fraud provides a baseline for addressing the risk of fraud in your organization,” says Elizabeth Pilacik, director of Audit & Accounting at Kreischer Miller. “When addressing the risk of fraud, internal controls become more dynamic as the focus is the integrity of the process.”
Smart Business spoke with Pilacik about fraud: its types, the conditions that breed it and how organizations can mitigate it before significant damage occurs.
What are the more common types of fraud?
Fraud exists in various forms, including internal and external, as well as fraud committed specifically against individuals.
Internal fraud occurs when an employee, a manager or an executive commits fraud against his or her employer. External fraud can be perpetrated by dishonest vendors that bill for services or goods that were not provided, or attempt bribes; or dishonest customers who use false account information or return stolen property for a refund. External fraud also includes health care and insurance fraud. Fraud against individuals is more frequently seen with identify theft, and Ponzi and phishing schemes.
In the financial world, fraud reveals itself through asset misappropriation, corruption and fraudulent financial reporting.
Asset misappropriation is the theft or misuse of an organization’s assets, a type of fraud more easily committed by employees because they have both the ability and access to execute. Corruption exists when one misuses his or her influence in a business transaction to personally benefit — by accepting kickbacks, for example. The intentional manipulation, falsification or altering of accounting records, documents, and/or transactions is categorized as fraudulent financial reporting. Primarily management or executives commit this type of fraud because they have the authority to override internal controls.
Why does fraud occur?
There are three components, identified as the fraud triangle, that lead to fraudulent behavior. The first component is financial pressure brought on by a financial need such as an inability to pay bills or falling short of earnings or productivity targets.
With a motivation for the crime, the fraudster searches for the second component, opportunity — a chance to solve the financial problem in a way that seems to carry the lowest possible risk.
The third component of the fraud triangle is rationalization, which is the justification for the actions the person caught in the bad circumstance has taken.
What puts companies at risk for fraud and mismanagement?
Potential opportunities for fraud are often more prevalent at organizations that have inexperienced governance structures, financial constraints, IT risks, and weak or nonexistent internal controls.
Management is responsible for the prevention and detection of fraud and error. This is typically accomplished through the proper design, implementation and maintenance of an internal control structure, which includes the organization’s operations, compliance and financial reporting.
For all significant account balances and transactions, management should conduct a risk assessment process to identify, evaluate and estimate the levels of risk involved, and to determine an acceptable level of risk for the organization. The same assessment process is performed for fraud risk — identifying the potential exposure to the various types of fraud and the presence of the components of the fraud triangle.
Who should be responsible for risk management and fraud prevention?
Risk management and fraud prevention are tasks that involve everyone in the organization, but begin with the tone at the top. Management and those charged with governance are responsible for cultivating an anti-fraud culture within the organization.
The fraud risk assessment process needs a proactive, not reactive, approach whereby risks are identified and prioritized. Successfully addressing and potentially mitigating fraud takes awareness, training and communication. ●
You may also like: