The Association of Certified Fraud Examiners (ACFE) has estimated the typical business loses 5% of its annual revenues to fraud each year and has reported that in almost 25% of the surveyed cases the fraud resulted in a loss of at least $1,000,000 (ACFE Report to the Nations on Occupational Fraud and Abuse, 2016 Global Fraud Study).
As we discussed in our previous blog article Small Businesses Need Compliance Programs, Too, an effective compliance program may help to reduce the penalties assessed against a company and its officials for federal law violations. In addition, an effective program may guard against an organization becoming a victim of someone else’s misconduct, including its own employees.
Fraud occurs because the opportunity presents itself in the first place. It can start out very small and over time grow into a theft of significant amounts of money or other business assets. An organization can reduce this opportunity and manage fraud risks by designing and implementing sufficient internal controls, and auditing those controls, as part of its overall compliance program.
Begin by assessing the fraud risks across all functions of the organization. Involve your business attorney, accountant and finance personnel in this collaborative effort. Then implement appropriate internal controls and policies to mitigate the potential for fraud in the risk areas.
Communicate to your employees that misconduct or fraudulent behavior is unethical and a violation of the organization’s Code of Business Conduct and Ethics. Educate employees about the organization’s other compliance policies that touch on situations presenting opportunities for fraud, such as interactions with government officials, business expense reimbursement, and travel and entertainment. It is possible that some employees don’t understand the types of activities that might constitute fraud or misconduct, so talk through hypothetical situations.
These compliance efforts should lead to greater employee awareness of these significant issues and, when included as part of an overall compliance program that is regularly monitored and enforced, they should ultimately help you deter, prevent and detect fraud within your organization.