This video and article are part of a six-part series, “One Question with … Rehmann Advisors on Discovering Your Organization’s Great Advantage.” This series features a select group of Rehmann advisors who unpack six questions on timely issues, as well as reveals practical advice for today’s ever-evolving economic and business landscape. Learn more about this series and Rehmann’s solution offerings here.
It’s 2023 and we are in an ever-evolving market and recessionary times. These circumstances can add strain and uncertainty for many organizations, specifically around cashflow, employee retention, and even elevated cyber risk. But there is another lingering concern that may not be top of mind for organizations: fraud.
Fraud is defined as ‘wrongful or criminal deception intended to result in financial or personal gain.’ With growing cyber risk across the world, many organizations are focusing on just this. But sometimes the biggest risk for fraud is right under your nose – it could be an employee or even a friend.
We sat down with Rehmann advisors and certified fraud examiners Tony Divito and Avi Beliak and asked them one question organizations need to consider when facing the risk of fraud: What does it mean for an organization to have internal controls in place, and why is it more important than ever?
Here’s what you need to know – and here are the steps to start taking today:
Who is at risk?
If economic conditions become more difficult, you can expect to see an uptick in potential fraud. Most commonly, fraud starts small and with minimal amounts of embezzlement. Without scrutiny, the situation can easily snowball into a larger fraud event that can last for multiple years.
Most studies show that fraudulent activity in small- to mid-sized organizations (generally those with 150 or fewer employees) accounts for around 80% of embezzlements. The statistics are eye-opening considering embezzlement can go undetected for long periods of time – that is, unless your organization established a strategy for internal controls.
The Fraud Triangle
We know that organizations with 150 employees or fewer are often targets for embezzlement, but what factors indicate a high risk for this type of fraud?
Something called the “Fraud Triangle” explains why individuals are motivated to commit fraudulent activity. The Fraud Triangle hypothesizes that when three components are present – unsharable financial need, perceived opportunity, and rationalization – a person is highly likely to pursue fraudulent activities, according to the Association of Certified Fraud Examiners.
Elements of the Fraud Triangle:
- Opportunity – When a internal controls do not exist to prevent an individual from committing fraud.
- Rationalization – When an employee feels they are owed something by the organization, or it is justified.
- Need – The need to have something going on, or to have a vice or reason for needing to steal from their organization.
The impact of recessionary times and/or the current economic environment expands beyond your organization and the bottom line. Employees are affected and feel the weight of these circumstances at work as well as at home, which can lead to fraudulent actions.
As a starting point, organizations can use the Fraud Triangle as a baseline to understand their level of fraudulent risk.
Necessary steps
Even with a basic understanding of the Fraud Triangle, organizations should consider these steps to mitigate risk.
The first step: conduct an internal control assessment, which involves a certified fraud examiner (CFE) analyzing and providing insight and recommendations to improve your organization’s internal controls.
An internal controls assessment will focus on three strategic areas:
- Organizational policies and procedures
- Analysis of daily operations
- Identification of internal areas of risk for embezzlement
The most common risk area for small- to mid-sized organizations: cash accessibility. Identify these access points and remember that fraud can start with small amounts of money that may easily go unnoticed.
Another necessary step is to determine and maintain proper segments of duties that align with financial procedures and activities among staff. This is another layer of protection an organization can leverage to mitigate risk.
One person should not be responsible for everything. An individual who approves payments should not be allowed to also put them into the system or be responsible for bank reconciliation. When proper systems are in place, risk decreases.
If staffing or financial restraints hinder an organization’s ability to maintain separation of duties, consider establishing options for compensating controls. For example, instead of requiring one signature on a check, require two.
Whistleblower policy
Does your organization have a whistleblower policy? Such a policy is a tool used to protect employees who report fraudulent activities. When an organization posts and communicates its whistle blower policy, employees can anonymously help identify whether fraudulent activities are happening. With a whistleblower policy in place, fraud can be caught earlier, potentially saving your organization years of loss.
A call to action for leadership
Fraud is a continuous risk for small- to mid-sized organizations and prevention starts with leadership. Take time to understand the Fraud Triangle and how it can apply to your current operations. Invest the time and resources into an annual internal controls assessment, determine and maintain segments to increase fraud prevention, and apply a whistle blower policy to empower your employees to call out fraudulent activity.
At Rehmann, we don’t stand on these issues – we walk alongside our clients to help develop and scale solutions to meet your organization’s needs. Our team of certified fraud examiners helps you identify risk and proactively manage your internal controls. These solutions start with a conversation, and they are also your greatest advantage.
