Organizations today should have a heightened focus on the risk of management override and fraud, given the severe and long-lasting legal, financial, and reputational consequences. Opening the news on any given day to read the headlines will immediately highlight the impacts of fraud and weak internal controls. Far too many organizations are feeling the impacts of fraud/embezzlement and what it can mean to their stakeholders, and public perception.
Your fiduciary responsibility, as a board member, is critical in safeguarding against risk and fraud. Don’t allow your organization to be the next victim.
Here are some steps that a board or committee member can take to assist your organization in the prevention of risk and fraud:
Set the Tone at the Top and Establish Expectations
Problems start with people; they’re any organization’s biggest vulnerability for control issues, exploitation, and fraud. That said, fully vetting high-level applicants and board members with a thorough background check is a start, but don’t forget to invest time and effort to fortify the organization’s culture, so all employees feel engaged and important.
This can be accomplished by setting clearly defined expectations for ethical behavior and integrity through a code of conduct or ethics policy that applies to every employee, board, and committee member. Any violations should be addressed immediately.
Perform a Risk Assessment and Identify Internal Controls to Mitigate Risk
Don’t rely on “negative assurance,” or the assumption that no news is good news. All organizations face risks, as risk is what prevents an organization from achieving its goals and objectives. By establishing an ongoing process to assess risk, an organization can be proactive in mitigating risk, including the risk of fraud. Risk is mitigated by both the establishment of sound internal controls and ongoing assessment to ensure the internal controls are designed and operating as intended.
Additional considerations to strengthen the internal control environment and reduce risk include:
- Segregation of Duties in key processes, so that no single person is responsible or has access to perform the entire function or process. Using the bank reconciliation process as an example, the person performing the bank reconciliation should not have ability to perform any functions on the bank account. Also, the bank reconciliation should be reviewed by someone independent of the preparer, at a minimum monthly.
- Authorization and approval are key controls that prevent errors from occurring and can mitigate the risk of inappropriate transactions. An example of authorization and approval as an internal control is the review of new vendors. Approval should occur only after the vendor is reviewed through established due diligence criteria.
- Monitoring Controls are typically performed after the fact to detect errors or inappropriate transactions. An effective monitoring control is performed in a timely manner — e.g., a budget-to-actual review should follow shortly after the close of a financial reporting period. The budget-to-actual review should be performed at a precise enough level (i.e., small enough threshold for variances) that it would identify an error or inappropriate transaction.
Effective Governance and Ongoing Monitoring
Fraud prevention is not a check-the-box, one-and-done task. It is an ongoing process that should be discussed at the board and executive management level. Board members need to ask questions about the effectiveness of internal controls, stay informed, and challenge management on emerging risks that could impact the control environment.
Are you interested in learning more on how to identify, address, and appropriately reduce risk and fraud in your organization? Rehmann is here to help. We have experienced professionals that are available to discuss a tailored approach that could include one or more of the following services:
- Risk Assessment
- Process and Controls Assessment – Vendor, Employee/Executive Expense, etc.
- Board Education and Board Effectiveness Review
- Segregation of Duties Evaluation
- IT Access, Change Management Process and Controls Assessment
- Cybersecurity Controls Assessment
- Outsourced Finance, Accounting, and CFO Services
For more information, please contact your Rehmann advisor or email [email protected] or [email protected].