As businesses internationalise and move into new, potentially unknown markets and jurisdictions, the risk of fraud, both internal and external, is increasing. Furthermore, recent developments in anti-bribery and corruption legislation in Ireland means that businesses need to exercise even higher degrees of caution and due diligence as they navigate and explore new opportunities in 2020.
Recent Irish business research undertaken by Mazars Ireland shows that businesses are experiencing financial loss due to occupational fraud and abuse. Of those senior business leaders surveyed, approximately 50% had experienced a loss due to occupational fraud and abuse over the past two years. The average financial loss was between €10,000 and €20,000, but 12% of respondents suffered losses greater than €500,000.
The research shows that the principal causes of this financial loss relate to theft of cash and goods, but businesses also experienced losses due to expense fraud, payroll, invoice fraud and conflict-of-interest issues. The good news is that 33% of the fraud was detected via internal audits, with 25% detected via whistle-blowing/speak-up channels.
An internal audit or concerns raised by whistle-blowers are invaluable for detecting fraud and the information provided to businesses by these two channels can then inform the improvement of their internal controls. However, the importance of robust internal controls cannot be overlooked.
What can be done to prepare for – and, therefore, prevent – fraud from happening in the first place?
Five critical steps to managing fraud risk
Step 1: Ensure the existence of a robust and mature control anti-risk environment
You can do this by:
- leading with a strong ethics culture and attitude displayed and communicated by those in charge;
- assigning authority, responsibility and reporting lines for all areas;
- openly displaying and enforcing policy statements and codes of conduct, particularly the whistle-blowing channels; and
- ensuring all staff have the knowledge and skill level required to accomplish tasks.
Step 2: Carry out a focused risk assessment
Identify the areas of fraud risk to your business, estimate the significance, assess the likelihood of the risks occurrence, and decide actions to address those areas of risks. By classifying your specific fraud risks, you can then put systems in place to eliminate or reduce them.
Step 3: Ensure adequate controls, technology and due diligence processes are in place and in use
Policies and procedures, segregation of duties, physical controls of assets and documents, appropriate authorisation levels and reconciliations remain integral elements of a robust internal control environment. However, organisations need to better leverage technology, systems and data to identify, anticipate and respond to potential fraud patterns and schemes in 2020.
Furthermore, due to the anti-bribery and corruption legislation, the importance of relevant training and adequate due diligence on employees, agents, distributors or joint venture partners cannot be overlooked.
Step 4: Review the security of your communication and information systems
External fraud, including cybercrime and identity theft, can be costly both in the initial impact and the clean up afterwards. Phishing, invoice fraud, identity theft and denial of service attacks can all be financially devastating to a business. Adequate cybersecurity systems and increasing levels of Board and staff training and awareness are vital in its prevention.
Step 5: Monitor, review and react
If there is no monitoring of the system, you can have no assurance that it is effective, the controls are working, or potential fraud or misstatement is being avoided. A focused review by internal audit, or a more in-depth forensic style audit if your organisation doesn’t have the scale to have a dedicated internal audit team, must be considered.
What will be the result?
As your business grows and increases its cross-border footprint, by following the above steps your business can prepare for and prevent fraud in order to protect your business and brand.
Maureen Kelly is a Senior Manager in Forensic and Investigation Services at Mazars.
This article first appeared in Briefly a weekly eNewsletter from Accountancy Ireland on the 11th December 2019.