Despite legislative efforts like Sarbanes-Oxley to curb it, corporate fraud is still pervasive, says CPA and Certified Fraud Examiner Mike Costello. Writing for Chattanoogan.com, he says the only way to manage fraud is to "get a choke hold" before it starts.
And how does one do that? A comprehensive fraud risk management program has three parts, he says -- prevention, detection and response. But before you even think about how to make those things happen in your organization, you must make sure that fraud risk management is a top-down proposition that starts with the executive suite and includes every single level in the company.
Once everyone is on board, evaluate what your risk of fraud is, and do it objectively. It's not a question of whether your bookkeeper of 20 years would steal from you, but whether he or she could. Find the gaps that could be exploited to commit fraud. Then figure out what is necessary to bridge those gaps, Costello says.
Written policies regarding segregation of duties, requiring multiple signatures on certain checks, using passwords on computers, reconciling accounts, restricting access to offices and systems, and even requiring all employees to take annual vacations are key, the article indicates.
(Costello also cautions that segregation of duties is important when it comes to the policies themselves. The person who drafts the policies should not be the same person who enforces them or reviews their effectiveness.)
Finally, assign priorities to the risks to which the organization is subject and allocate risk management resources accordingly. All risks are not created equal. The biggest risks should obviously receive the most time, money and attention toward prevention.