This is part 3 of the five-part series “Business and Financial Fraud: Yesterday, Today, and Tomorrow” with Tom Fox and the FCPA Compliance Report. During the series, Tom was joined by K2 Integrity experts Joanne Taylor and Ray Dookhie for a discussion of how organizations can identify and mitigate fraud risk.
Companies often devote a lot of resources to detecting fraud and misconduct. But how can they move from simply detecting fraud and misconduct to actually preventing it? By implementing a fraud and misconduct prevention program that follows industry best practices. This program should encompass the following:
- First, understand the changes in the regulatory landscape and any new regulations. Organizations need to stay informed and, where they can, stay ahead of those regulations.
- Next, conduct a risk assessment of the organization, followed by a gap analysis of its policies, procedures, and financial controls.
- Once an organization has a holistic understanding of its fraud risks, it can create dynamic policies and procedures to detect and prevent them. Companies should be constantly enhancing their policies, procedures, and controls to address new and emerging risks.
- Also, conduct regular training. Training can be a powerful tool, as it is where an organization ensures that their officers, directors, and employees on the front lines are informed of the risks and then the potential new controls that they may be responsible for.
Implementing these steps will ensure that an organization will be ready for audit. Given the recent and upcoming shifts in the regulatory landscape, with potentially new regulations to implement, organizations need to understand where the pitfalls in its compliance controls are—before the regulators arrive.
How should compliance professionals approach a fraud risk assessment in the midst of the continuing pandemic? There is no single right response. Leaders want to make sure that they are asking questions in a way that does not allow for much wiggle room. This makes drafting the questionnaire a key aspect of doing a risk assessment. In the area of a controls assessment, organizations will need documents or supporting evidence of the controls. Additionally, organizations should take other steps to ensure they’re covering their bases. For example, by sampling the transactions that they are approving on a daily basis to validate that the controls are working.
An important tool for compliance officers is an audit readiness assessment, which can be used in conjunction with the overall fraud risk assessment. An audit readiness assessment is a very targeted approach to looking at fraud risks, basically a dry run of what a regulatory audit would look like ahead of the regulators coming in. From this a company could then design an audit program to stress test its own systems. The ensuing report will help improve the organization’s compliance program—or any aspect of it that needs help. By identifying potential pitfalls before the regulators arrive, an audit readiness assessment can help compliance professionals feel confident in the face of a regulatory visit or inspection.