the ‘F’ word (FRAUD)!





There appears to be two schools of thought within organizations:

  1. I trust everyone, they would never steal from me; and
  2. Trust no one, everyone may steal from me.

Some of the common questions that management and boards invariably do—or should—consider on an ongoing basis include the following:

  • How do we know if the controls in our organization are working properly?
  • How do we know if there are proper controls in place to prevent or detect fraud?
  • Is it better to wait and be reactive to something going wrong, or be proactive and do something before it goes wrong?

Fraud is a real and growing problem.  In fact, fraud is a $3.2 billion[1] problem.  Approximately 1/3 of Canadian companies are victimized by economic crime[2] and it is estimated that companies lose up to 5% of their revenues due to various fraudulent activities[3].  Fraud can also cause irreparable damage to an organization’s reputation.

fraud risk assessment (“FRA”) is an evaluation of the possible weaknesses within an organization that can–and will–allow fraud to be perpetrated.

Further, a FRA helps expose controls within an organization that do not exist or are not functioning properly.  The assessment can be done on the entire organization, on a select group of accounting cycles—such as payroll, accounts payable, and the expense reimbursement process, or focus on one high risk area in particular.  Some examples of high risk areas include procurement and payroll.

  • Step 1 – An FRA starts with the identification of the possible ‘drivers’ of fraud within an organization. These potential drivers are risk-ranked and the ‘higher’ ranked issues are carried forward to Step 2.
  • Step 2 – Fraud scenarios or schemes are then developed for all of the ‘higher’ risk-ranked potential drivers of fraud. It is important to note that the fraud scenarios are developed without consideration of internal controls, if any, that exist.
  • Step 3 – The selected fraud scenarios are then reconciled to available internal controls that are designed to identify fraud and errors. A conclusion is drawn as to whether the existing controls were adequate to mitigate each fraud scheme.
  • Step 4 – Recommendations are then provided in order to help remediate any internal control deficiencies identified from the FRA.
  • The organization can use the results of the FRA to revise, update or implement additional controls in order to help prevent, detect and address instances of fraud.

An FRA can uncover unknown risks and vulnerabilities within a company’s system of internal controls.  In fact, a FRA can bring these risks to the surface, thereby enabling changes to be made, ideally before the organization is victimized by fraud.

An FRA is a ‘living document’ that grows and changes with the business.  It is updated as the business changes and evolves over time; this gives an organization the best chance of staying ahead of the fraudsters!

The short answer is, be proactive.  Don’t wait for an allegation of fraud to surface before taking action.  Remember, prevention – rather than detection – is the best deterrent against errors and fraud!

By Karen Gordon


[1] Source: CGA Canada

[2] Source: Big 4 Accounting Firm

[3] Source: Association of Certified Fraud Examiners


Previous post: