When ignorance is not bliss: why use fraud resilience reviews?
Cifas’ annual Fraudscape report, issued April 2022, stated that the number of cases reported to the National Fraud database by Cifas members rose by 16% in 2021, with organisations filing a new case of fraudulent conduct an average of every 90 seconds.
- The risk of fraud is real (and there are many other headlines making the same point as Cifas).
- How resilient is your organisation to fraud?
- Would a fraud be identified?
- Do management know where the risks are, and where work is required to reduce the risk of fraud occurring?
A fraud resilience review could be a key part of your organisation’s assurance framework by reviewing whether processes and controls are in place at the various stages of stopping frauds from happening, before they happen.
A fraud resilience review will consider an organisation’s anti-fraud culture and the strategic and operational level controls that the organisation has in place to deter, prevent, and detect fraud.
They are a key tool in taking a proactive rather than reactive approach and reducing the likelihood of needing to investigate cases and reclaim stolen income and goods, with the resource implications and potential non-recovery risks that entail.
As with the self-audits detailed in our last article, fraud resilience reviews provide a valuable source of information to management and boards. These help to identify:
- what is working well and what needs to improve in the implementation of controls related to fraud risk. This is by evidencing that:
- Processes such as policy frameworks, training, risk assessments and monitoring are in place (control design), assessed against the functional standards and incorporating guidance as per the accredited counter fraud specialists training
- Processes are being followed and controls are embedded (control effectiveness)
Where fraud originates internally it also evidences to staff that the risk of fraud is acknowledged within the organisation and steps are being taken to mitigate it which can act as a deterrent.
Why now?
The Cifas report shows that as well as being real, the risk of fraud is increasing.
The fraud triangle states that the decision to commit a fraud is made where there is the motivation, opportunity, and rationalisation.
The risk of fraud is potentially higher within your organisation due to:
- Motivation increasing due to the increased pressure that individuals find themselves under (cost of living pressures, changed circumstances because of COVID)
- Increased opportunity due to stretched controls (employee sickness, staff turnover, remote working, decisions being made quickly to adapt to changing circumstances)
Elsiarc - Internal Audit, Risk and Compliance Services
At Elsiarc we look to work with your organisation, coupling our risk management and audit expertise with your subject matter experts’ knowledge of the processes to ensure that audits are current, focussed and accurate. We have extensive experience in considering fraud risks and controls, both as part of undertaking fraud reviews and including a fraud assessment within higher risk individual audit areas (for example procurement and payroll).
We combine this long-term practical experience of undertaking fraud audits (as well as investigations) with up-to-date knowledge from CIPFA’s accredited counter fraud specialist training.
As well as undertaking ad hoc investigations in response to suspicions or allegations of fraud Elsiarc can work with your organisation to promote an anti-fraud culture and assess controls in place to deter, prevent and detect fraud, aligned with the functional standards (where this is applicable and/or desirable) and providing the Board with assurance that appropriate processes are in place.