Has Your Client had a Check-Up Lately?

A Fraud Prevention Check-Up?


Melissa E. Loughlin-Sines, CPA, CFE, CVA, CFF, ABV

Well, have they? If the answer is no (or I’m not sure), then they are overdue. A fraud prevention check-up is an easy and affordable way to help an organization identify gaps in their fraud prevention processes. Once those gaps are identified, steps can be taken to fill the holes before an unscrupulous employee finds them and costs the organization potentially hundreds of thousands of dollars.

The Association of Certified Fraud Examiners (ACFE) developed the Fraud Prevention Check-Up for use by organizations to help mitigate the risk (and associated cost) of fraud. Companies that proactively manage their fraud risks, and have therefore identified their most significant areas of risk, can reduce their costs related to fraud.

Fraud can cost an organization thousands of dollars (and more) and can be damaging to its reputation. All organizations should be taking strides to identify their risks and steps to mitigate those risks once identified. General Counsel should be involved in the process of a Fraud Prevention Check-Up as well as any policies implemented as a result of that check-up so that an organization’s legal rights are protected.

So that different perspectives are considered, the Fraud Prevention Check-Up should be a collaborative effort among management, legal counsel, an independent fraud specialist (such as a CFE) and others within the organization such as employees knowledgeable at different levels of the organization. The Check-Up consists of seven parts for which a score is assigned based upon whether the organization has implemented a process and whether or not that process has been tested in the last year. The seven parts consist of:

  • Fraud risk oversight (0 – 20 points):
    • Has the organization established any process for oversight of the risks of fraud by the governing body of the organization?
  • Fraud risk ownership (0 – 10 points):
    • Have members of management been assigned with “owning” and managing the fraud risks within their respective departments?
  • Fraud risk assessment (0 – 10 points):
    • Does the organization have a process for regularly identifying significant fraud risks?
  • Fraud risk tolerance and risk management policy (0 – 10 points):
    • Has the organization and its governing body identified a level of tolerance for different types of fraud risks?
    • Is a policy in place for managing fraud risk?
  • Process-level anti-fraud controls/reengineering (0 – 10 points):
    • Have measures been implemented to reduce or eliminate significant fraud risks identified?
    • Have measures been implemented with the intention to prevent, deter and detect the significant fraud risks identified?
  • Environment-level anti-fraud controls (0 – 30 points):
    • Does the organization have a process which promotes ethical behavior while deterring wrong doing and encouraging communication?
      • A senior member of management should be responsible.
      • This may be a full time position for larger organizations or additional responsibility of management in smaller organizations.
      • A code of conduct should be in place for all employees.
        • Clear guidance should be given on what behavior is permitted and what is prohibited.
        • Training on the code of conduct should be performed at hire as well as regularly during the course of employment.
      • Communications systems should be in place such as an ethics or compliance hotline so that employees express concerns regarding potential wrongdoing or seek advice when making ethical decisions.
      • Processes should be in place for promptly investigating or otherwise resolving items of concern. Some issues may be addressed by human resources, some by internal auditors, some by general counsel and some by outside third party fraud investigators.
      • Compliance and participation in related training should be monitored.
      • Regular measurement of the organization’s goals regarding compliance and fraud prevention should take place.
      • Performance measures regarding compliance and fraud prevention goals should be included in management evaluations.
  • Proactive fraud detection (0 – 10 points):
    • Has the organization established a process to detect, investigate and resolve potentially significant fraud?
      • Processes may include:
        • Fraud detection tests.
        • Audit “hooks” embedded in transaction processing systems.
        • Computerized email monitoring, where permitted.

Management will assign a score for each section based on how complete their processes are. Zero points reflect the process is not in place. The maximum points for any part should reflect full implementation, recent testing and working effectively. A score of 100 reflects all processes are in place for an organization. The score, while telling, is less important than the dialogue it should create leading to further evaluation of the processes which fall short. It is important that the check-up helps to identify particular areas for improvement in fraud prevention.

The Fraud Prevention Check-Up is an inexpensive way to find a company’s vulnerabilities to fraud. The check-up should not be a one-time event. Like your annual physical, a fraud check-up should be carried out by an organization on a regular basis. And like your own personal health, the check-up doesn’t do much good if changes aren’t made to help fix the problems identified.

Melissa E. Loughlin-Sines, CPA, CFE, CVA, CFF, ABV, Director, specializes in business valuations and forensic accounting. You can reach her at (480) 483-1170 or MelissaL@hhcpa.com.