Whether you are an accountant or CFO, serve on a board, own a small business, or manage operations or production, fraud presents risks to you and your company. Not only are there significant financial and operational risks, but fraud can damage the external and internal impression of your organization—reputation risk. The Association of Certified Fraud Examiners’ 2006 Report to the Nation on Occupational Fraud & Abuse found that smaller organizations tend to suffer disproportionately large fraud losses as compared to companies with more than 1,000 employees. Participants in the study estimate U.S. organizations lose 5% of their annual revenues to fraud.

Are you looking for a practical starting point for addressing fraud risks in your organization? Consider reading the soon to be published, Managing the Business Risk of Fraud: A Practical Guide, a joint project of the Association of Certified Fraud Examiners, The American Institute of Certified Public Accountants, and The Institute of Internal Auditors. An exposure draft is already available at www.aicpa.org (search for the article name).

The guide summarizes the current best practices to fraud risk management, including:

• A written fraud risk policy to convey expectations
• A risk assessment to identify specific potential fraud events that the organization needs to mitigate
• Prevention techniques to avoid potential fraud or reduce the impact
• Detection methods to uncover fraud when preventative measures fail or unmitigated risks are realized
• A fraud reporting process and a coordinated approach to dealing with fraud events in an appropriate and timely manner.

The guide suggests that fraud risk assessments begin with a list of identified fraud schemes, which are then assessed for relative significance and likelihood of occurrence. Those risks should be mapped to the relevant controls, which are evaluated for design effectiveness and tested to validate operating effectiveness. Next the company should develop a response to residual fraud risks.

From my experience, most organizations have some level of fraud policy, prevention techniques, detection methods and fraud reporting process in place, but most have not systematically assessed risks. As a result, many prevention and detection procedures are inefficient or miss significant risks.

Using Managing the Business Risk of Fraud: A Practical Guide and other tools available at www.aicpa.org, www.theiia.org, or www.acfe.org can be a cost effective way to reduce your company’s fraud risk.

It’s been nearly 20 years since the Department of Labor (DOL) first set out to define when employee contributions become benefit plan assets. This first regulation included a general rule and an outside limit. The general rule set forth that employee contributions become plan assets as of the earliest date it they can reasonably be segregated from the employer’s general assets. The outside limit was 90 days from the date on which the contribution is received or withheld by the employer.

In 1996, the DOL amended the regulation for certain retirement plans and modified the outside limit from 90 days to the 15th business day of the month following the month in which the contribution is received or withheld by the employer. The general rule was unaffected. This meant that an employer was still responsible for defining the reasonableness of its own policy to remit employee contributions.

Identifying the earliest date that is reasonable for the employer to segregate employee contributions is ultimately a facts-and-circumstances determination. The vagueness of the regulatory language left many employers and their advisers uncertain. The standard that might be considered timely for a large national corporation with several payroll centers or divisions will likely not translate to an employer with relatively fewer employees paid from a single location. The DOL has suggested that the employer’s payroll frequency and the time it takes the employer to remit payroll taxes should be viewed as relevant factors.

In a proposed amendment published on February 29, 2008, the DOL acknowledged that the interest of employers and employees would be better served if the regulation was amended to provide a higher degree of compliance certainty. Therefore, the DOL is proposing a safe harbor for small retirement plans (plans with fewer than 100 participants) under which employee contributions will be considered to have been deposited in a timely fashion if the contributions are deposited within 7 business days following the date on which the contribution is received or withheld by the employer. As under the current regulation, the employee contributions are considered “deposited” when they are placed in an account of the plan, without regard to whether the contributions have been allocated to specific employees or investments of such employees. The types of contributions impacted by the proposed rule include employee after-tax contributions, employee salary deferrals, and loan repayments.

The DOL intends on making the new safe harbor effective on the date the final regulation is published in the Federal Register. Compliance with the safe harbor rule is not mandatory. Therefore, small employers may still be in compliance with the deposit requirements if they exceed the 7 business day safe harbor but continue to meet the general standard for reasonableness. The DOL has also indicated that it intends to include a safe harbor for large retirement plans if there is sufficient information and data to evaluate current practices and the DOL concludes that a safe harbor will be beneficial.