Whether you are an accountant or CFO, serve on a board, own a small business, or manage operations or production, fraud presents risks to you and your company. Not only are there significant financial and operational risks, but fraud can damage the external and internal impression of your organization—reputation risk. The Association of Certified Fraud Examiners’ 2006 Report to the Nation on Occupational Fraud & Abuse found that smaller organizations tend to suffer disproportionately large fraud losses as compared to companies with more than 1,000 employees. Participants in the study estimate U.S. organizations lose 5% of their annual revenues to fraud.

Are you looking for a practical starting point for addressing fraud risks in your organization? Consider reading the soon to be published, Managing the Business Risk of Fraud: A Practical Guide, a joint project of the Association of Certified Fraud Examiners, The American Institute of Certified Public Accountants, and The Institute of Internal Auditors. An exposure draft is already available at www.aicpa.org (search for the article name).

The guide summarizes the current best practices to fraud risk management, including:

• A written fraud risk policy to convey expectations
• A risk assessment to identify specific potential fraud events that the organization needs to mitigate
• Prevention techniques to avoid potential fraud or reduce the impact
• Detection methods to uncover fraud when preventative measures fail or unmitigated risks are realized
• A fraud reporting process and a coordinated approach to dealing with fraud events in an appropriate and timely manner.

The guide suggests that fraud risk assessments begin with a list of identified fraud schemes, which are then assessed for relative significance and likelihood of occurrence. Those risks should be mapped to the relevant controls, which are evaluated for design effectiveness and tested to validate operating effectiveness. Next the company should develop a response to residual fraud risks.

From my experience, most organizations have some level of fraud policy, prevention techniques, detection methods and fraud reporting process in place, but most have not systematically assessed risks. As a result, many prevention and detection procedures are inefficient or miss significant risks.

Using Managing the Business Risk of Fraud: A Practical Guide and other tools available at www.aicpa.org, www.theiia.org, or www.acfe.org can be a cost effective way to reduce your company’s fraud risk.