Fraud Risk Mitigation Process in Organizations.

The fraud is a growing issue in all types of industries, business, cultures and management, a study report published by Metricstream Inc unveiled that a typical organization loses its 5% of revenue each year because of the fraud and fraudulent activities within or outside of the organization. After the mega scandal of M/s Enron the fraud management has got a special attention in two different perspectives. One from the perspective of government, legislators and regulators where they intend to save the share holders, common investors and government agencies from the revenue and return on investment losses may arise from corporate frauds. In order to achieve their objective the changes in legislation and strengthening and monitoring of the corporate governance have been introduced and implemented.

The second perspective is of the organizations where the management intends to save the entity from the financial and non financial losses may arise due to inside fraudulent activities. In order to achieve the objective the management is required to introduce the effective internal controls, policies and procedures, risk management and a corporate environment. In addition to it, the effective adherence of policies & procedures and commitment to adhere the principles should be the management style to mitigate the risk of fraudulent activities.

In an organization the fraud can take various avatars including theft, embezzlement, misappropriation of assets, corruption and most important financial statement fraud. Financial statement fraud also includes the management reporting fraud and fraud in management information system. The financial statement fraud can be defined as the intentional misstating or omitting information from an organization’s financial reports in order to present an organization in a positive light or to evade taxes. Whereas, the management accounting reports can also be manipulated by the senior financial staff and the management itself in order to present the efficiency and growth in business to secure the management compensation associated with the efficient results.

In my personal experience I have seen a company where the management manipulated the revenue by recording un-billed revenue in monthly financial management reports and got high bonuses. In order to avoid such episodes the management should design and implement fraud risk mitigation process. The fraud mitigation process is combination of various tasks including but not limited to:

· Understand the elements fraud

· Effectiveness of internal control system

· Tone at the top

· Effectiveness of communication

· Skepticism

· Understand the role of the board

· Understand the roles of internal and external auditors

· Understand the role of the management

Understand the elements of fraud

There are three elements or conditions which often times leads to the fraud or encourage the people to commit fraud at individual or corporate level. These three conditions are also called fraud triangle:

I) Pressure:

Pressure is one of the most important factors encouraging the people to commit financial reporting fraud. The pressure can either be positive or negative. If the targets and goals set by the management are achievable, pressure leads to creativity, efficiency and competitiveness. On the other hand, if the goals are not realistic and seem not to be achievable by normal means the pressure to achieve the goals will lead to temptation for misconduct. The pressure to present the financial reports with extra ordinary tight deadlines may encourage the concerned staff to present unrealistic financial information and in the same way the pressure to show the efficiency may lead to distortion of the financial information. In a report prepared by Centre for Audit Quality, CEO of IFAC said “there is a pressure at an individual level which I think is significantly associated with compensation arrangements in the organization. There is also a pressure at a corporate level, when there is a negative economic environment makes targets much harder to achieve. Both can create powerful incentives for financial statement fraud”. In addition to it the individuals under financial pressure may commit fraud when the pressure combines with the opportunity.

II) Opportunity

Even when the pressure is extreme, the financial reporting fraud cannot occur unless an opportunity is present. There may be inherent susceptibility of the company’s accounting system to manipulation, and conditions within the company that may allow fraud to occur. The nature of the company’s business and accounting can provide sources of opportunity for example in construction industry if the project management is not under the controlled environment and element of segregation of duty is absent, definitely it will give an opportunity of occurrence of fraud at significant level.

III) Rationalization of fraud

Individuals who commit financial reporting frauds they possess a particular mindset that allows them to justify the fraudulent act. The pressure and the opportunity lead the people to rationalize the fraud. Sometimes the individual commit the financial statement fraud in order to save their jobs in case of not achieving the targets or to benefit to someone else at the company’s cost. Further, the rationalization of fraud is directly proportional to the product of pressure and opportunity. The individuals who are not enough strong to absorb the pressure when encounter with the opportunity may rationalize the fraud.

A survey report based on the integrity survey of 5,065 companies issued by KPMG – US in the year 2008-2009 shows that 59% frauds occurred in the companies are because of the pressure to meet with the targets and 51% frauds occurred in the companies where the code of conduct is not taken seriously, 47% frauds are done in the companies where the internal control system is not effective and policies and procedures can be overridden easily. Whereas, only 34% frauds were rationalized by the individuals for their personal gain.

Fraud mitigation process:

While designing the process to control the fraud risk it must be kept in mind that “the presence of a process to deter fraud does not eliminate the threat of people acting fraudulently” (Prof. Charles M. Elson, University of Delaware). Therefore, to cope with such impediments the management should focus on the action on poor code of conduct, principles and effectiveness of internal controls by putting whistle blowers and red flagging system on circumstances may give opportunity to rationalize the fraud at an individual and corporate level.

Elements of the fraud risk mitigation process:

During the process of designing the fraud mitigation process the following elements should be considered by the management for efficient, adequate and effective process to mitigate the fraud risk:

Tone at the top:

The company’s policies and procedure should be very clear and every individual must be forced to adhere to these policies and procedures. There should be no exception in any case to deviate from the established procedures. The management should work in high ethical standards and strict actions must be taken against those who override the established policies and procedures. The management’s commitment to its principles is very important in order to establish a particular tone in the organization. The management’s actions are important than the words, here we may take an example of M/S Enron, at one time it was known in the business world because of its corporate governance however, management was not adhering to the established principles and tone at the top was a mere wording for the corporate governance without putting governance procedures and actions. The result of overriding the principles was a mega scandal of the business history.

The management should put a formal risk management program that includes a code of ethics supported by the tone at the top, clear roles and responsibilities for the board, the audit committee, management and internal auditors along with the fraud awareness and reporting training for all the employees. A comprehensive fraud risk assessment that address incentives and opportunities to commit fraud and the likelihood and significance of each potential fraud risk & identification of the risk of control override.

The management should ensure the effective whistle blower program to indentify the risk and violation of ethical standards in time to investigate the fraudulent activity. The whistle blower program should ensure the option for anonymity, availability of hot line for reporting any incident of violation of policies procedures and ethical standards, dual dissemination of the information to mitigate the risk of monopoly over the information, immediate reporting to internal auditors and audit committee where the involvement of senior officials of the management is evidenced and escalation of immediate investigation of each report received through whistle blower program.


Skepticism is regarded as enemy of fraud and fraudulent activities. The management, internal and external auditors should perform their function with a certain degree of skepticism. The board members should be little more skeptical and less trusting, not because they don’t trust the management, but they should do their own due diligence and recognize they have to keep their eye on those things by spending more time making judgments and connecting the points by asking more questions.

The skepticism is required to dispose of the inquiry with certain degree of doubt or to hold the judgment until sufficient and appropriate evidence is received. The skepticism encourages the search of knowledge and desire to investigate out of the box and to corroborate the points of concerns with each other. It also helps to recognize the individuals and their perception of misleading the others. Skepticism motivates the self direction, moral independence and conviction to decide for oneself rather than accepting the claims of others. It enhances the self confidence to resist persuasion and to challenge assumptions or conclusions.

Effective Communication

It’s a risky business when you don’t have all these parties that are committed to and responsible for the audit working in tandem and securing results that are greater than the sum of the parts” (Richard Thornburgh – Former U.S Attorney General)

Management should ensure the open and effective communication in the organization and the communication should be two way i.e. a proper and timely feedback should be received to complete the cycle of communication.  Effective communication ensures the timely information to internal and external auditors about the company’s objectives, strategies, risks and latest developments. The board, audit committee, management officials, internal and external auditors should meet on regular basis to determine the effectiveness of the internal controls systems, strategy and fraud risk mitigation process. They should identify and address the key issues timely and communicate to all the stakeholders in timely manner for appropriate actions and improvements. Through the process of effective communication identify the weakness of the system may lead to the ineffectiveness of the internal controls and should recommend and implement in timely manner the remedial measures.

More »

Rashid Mehmood 
on 03 March 2013
Published in Audit
Views : 3305
Other Articles by - Rashid Mehmood
Report Abuse

close x
Download GST App    |    x