Part two of our two-part series on fraud tackles why establishing an anti-fraud program is so critical for entertainment businesses. Whether your company is an agency, business management firm, law firm, production company, distribution company or other service company, one key question to ask yourself is whether you have any kind of an anti-fraud program. If not, consider the following:
Why is Establishing an Anti-Fraud Program so Critical?
The cost of fraud is significant: According to the ACFE (Association of Certified Fraud Examiners, on average, you lose at least 5 percent of your revenues. Fraud has hit every industry in every region and presents a challenge to all organizations. The cost of fraud may be difficult to measure, especially considering the intangible losses such as brand name and reputation loss as well as employee morale deterioration. In all, the cost can be enormous and could potentially have an adverse impact on your business.
Detecting fraud continues to be challenging: Regardless of your efforts to detect fraudsters, over 60 percent of frauds are identified by a tip or by accident. Unfortunately, there is no silver bullet!
Identifying the potential fraudster is even more challenging: Frauds appear to be committed more by long-term employees with no history of committing such acts in the past. Based on various studies, it appears that three factors together generally result in fraud:
- An incentive or pressure to commit fraud (e.g., unrealistic sales goals)
- An opportunity to commit fraud (e.g., poor controls)
- Rationalization by the fraudster to commit the fraud (e.g., justifying taking money from the check register because the owner “is underpaying me”)
In general, it is challenging to detect potential fraudsters as they could be caused by external forces beyond your control, such as a family health crisis or drug addiction. Today, as customers, vendors and employees are faced with enormous pressures, the risk of fraud occurrence has increased tremendously.
According to the ACFE, “Substantially all victim organizations modified their anti-fraud controls AFTER discovering that they have been defrauded.”
At the same time, “In every comparison, there were significantly lower losses when the controls had been implemented. For example, organizations that conduct surprise audits suffer a median loss of less than $100,000, while those that did not had a median loss of over $200,000. There are similar reductions in fraud losses for organizations that had anonymous fraud hotlines, offered employee support programs, provided fraud training for managers and had internal audit or fraud examination departments.”
What Can You Do Now?
Considering the difficulty of fraud detection, as a first step, you should assess you current anti-fraud program by answering the following questions:
- Culture: The “tone at the top” is critical to the success of the anti-fraud program:
- Has the importance of ethics been communicated to your employees and vendors?
- If you assigned someone the role of overseeing the program, have you provided them with appropriate tools and access to information and people?
- Have you established a Code of Conduct Policy, which applies to all employees, including management? Does it extend to contractors who have access to your facility and systems?
- Are you nurturing a culture of openness, which empowers employees to express a different view without the fear of retaliation?
- Policies and Procedures: The company’s anti-fraud policies and procedures provide a standardized approach to the program:
- Have you established a confidential compliance hotline and related hotline for investigation procedures?
- Do you require employees to read and sign (certify) the Code of Conduct annually?
- Do you believe you have effective employee background check procedures?
- Have you communicated to employees the anti-fraud policies and procedures, including a penalty for violators?
- Do you consider departmental and employee compliance as part of their annual performance evaluation?
- Awareness and Training: Establishing and maintaining stakeholder awareness of the anti-fraud program is critical, as employees, vendors, and customers are the “eyes and ears” of the program:
- Do you incorporate anti-fraud related information in new employee orientation?
- Have you established an Intranet site, publications and guides for employees?
- Have you shared, with vendors and customers, information on your compliance hotline?
- Do you provide periodic fraud detection and prevention training to your employees?
- Do you communicate successful fraud detection cases to your employees?
- Compliance Monitoring: An anti-fraud program must include various monitoring activities to provide reasonable assurance that fraud is mitigated:
- Do you perform an annual fraud risk assessment to identify key fraud risk areas in the company and controls in place to mitigate such risks?
- Based on gaps identified in such assessment, do you change your controls to address new or changing risks?
- Do you test the operational effectiveness of the existing fraud controls?
- Do you perform investigations to address tips through the confidential compliance hotline or other sources?
- Do you review and act on comments shared by employees in the annual Code of Conduct Certification process?
- Have you considered using a continuous fraud detection system?
- Do you perform a periodic review of the company’s internal control system?
- Have you established an appropriate governance structure, through which the anti-fraud function can communicate significant issues identified?
- Have you reviewed your system controls to ensure your confidential or proprietary information is reasonably protected and backed up?
To prevent fraud, it is critical to:
- Foster a culture of openness and high ethical values
- Ensure policies and procedures are established
- Build awareness and provide training on the program
- Establish effective compliance monitoring procedures
When establishing or enhancing your current anti-fraud program, remember that fraud can only be minimized – not eliminated – and therefore, a cost-benefit analysis should be considered.
If you need assistance with assessing your fraud risk assessment, developing such a program or enhancing such a program, you may contact me at email@example.com or 310.873.1651.