Fraud can have a sharp, negative impact on retailers in the best of times. In today’s economic environment, it can spell disaster for the financial stability of retailers. According to a recent study by Association of Certified Fraud Examiners (ACFE), US organizations lose 7% of their annual revenues to fraud. What’s the solution? How can retailers address fraud exposure?
Conducting a thorough fraud risk assessment is the first and most critical step. Repeating these assessments periodically is an essential management practice. By carrying out regular reviews, you can address all the possible factors that can affect your organization, including potential fraud schemes and incidents that may have already occurred.
When assessing fraud risks, you need to think like fraudsters to anticipate what their target might be and how will they cover their tracks.
A Three-Step Process
A fraud risk assessment process generally consists of the following three steps:• Identify inherent fraud risk factors
• Assess likelihood and significance ratings of
inherent fraud risk
• Management responds to existing residual fraud risks
Keep in mind that you cannot identify your fraud risk exposure by looking at just one area; you need to look at various sources of information. According to the ACFE study, 2008 Report to the Nation on Occupational Fraud & Abuse, non-cash frauds were far more common in retailing than among all the reported cases in the study. Other similarly higher areas of abuse in retailing were cash register disbursements, cash larceny, and misappropriation of cash on hand. Retailing was also one of the industries with the greatest incidence of financial statement fraud.
You may also be surprised at the usual perpetrators of fraud. ACFE found that 50% of occupational frauds involved the accounting departments or upper management within organizations.
To conduct an effective fraud risk assessment, you should engage a certified fraud examiner with significant experience in your industry. Such an expert can guide the development of the risk-assessment team by pulling together various individuals throughout the organization who bring important internal and external knowledge and have various perspectives and experience levels.
When a fraud risk assessment is executed properly, the fraud risk assessment team convenes to discuss all possible schemes that could be carried out within your organization. During those discussions, you should address the incentives, pressures, and opportunities to commit fraud, as well as the IT-related fraud risks specific to the organization. Fraudsters may not only seek financial incentives but also performance incentives.
Common Fraud Schemes
The following are a few examples of the most frequently attempted fraud schemes in retailing:• Identity theft: obtaining key pieces of personal information, such as social security or driver’s license numbers, in order to impersonate someone else
• Inflated time reporting: intentionally reporting hours that were not spent working, up to and including reporting hours on days the employee did not work, or failing to report vacation or sick time
• Manipulation of inventory: modifying inventory records to overstate assets or failing to recognize their decline in value
• Use of resources for personal gain: using company resources, like computers, to run personal businesses or to create a profit
• Vendor kickbacks: taking payoffs from vendors in exchange for preferential treatment of those suppliers’ products
Weighing the Likelihood and Significance of Potential Fraud Schemes
Once you have identified and discussed all possible fraud scenarios, the next step is to evaluate the likelihood and potential significance of the fraud risks. This is a subjective process since not all risks are as equally likely to occur or carry the same implications for each organization. By addressing both the likelihood that fraud will occur and the significance that the identified risk carries, your organization can determine the appropriate detective and preventive procedures.In evaluating the likelihood that identified fraud risks will actually occur, management should review past incidents and the prevalence of each risk within its retail model. It’s beneficial to categorize the likelihood of the risks as remote, reasonably possible, and probable. It’s also important to measure the significance of the fraud risks to the organization. You should address not only the financial implications but also the potential impact on operations; reputation; and criminal, civil, and regulatory liability. When you evaluate significance, it’s helpful to categorize the risks as immaterial, significant, and material.
One often-missed area that is essential to the risk-assessment process is the evaluation of incentives and pressures on employees and departments within the organization. You should use the information you gather in that process to determine who is most likely to commit a fraudulent act or which departments are most susceptible.
