2022 Board Resolution: Take a Closer Look at Fraud Prevention

FTI Consulting’s 2021 Resilience Barometer revealed a shocking statistic: just 45 percent of the 2,869 large G20 companies that participated in the survey say they proactively manage the risks of fraudulent practices or financial misstatements within their business.

This is a surprising finding considering the US Securities and Exchange Commission (SEC) requires that public registrants identify and mitigate fraud risks (especially, but not limited to, financial statement fraud). In addition, private and nonprofit entities have a fiduciary responsibility to their lenders, employees, suppliers, and customers to proactively manage fraud risks.

Whether you serve on the board of a publicly traded company, a private company, or a nonprofit, it is critical for you to understand the current fraud environment, probe how fraud could occur in the company, and know how the company proactively manages fraud.

The Current Environment

The fraud environment is exploding. The Fraud Triangle model states that three factors generally influence someone to commit occupational fraud:

1. Pressure: In times of crisis and upheaval, such as the situation brought on by COVID-19, personal pressure on employees tends to rise. This is often when the decision to commit fraud begins. Pressure can also take the form of company expectations, such as the strain of filling orders or meeting financial targets.

2. Opportunity: The opportunity to commit fraud can also be exacerbated in this climate of hybrid work and organizational change.

3. Rationalization: In times of stress, a principled individual could be more apt to rationalize unethical behavior.

With all three of these elements prevalent during the pandemic, it leads to a perfect fraud storm—and the financial incentives to deter fraud are clear. According to the Association of Certified Fraud Examiners, each case of occupational fraud costs victim organizations an average of more than $1.5 million. Organizations lose an estimated 5 percent of their revenues to fraud each year, and the typical fraud lasts 14 months before detection, with a median loss of $8,300 monthly. Financial statement fraud is the least common form of fraud but also the costliest, with a median loss of $954,000 per instance.

How Boards Can Help Deter Fraud

The board of directors is responsible for setting the tone at the top and establishing a culture of integrity and ethical behavior that extends throughout an organization. This includes ensuring that management is exemplifying this culture and that effective internal controls are in place to mitigate fraud risks. For public companies, two board committees generally have the most influence in preventing fraud: the audit and governance committees.

To be effective, the audit committee needs to take a proactive approach to mitigating fraud risk and ensuring the company’s internal controls are adequate for its risk profile and industry. This committee can take several steps to proactively combat fraud, including:

• Ensuring that internal and external audit personnel have proper independence and sufficient resources to do their jobs effectively

• Asking specific questions on how the internal and external auditors identify fraud risks and design their audit tests to address these risks

• Assessing whether violations of the law or company policies are appropriately and swiftly investigated and remediated

• Discussing financial reporting issues with management and with internal and external auditors

• Overseeing any legal or regulatory compliance audits required by federal regulations or state laws, as well as any regular self-assessment of internal controls

The governance committee’s primary role is evaluating both how the board is functioning and how the culture is achieved; it is also critical in advancing the company’s mission, vision, and strategies. Specifically, the governance committee can address reputational risks (impacted by fraud) by:

• Ensuring the organization’s operations are aligned with its stated mission, vision, and specific policies and procedures

• Reviewing the company code of conduct and governance policies (e.g., whistleblower policy) to ensure compliance with applicable laws that address company and industry risks

• Conducting at least annual performance reviews of key executives

• Identifying and recruiting board candidates who meet the mission and culture of the board and organization

• Reviewing the performance and effectiveness of the board and committees and making recommendations for improvement

This advice also applies to privately held companies or nonprofits: even if the board is not organized into these committees, it still has a fiduciary responsibility to the organization and its key stakeholders. Although privately held or nonprofit entities do not have SEC reporting requirements, they still must comply with laws (including those covering fraud issues) at the federal, state, and local levels.

Important as these steps are, the purpose of fraud mitigation is not merely to comply with the law, protect company profits, and avoid director liability. Preventing fraud enforces the company culture; protects its brand, mission, and objectives; and provides operational longevity for future generations of employees, customers, and suppliers.   

Whether serving public, private, or nonprofit entities, all board members have a responsibility to reduce the risk of fraud. The beginning of a new year is a great opportunity for boards to review their companies’ preventive fraud controls and look for opportunities to strengthen these practices in this challenging environment. Attention to preventing fraud now can save a company—and its board—time, money, and reputation in the future.