How much is fraud costing your organization? The Association of Certified Fraud Examiners (ACFE) in their biannual 2024 Report to the Nations indicated organizations lose 5% of their revenue to fraud each year.
In a time when fraudulent activities are viewed as on the rise and it is understood that these dishonorable activities can lead to monumental losses, shatter the trust of investors, and instigate severe legal consequences, the need for board members to remain vigilant and inquisitive is paramount. The COSO Fraud Risk Management Guide emphasizes the devasting impact that fraud can inflict on an organization; accentuating the crucial function of audit committees in cultivating a culture of adherence, honesty and accountability. The board can set the foundation of an effective control environment by consistently setting the expectation for and demonstrating a strong no tolerance “Tone at the Top.”
Board members should actively monitor evolving organizational risks and question key stakeholders to effectively identify and address those risks. This is critical information for the board to empower themselves to take well informed and commensurate actions . A director’s role as the guardian of integrity is not just supervisory in nature, but also investigative and preventive.
BDO has crafted this guide to assist board members in their mission to be proactive, diligent, and equipped with the knowledge and strategies necessary to uphold the highest standards of corporate governance. Board members must ask insightful questions to help ensure effective compliance and manage fraud risks adeptly.
Creating an Environment Inhospitable to Fraud
BDO recently hosted a panel discussion at the National Association of Corporate Director’s annual conference in Washington D.C entitled “Director Liability & Responsibility: Reexamining the Board’s Role in Fraud Prevention, Detection, and Mitigation in an Age of Disruption.” Amy Rojik, BDO National Managing Principal, Corporate Governance, posed questions to Holly Carr, BDO Managing Director, Forensics, and Kevin Abikoff, Partner, Proskauer Rose LLP, about leading practices in the board’s oversight of fraud risk. Key points discussed:
Initiate Crucial Fraud Conversations in the Boardroom
- It is critical to engage in regular and meaningful discussions about fraud within the boardroom. With frequency, these conversations will become more comfortable and productive. Focus on the systems, policies, people, and culture that support fraud prevention, mitigation, and detection. Who are your internal gatekeepers? What structure supports their efforts?
- Align goals and discuss activities among committees to help ensure there are no inadvertent incentives or pressures being created by the board that could incentivize fraud within the company. Are compensation performance targets overly weighted toward objectives and incentivizing management to overstate or engage in overly aggressive conduct? Is the strategy for expansion into new markets and/or products supported by the full board accompanied by deep dives into associated regulatory, operational, or financial risks by the appropriate committee?
- Consistently ask open-ended questions directly to your internal gatekeepers and attentively listen to the responses. Are you hearing alignment among various gatekeepers? Are there patterns in origin of risks? Does your management team understand the organization’s evolving risk landscape?
- Maintain the same healthy degree of skepticism you expect from your C-Suite and auditors. Demonstrate courage by asking tough questions and accept that some responses will not be what you want to hear but what you need to know.
Dive Deeper
- Understand the fraud risk factors your organization faces, and the associated deterrence and mitigation efforts. What mechanisms are in place to identify how and by whom the organization may be susceptible to fraud? How are these identified vulnerabilities being addressed? If fraud risks increased in your organization, how would you know? How do you assess the effectiveness of these efforts?
- Obtain ongoing board education on leading practices to maintain an anti-fraud environment. How often, and by whom, is your board educated in leading fraud risk oversight practices?
- Oversight of fraud requires discussion/brainstorming, timely management reporting, and continuous inquiry of gatekeepers on evolving risk identification and environmental factors impacting the company. How often is fraud risk on your board agenda? How frequently does the board assess its operating environment against its fraud risk factors?
- A fraud response plan should be part of the overall crisis management protocol to help ensure that the organization is prepared to respond effectively if and when fraud is suspected. Does the organization have a fraud response plan in place that outlines key roles, policies, and investigation responsibilities? What skills might be needed to perform the investigation? What are the legal considerations? How do you preserve information critical to the investigation?
Trust but Verify
- Evaluate and monitor company culture because culture goes beyond a well-designed policy founded in ethics and extends to daily compliance actions; both of which need to be regularly evaluated and continually fostered. Organizational undercurrents identified through employee surveys and exit interviews could be early indicators of shifts in fraud tolerance or a growing culture of silence. How does the company communicate, encourage, and monitor culture?
- Regular audits, of all types, are an important tool for detecting and preventing fraud. The board (audit committee) should challenge the auditors’ approach and insist on being informed early of risks that may impact the organization. What issues have prompted the auditor to expand procedures? Did the external or internal auditor identify any new risks of fraud during the current year audit?
Most Importantly - Set, Maintain, and Promote the Tone at the Top
- The board sets the tone for the executives, and the executives set the tone for the entire organization. Be visible and accessible to stakeholders and have protocols for the elevation and communication of information to the board. How do you evaluate the tone at the top of your organization?
- Swiftly and fully address conduct and communications that do not align with the organization’s code of conduct or culture. How are these instances identified and what is the response protocol?
- Consistently speak with one unified voice. Do you have clear communication roles and responsibilities for interactions with your stakeholders?
This proactive approach not only meets legal and ethical standards but also helps equip organizations to navigate the complexities of today’s business world with integrity and resilience. Boards aiming to enhance governance in an increasingly complex and regulated environment are encouraged to strategically approach risk management by tailoring these points to the specific context and needs of their organization. Learn more about the BDO Center for Corporate Governance and our Fraud and Forensic Services.