In today’s environment, there is an increasing demand from both private and public sectors in the Middle East to conduct Fraud Scenario Assessments (“FSA”) as part of their anti-fraud framework, as more organizations start to realize that they have to take fraud risk more seriously.
FSAs are about identifying potential fraudulent events that could negatively impact the organization if they occur. Nevertheless, in almost every FSA that I have conducted, I was asked by at least one of the Process Owners: “Why are we conducting these Fraud Scenario Assessments? Does Management not trust us?” This repeated question about correlating FSAs with distrust is what motivated me to write this article.
“Trust, but verify”. This famous quote by Ronald Reagan, the former US President, indicates that there is no contradiction between trusting and verifying. Similarly, conducting FSAs doesn’t mean that Management distrusts their employees, simply because FSAs focus on assessing the processes, not the employees. This is evident in the steps and activities carried out when conducting FSAs as highlighted below:
Clearly, none of the steps or activities above point towards mistrusting employees.
Moreover, the Fraud Triangle theory, which is an underpinning concept of FSAs, suggests that no one is born a fraudster; employees may commit fraud because of external factors that provoke such a behavior. For example, a Finance Manager may commit fraud if:
- He / She is under financial pressure to pay for his / her son’s expensive operation that the health insurance does not cover,
- He / She rationalizes the fraud if, for example, he /she was overlooked for promotion this year, and
- He / She has the opportunity to misuse his / her power over cash, as an example.
Clearly, the Fraud Triangle theory, which again underpins the concept of FSAs, is also not pointing towards distrusting the employees,rather it is suggesting that fraud could occur when all of the three elements above take place, regardless of whether the employee is trustworthy or not.
Indeed, employees should gain a great deal from being involved in FSAs because:
- Getting employees involved in the FSA process demonstrates that Management trusts their employees and wants them to take ownership of their involvement and improvement. It is an educational process to do better and become more effective.
- Prevention is better than cure. FSAs are an eye opener about fraud scenarios that your organization may be vulnerable to. FSAs allow Process Owners to look at their own work from a different perspective. In almost every FSA I conducted, the Process Owners tell me “We never thought of such a smart fraud scenario. We need to have more effective controls”.
- The 2016 Report to the Nations on Occupational Fraud and Abuse estimated that a typical company loses 5% of its revenues to fraud each year. Moreover, the 2016 Global Economic Crime Survey estimated that 36% of organizations experienced economic crime in the past 24 months. FSAs create the ethical tone from top Management to establish a zero tolerance culture to fraud. Hence, FSAs make the employees think about the internal controls that directly protect their organization by preventing fraud, and indirectly secure their job, as usually the ones who bear these losses at the end of the day are the employees!
In conclusion, conducting FSAs is not about distrusting employees. Rather, it is about protecting the organization and its employees. Managers should not be hesitant to conduct FSAs and employees should not be alarmed about FSAs or abstain from engaging in them. Indeed, the result of conducting FSAs is a win-win situation for all stakeholders including employees, shareholders, management, customers, and regulators.