Your risk management strategy sends signals to internal stakeholders, customers, partners, investors, the public at large, and sometimes a courtroom about what’s important to your organization.

A visible, well-designed risk management plan tells people that you are serious about managing the organization to protect what’s important and minimize losses.

Think of it this way. You would always expect someone like a potential partner or customer to evaluate your organization to determine how well it can deliver its promised goods and services. You would expect them to measure the opportunity you offer against alternatives in the same market.

The flip side of that ability to produce an outcome (i.e. promised goods and services) is the ability to minimize the threats against it, or in our parlance, to mitigate the risks. To anyone who is looking at your organization closely to decide whether to work with you or not, your strategy to mitigate risk is an integral part of the whole picture. An organization with a strong risk management strategy is a better partner or supplier, more trustworthy, and more likely to deliver on its promises.

How do People See Your Risk Management Strategy?

There are a number of ways people see your risk management strategy in their interactions with your organization. Here are a few of the important ones:

Contract negotiations

If your contracts are tight and include identification of risks and steps to mitigate them, your potential partner or customer gains confidence in both the process and the probable outcome. Most contracts these days go through a legal review that will insert typical clauses about liabilities. But going beyond the usual to identify risks to the partnership the contract represents, e.g., a third-party vendor, strengthens the impression of your organization.

Partnerships

You probably try to establish beneficial partnerships with suppliers, distributors, shippers and others whose cooperation helps to get your product to market. These partners will learn about your risk management strategy in how you set up joint processes to minimize threats. They will also understand that they are under scrutiny as potential risks as well.

Customers and prospects

If you are transparent in identifying the potential risks in a transaction and how you will address them, your customers will gain confidence that you know what you are doing. You will be seen as a reliable vendor.

Hiring process

Careful screening of candidates and employees sends a message to prospective applicants, fellow employees, and the public about your desire to create a safe and productive workplace. Lacking a defined employment screening process can leave you open to attracting candidates who are specifically looking to bypass such potential hiring barriers.

Insurers

Your insurance company may require a risk management plan, or specific risk mitigation tactics, before issuing a policy. However, beyond that, the quality of your risk management strategy could earn you more flexible underwriting and possibly even a better rate. Insurers understand risk!

Peers

Your peers in your market know your business almost as well as you do. Your reputation with them is an important asset, and how you manage risk will be part of it.

Ultimately, it’s a matter of trust. A risk managed business or organization is simply more reliable.

Given the high prevalence of organizational fraud, as reported by the Association of Certified Fraud Examiners (ACFE), companies have strong incentives to invest in fraud auditing capabilities—both internal and independent (external) audits. While both are extremely effective, this article is focused on internal audits.

It turns out, companies with properly-structured internal audit systems are less likely to experience severe losses due to internal fraud. Further, we find the existence of a strong internal audit capability is of significant interest to underwriters when reviewing applications for crime and fidelity insurance coverage.

All companies can benefit from an internal audit system. When properly structured it provides a layer of protection and sends a strong message to both company vendors and employees that fraud will be detected quickly and won’t be tolerated. Continued monitoring leads to ever changing processes and controls that provide corrective measures designed to deter and detect fraudulent activity.

However, the likelihood of a company having an internal audit unit varies with the size of the company. Small companies are more often found without the internal audit departments, largely based on cost. These firms utilize the services of an independent audit firm to minimize exposure to fraud. This will be the topic of our next article.

7 Best Practices for Internal Audit

The internal audit, like any audit, requires sufficient autonomy, resources, skills, and access to relevant records to produce reliable results. It should operate according to a plan created and/or approved by the Board of Directors, with transparency in its functions that communicates its purpose to all vendors and employees. Communicating a strong message of zero tolerance on fraud and abuse is essential. The internal audit committee has an obligation to report the self-identified audit issue to the Audit Committee or the Board of Directors itself, if possible. … Continue reading

We’re pleased to kick off the new year by sharing our most-read blog posts from the Risk Management Blog in 2014.

1. Protecting Against Ghost Employee Fraud

Payroll fraud accounts for about 9.3% of occupational fraud at a cost of over $300 million per year across all types of organizations. One of the most common forms of payroll fraud is the use of “ghost employees” to divert money to fraudulent identities. Like all organizational frauds, this is a hidden crime that can best be prevented by controls designed to expose all payroll transactions.

Read full post >

2. Key Components of a Fraud Risk Prevention Policy

In this post, we offer an overview of the elements of a fraud prevention program that would be useful in any organization. Summarized from, Managing the Business Risk of Fraud: A Practical Guide, produced by a consortium of associations, the guidelines point to specific steps managers can take to implement an effective fraud prevention program.

Read full post > … Continue reading

The evidence is that organizational fraud occurs at a startling rate and at great cost. Fraudsters can occupy positions at any level and in any kind of organization, finding creative ways to enrich themselves at the expense of the organization. Owners, managers, and employees who dismiss or minimize the chances of fraud occurring in their workplace do so at their financial peril.

The hard truth about organizational fraud is that new fraudsters emerge every minute. They are not born that way—need, self-serving justifications, and opportunity can turn a trustworthy employee into a thief without warning. Situations such as addictions, family troubles or financial pressures can help to create the circumstances that might trigger fraudulent behavior in someone who wouldn’t normally commit fraud.

In other words, the most salient fact about fraud is that it is a highly probable event given enough time for a would-be fraudster to find opportunities somewhere in the organizational environment. Fraud is as constant as human nature.

You Cannot Eliminate Fraud, But You Can Manage It

Given the continuous emergence of new fraudsters, it’s easy to understand when some organizational managers throw up their hands in defeat. But the risk of fraud can be managed just like any other risk. In a column on this topic, the Economist summed it up:

Fraud by wayward employees, be they high or low, can never be eliminated. Directors and executives can, however, treat it like any other unavoidable risk, and manage it professionally. … Continue reading

Most managers, and in fact employees at all levels, assume their co-workers are honest and working to do their best for the organization. Unless they are the one who is perpetrating a fraud.

Unfortunately, occupational fraud is a lot more common than most people think. The Association of Certified Fraud Examiners (ACFE) has published a series of reports based on fraud examiners’ actual cases that document the pervasiveness of these hidden crimes. The 2014 edition of the Report to the Nations on Occupational Fraud and Abuse confirms that fraudsters steal 5% of top line revenue every year, which amounts to over $650 billion per year in the U.S. alone, and an astonishing $3.7 trillion worldwide. … Continue reading