• someone has incentive to commit fraud;
• proper internal controls are lacking, which provides an opportunity;
• and the person committing fraud is able to rationalize his or her behavior.

These three components are known as the “fraud triangle.”

The stories in local and national news about recent corporate scandals typically identify at least one of the components of the fraud triangle as a factor in fraudulent activity. These accounts point out that relying on honest employees is inadequate assurance that fraud, whether theft of corporate assets or misstatement of business financial results, will not occur in a business.

Congress passed the Sarbanes-Oxley Act, referred to as SOX, in July 2002 as a result of these scandals and sought to regulate the handling of audits, financial reporting and disclosure, conflicts of interest and corporate governance at public companies. The law is mandatory only for publicly traded businesses, but its spirit represents “best practices” for virtually all businesses.

Incorporating these best practices into an anti-fraud program will help ensure the integrity of the financial statements used by management to make vital business decisions, safeguard hardearned business assets, and communicate your commitment to your business’s stakeholders.

Responsibilities of the CPA and management

To be effective, an anti-fraud program must be based on teamwork among owners, management, employees, the company’s independent accounting firm and other professional advisors.

Before our firm begins a financial statement engagement, professional standards require that we and our clients understand and agree on our and management’s responsibilities for each project. A responsibility included in our annual engagement letter, one that company management typically accepts as part of the engagement, is the “design and implementation of programs and
controls to prevent and detect fraud.” We believe every business has ongoing opportunities to improve these programs and controls.

The following are the three critical elements of an effective corporate anti-fraud program, identified by a joint task force of the AICPA, Association of Certified Fraud Examiners and five other associations representing financial management professionals:

1. Create and maintain an entity-wide culture of honesty and high ethics;
2. Implement an ongoing process to assess and measure the risk of fraud, and identify
procedures necessary to mitigate the identified risks;
3. Develop an oversight process that regularly monitors the company’s anti-fraud programs
and provides regular communication about the results of these programs to the Board of
Directors/owners and various levels of management.

Maintaining an ethical corporate culture

Setting the “tone at the top” is the essential ingredient insuring the success of a company’s antifraud efforts. If top managers act one way, they cannot expect employees to act differently. “Do as I say, not as I do” as a management style will significantly increase the risk of fraud occurring within a business. Management policies and behavior must convey a zero tolerance for unethical actions and fraudulent financial reporting.

A common theme has surfaced in many of the well-publicized fraud cases now working their way through the courts: Top management gave implied directives that “we must achieve our performance objectives, no matter how we accomplish them.” In too many cases, unachievable business goals encouraged employees to take inappropriate actions, the results of which have
proven catastrophic.

The foundation on which a culture of ethical behavior is built is a strong corporate code of conduct. This code of conduct must be communicated to every employee in an organization and must be regularly referred to in day-to-day operating procedures. Firm-wide ownership of this code can be promoted by requiring every employee to annually confirm in writing their
understanding and compliance, and their promise to continue compliance in all future business activities.

Another step to achieving an ethical corporate culture is to implement procedures promoting a positive workplace environment. A negative workplace environment increases the risk of poor employee morale, which can affect employee attitudes toward tolerating fraudulent behavior, whether their own or the behavior of employees around them. Providing a clearly
communicated procedure that encourages and assists employees in seeking advice when they face decisions that might have serious outcomes is essential.

Another important policy is to create for employees a procedure to communicate suspected unethical behavior in a non-threatening, confidential manner. Every employee has an equal opportunity to improve a business’s ethical environment or to damage it. Consider for employment only those most likely to embrace the company’s code of conduct.

As well, employee promotions and performance reviews should regularly consider contributions to appropriate workplace environment and compliance with the company’s code of conduct.

Finally, disciplinary action for violation of ethical standards must be timely, fair and decisive. A strong response to undesirable behavior is one of the most effective deterrents to violations of a company’s ethical standards. Management must consistently assert that they will not tolerate dishonest actions.

No business is immune to the risks associated with fraudulent behavior by its employees. No matter how large your business, you can take many steps to regularly reduce the risks of fraud. Gaines Kriner Elliott is committed to helping your business reduce business risks while achieving your goals. We look forward to sharing our ideas with you.

Amherst: 100 Corporate Parway, Suite 200, Amherst, NY 14226, 716-250-6600
East Aurora: 100 Riley Street, East Aurora, NY 14052, 716-652-1042