Annual fraud risk assessments can be very effective in finding obvious fraud threats and documenting internal controls that are in place to minimize them. However, these assessments can overlook evolving and behavioral risks that could cause significant financial losses if bad actors exploit them. You can help boost the power of your risk-reduction program by actively looking for potential blind spots.

Here are several examples of possible threats and how you can mitigate them:

Performance pressure. Unrealistic performance targets that employees can’t achieve legitimately may create a “win at all costs” culture that encourages cheating. This is particularly true if you tie compensation to overly aggressive goals. You can reduce this risk by ensuring performance metrics include integrity-related measures. In addition, performance outliers should be analyzed, and employees should be required to detail how they met their stretch goals.

Cultural shortcomings. Low utilization of confidential fraud hotlines and whistleblower channels can indicate cultural problems. For example, your workers may not trust that their tips will be taken seriously or worry they’ll be subject to retaliation. So track all tips your business receives (via anonymous mechanisms, direct reporting to managers and other methods), including how they’re investigated and their ultimate resolution. While maintaining confidentiality, communicate such resolutions to employees to promote confidence in your system.

Poor tone at the top. Not every executive models ethical behavior. For instance, a company leader might routinely override internal controls or ignore safety precautions. In such cases, workers may resent executive “privilege,” and some could use their grievances to justify fraud. Your business’s policies must apply equally to all employees, including executives. It’s critical to demand integrity of your executives and to thoroughly investigate complaints about them. Executives found to be culpable of serious infractions must suffer consequences.

Accepted noncompliance. When minor policy exceptions become commonplace, standards across an entire organization can gradually erode. At that point, workers may regard compliance as an obstacle to overcome, rather than a mechanism to protect their employer and fellow employees. Reduce such risk by tracking policy compliance, noting the exceptions and monitoring trends. Also, regularly retrain workers on compliance procedures and any acceptable rationalizations for overriding them.

Annette Benson, CPA, CFE, and Partner comments,

“Fraud risks are constantly evolving, and businesses can’t afford to rely solely on standard assessments. To truly protect your organization, it’s essential to take a deeper look at behavioral and cultural risks that are often overlooked. At CDS, we emphasize proactive strategies, such as fostering a culture of integrity, ensuring accountability at all levels, and regularly evaluating internal controls to stay ahead of potential blind spots.”

The bottom line: Take steps now to address any policy pitfalls or employee behavior that might promote unethical or criminal activity. For most businesses, the best defense is proactive leadership, transparency, well-designed incentives and demonstrated respect for honesty and following rules. We can help you develop internal controls that address your company’s most significant risks. Contact one of our experts at (888) 388-1040.