Fraud poses a critical risk to Government contractors. Not only do companies suffer the loss associated with the fraud event but if their business is Government contracting, they jeopardize their very existence if the fraud gets passed on to or affects the Government. Management can help mitigate that risk through diligent and ongoing effort to detect and prevent it. The IIA (Institute of Internal Auditors), the AICPA (American Institute of Certified Public Accountants), and the ACFE (Association of Certified Fraud Examiners) have published a guide called "Managing the Business of Risk and Fraud: A Practical Guide". This book is a free download from the AICPA.
From the book's Executive Summary:
As noted, fraud is any intentional act or omission designed to deceive others, resulting in the victim suffering a loss and/or the perpetrator achieving a gain. Regardless of culture, ethnicity, religion, or other factors, certain individuals will be motivated to commit fraud. A 2007 Oversight Systems study discovered that the primary reasons why fraud occurs are “pressures to do ‘whatever it takes’ to meet goals” (81 percent of respondents) and “to seek personal gain” (72 percent). Additionally, many respondents indicated that “they do not consider their actions fraudulent” (40 percent) as a reason for wrongful behavior.
Only through diligent and ongoing effort can an organization protect itself against significant acts of fraud. Key principles for proactively establishing an environment to effectively manage an organization’s fraud risk include:
principle 1: as part of an organization’s governance structure, a fraud risk management program should be in place, including a written policy (or policies) to convey the expectations of the board of directors and senior management regarding managing fraud risk.
principle 2: Fraud risk exposure should be assessed periodically by the organization to identify specific potential schemes and events that the organization needs to mitigate.
principle 3: prevention techniques to avoid potential key fraud risk events should be established, where feasible, to mitigate possible impacts on the organization.
principle 4: Detection techniques should be established to uncover fraud events when preventive measures fail or unmitigated risks are realized.
principle 5: a reporting process should be in place to solicit input on potential fraud, and a coordinated approach to investigation and corrective action should be used to help ensure potential fraud is addressed appropriately and timely.
The following is a summary of this guide, which provides practical evidence for organizations committed to preserving stakeholder value. This guide can be used to assess an organization’s fraud risk management program, as a resource for improvement, or to develop a program where none exists.