Artifice’s “Forensic” Difference
While corporate compliance officers, information systems managers, internal and external auditors, and others routinely conduct fraud risk assessments, those assessments are generally at a high level. Those who design and conduct such assessments often have minimal training and experience with fraud. Though such assessments and audits are an important and necessary part of an entity’s compliance and control structure, and occasionally detect fraud, they should be viewed as one tool in an entity’s anti-fraud toolbox.
Our professionals are passionate about helping our clients prevent, detect and respond to fraud. In addition to monitoring thousands of news sources to keep abreast of emerging trends related to fraud, our experts utilize their creativity and vast experience to contrive their own potential fraud schemes, which we then incorporate into our assessments in order to provide even greater assurance that your organization is protected. As a result, we routinely find significant vulnerabilities within the control structures of entities where internal and external auditors, third party investigators and even special project groups had previously scrutinized.
Utilizing our unique “Black Hat” approach, we step into the shoes of our clients’ board members, executives, managers and employees to determine how we, as fraud experts, would circumvent controls were we in those roles. Much like reverse-engineering, we then remediate or design new controls that would prevent or detect such circumventions.
Our professionals are adept at interviewing employees to uncover “work-arounds” they may be using. We use each employee’s experience to help us recognize potential control weaknesses, failures or vulnerabilities that other examiners miss.
Our techniques are not only creative, effective and engaging, but also serve to raise fraud risk awareness throughout an organization without instilling a tone of distrust. We have repeatedly found significant weaknesses within the control structures of entities, and in numerous cases, in places where internal and external auditors, third party investigators and even specific project groups had evaluated and missed.
One Size Does Not Fit All
Our experience has found that controls are not “one size fits all” and must be considered in light of each entity’s unique environment, size, risks, culture, resources and budget. Some controls that may be deemed a “best practice” by other advisors may not make sense in your business.
In some instances, we have found that well intentioned “best practice” controls created unnecessary difficulties and unmanageable workloads that caused employees to miss deadlines. As a consequence, employees who may have had no interest in committing fraud still created work-arounds to nullify the new control in order to meet their job requirements. The well-intentioned controls created environments that actually supported and accepted the circumvention of internal controls.