Client Portal
Porte Brown Wealth Management

What Is Residual Fraud Risk — and What Can Your Business Do About It?

By regularly analyzing risk, business owners and executives can better understand and manage the likelihood and potential impact of fraud. In general, there are two types of business risk: inherent and residual. Inherent risk is what exists before management takes steps to mitigate the organization's exposure. Residual risk is what remains after management has implemented internal controls to reduce and manage threats.

Because no program of internal controls can possibly eliminate all threats, residual risk is always a reality. But there are ways to mitigate it.

fraud risk analysis

4 Types of Internal Controls

Internal controls generally fall under one of the following categories:

  1. Detective. This type is designed to detect fraud already occurring. For example, you might generate a report that lists checks issued twice for the same invoice.
  2. Preventive. This control should deter unwanted activities. You might require your accounting department to reconcile purchase orders to invoices before issuing a payment.
  3. Directive. This type specifies actions to be taken to reach a desired outcome. For instance, your policy might call for blocking payment to a vendor that isn't in your vendor master file.
  4. Corrective. This last form intends to correct risky activity uncovered by accident or by an existing control. So you might establish new policies and procedures to replace those that have been ineffective.

The bottom line: Internal controls exist to mitigate risk. Deploying them reduces inherent risk, but typically leaves an organization with some residual risk. You might say that residual risk equals inherent risk minus the impact of internal controls on inherent risk.

Dealing with the Problem

A risk assessment can help your business evaluate residual risk. Experts generally use a risk matrix, a visual tool to depict the likelihood and severity of risk, to identify threats requiring further examination.

Another option for dealing with residual risk is to transfer it to a third party, such as an insurer. As an example, your organization might buy an errors and omissions insurance policy to mitigate the risk of unintentional mistakes that could possibly have been prevented with more robust controls.

Sometimes, however, the cost to deploy additional controls or shift residual risk outweighs the benefit. Although it may be possible to reduce residual risk, installing additional controls may be too costly or add unnecessary administrative red tape that inconveniences employees and customers. In those cases, many businesses decide to allow residual risk to remain.

Contingency and Monitoring Plans

If you decide to leave residual risk, develop a contingency plan to help reduce potential damage. Suppose your business reconciles its bank accounts monthly, rather than daily or weekly. In this case, the residual risk is that you might not discover fraud until several weeks after it has occurred. A contingency plan could help by providing step-by-step policies (such as notify your bank immediately) to remediate any fraud.

It's also smart to regularly review and monitor residual risk levels. To return to the previous example, if your organization performs reconciliations every month and then decides to increase the number of bank accounts it uses, residual risk may rise to unacceptable levels. At that point, you might want to start conducting reconciliations on a weekly or daily basis. Staying current with industry best practices and compliance standards can further help keep residual risk in check.

Essential Component

Monitoring residual fraud risk is an essential component of any company's risk management program. Contact us for more information or to schedule a fraud risk assessment.

We Help You Get to Your Next Level™

Get in touch today and find out how we can help you meet your objectives.

Call Us

Corporate Office

845 Oakton Street
Elk Grove Village, IL 60007
(847) 956-1040 phone
(847) 956-6780 fax
info@portebrown.com

Porte brown site

Services

Industries

SSL Certificate Issued by Let's Encrypt Authority X3Authorized IRS e-File ProviderNamed One of the Best Places to Work in ILSafeSend ReturnsAICPA Peer Review ProgramNamed a Top 50 Construction Accounting FirmInside Public Accounting Top 200 Firms 2024 Accounting Today 2024 Regional Leader Accounting Today 2024 Best Firms to Work For
Porte Brown, LLC BBB Business Review
See the Porte Brown LLC Best of Accounting ratings on ClearlyRated.
Named One of the Best Places to Work in IL

Porte Brown LLC © 2024  |  PorteBrown.com  |  Chicago CPAs, Accountants & Consultants  |  PRIVACY POLICY  |  SiteMap

Securities offered through Avantax Investment Services℠, Member FINRA, SIPC. *Investment advisory services offered through Avantax Advisory Services℠ ** Insurance services offered through an Avantax affiliated insurance agency. Avantax affiliated advisors may only conduct business with residents of the states for which they are properly registered. Please note that not all of the investments and services mentioned are available in every state. The Avantax family of companies exclusively provide investment products and services through its representatives. Although Avantax Wealth Management℠ does not provide tax or legal advice, or supervise tax, accounting or legal services, Avantax representatives may offer these services through their independent outside business. This information is not intended as tax or legal advice. Please consult legal or tax professionals for specific information regarding your individual situation. Content, links, and some material within this website may have been created by a third party for use by an Avantax affiliated representative. This content is for educational and informational purposes only and does not represent the views and opinions of Avantax Wealth Management℠ or its subsidiaries. Avantax Wealth Management℠ is not responsible for and does not control, adopt, or endorse any content contained on any third-party website.