How well do you understand your fraud risks?

16 December 2019

Our recent CEO survey highlights that cyber security, privacy and the related reputational and fraud risk are at the top of the agenda for leaders of tech companies. This was at the heart of the discussion at our recent client event, aimed at leaders of technology companies. In this article, we would like to shed some light on how frequently fraud impacts businesses, the associated costs and and one of the key steps you can take to protect your organisation.

In today’s world, it’s not a question of if but when 

In the last few years we have seen that fraud is continuing to run at high levels, with 50% of UK respondents to the most recent Global Economic Crime Survey (“GECS”) reporting that they have experienced economic crime in the past 24 months and nearly a quarter of respondents losing over £700,000 in the past two years.

So it’s now less a question of if but when a fraud is going to strike your business, and how severe the impact is likely to be. But it is not all doom and gloom - there are a number of steps you can take to protect your business. 

In this blog, we are focusing on the first step - conducting a thorough fraud risk assessment. We will cover other steps you can take to tackle fraud risk in subsequent blogs.

How well do you understand your fraud risks?

It’s critical that you understand your business’ specific fraud risks. As fraud can arise in a variety of ways and in a variety of different parts of your organisation there is no way to completely mitigate all fraud risk. Therefore, rather than spending time and money trying to mitigate non-material fraud risks, it is key that a detailed fraud risk assessment is performed to help you focus on the big ticket areas. This assessment should be performed to identify, at a granular level, the main incentives, pressures and opportunities within your business and, therefore, what frauds that are most likely to occur and would have the most significant impact (either reputationally or financially).

Some key questions to ask yourself about your risk assessment are:

  • Are you just focusing on the obvious areas, where you probably already have the best controls?
  • When did you last update your risk assessment? Does it adequately reflect your business as it is today?
  • Do you have a holistic view of fraud risks, or have your risk assessments been carried out in silos?
  • Have you engaged with all relevant stakeholders, and do your senior management have a sufficient level of oversight?
  • When considering how a fraud could occur in your organisation, have you put yourself in the mindset of a fraudster?
  • Would your risk assessment stand up to scrutiny in the event of an unexpected investigation under the Criminal Finances Act or the UK Bribery Act?

Both the risks of fraud and the approach taken to manage and respond to these risks are specific and individual to each organisation. If you are interested in benchmarking your organisation’s response to fraud risk against best practice, or would like some advice in this area, please do get in touch. 


Steve Bewick |  Director
Profile | Email | +44 (0)7725 706095


Elizabeth Oram |  Manager, Digital and Forensic Investigations
Profile | Email |  +44 (0)7525 280949