How operational and risk assessments can unlock value and deter fraud Featured

8:00pm EDT August 26, 2010
Many small business owners worry that they are susceptible to fraud and the potential impact it could have on their businesses.

In a recent survey by Deloitte, only 6 percent of respondents thought fraud was uncommon in private enterprises, and nearly half of the participants thought that the internal controls at private companies were insufficient to decrease the risk of fraud. In addition, many business owners are highly pessimistic about the current economic situation and their businesses’ short-term financial futures. A recent survey by Wells Fargo and Gallup found that small business owners were especially pessimistic about the future of their businesses, with 42 percent expecting it to be “somewhat” or “very” difficult to obtain credit, and 22 percent expecting their companies’ financial situations to be “somewhat” or “very” bad a year from now.

“Small business owners are being affected by two significant forces, each of which threatens their current and future profitability, as well as their prospects for survival: poor business environment and susceptibility to fraud,” says Harry Cendrowski, CPA, ABV, CFF, CFE, CVA, CFD, CFFA and managing director of Cendrowski Corporate Advisors. “However, comprehensive operational and risk assessments can help managers unlock value within their organizations and also preserve value through fraud deterrence.”

Smart Business spoke with Cendrowski about how to approach operational and risk assessments, and the steps that business owners can take to reduce fraud.

What are the key components of an operational assessment?

Operational assessments examine five areas of a business:

  • Business environment
  • Risk assessment
  • Control activities
  • Information and communication
  • Monitoring

An assessment of each of these factors is required for publicly traded companies but is less frequently performed for privately held firms. Each of these components is interrelated, and together they describe a business’s internal control environment.

How does a risk assessment differ from an operational assessment?

A risk assessment is really a deep dive into one component of operational assessments and involves the identification and analysis of potential risks that may impede an organization from achieving its strategic objectives. These include both internal and external risks to the organization.

Through risk assessments, organizational managers can develop plans to mitigate the risks an organization may face, helping to preserve their firm’s strategic and operational goals from potential threats and, hence, its value. Actively identifying internal risks can also help organizational managers remove the opportunity for fraudulent activity.

Moreover, while operational assessments may help an organization unlock, as well as preserve, shareholder value, risk assessments primarily focus on the latter activity.

How can operational and risk assessments help business owners save money?

Operational assessments can help business owners identify inefficiencies and waste, ensure sound decision-making and deter fraud. Each of these activities effectively reduces the cost of business, improving profitability and returns to shareholders.

Risk assessments help businesses preserve value within the firm and safeguard assets by identifying potential risks, quantifying the impact and likelihood of risks, and developing a plan for remediation. They help reduce the volatility of a firm’s earnings to a level commensurate with the organization’s risk appetite. And in some cases, they may help organizational managers insulate the firm from risks, including fraud, that might disrupt the accomplishment of organizational objectives.

Is the primary goal of risk assessments to reduce the risks an organization faces?

Not necessarily. The goal of a risk assessment is for organizational managers to better understand the impact and likelihood of risks they face, and to evaluate whether these risks are in line with the organization’s appetite for risk.

If they are outside the organization’s risk appetite, a firm’s operations and/or control structure must be changed to reduce the impact and likelihood of risks, or the organization should outsource the risks to a third party. If either of these activities does not take place, the firm may overexpose itself to risks and face potential degradation in its value.

For example, many private and publicly traded company managers and board members did not fully understand the risks their organizations bore prior to the global economic crisis. As a result, numerous financial institutions went out of businesses, but many types of businesses also found themselves succumbing to the economic aftershocks that proceeded financial institution failures.

What impact has fraud had upon organizations?

It’s hard to quantify the exact impact of fraud because much of it goes unreported. Some companies are afraid to risk their reputation should word of the fraud spread to their customers and suppliers.

However, the Association of Certified Fraud Examiners (ACFE) has estimated that the typical organization loses 5 percent of its annual revenue to fraud. Moreover, the ACFE found small businesses are particularly vulnerable to fraud because they generally lack controls to protect their assets from fraud.

This is one reason why small businesses, in particular, should focus on comprehensive operational and risk assessments. Significant amounts of value can be lost due to fraud. In the worst cases, the end result is bankruptcy.

HARRY CENDROWSKI, CPA, ABV, CFF, CFE, CVA, CFD, CFFA, is managing director of Cendrowski Corporate Advisors LLC. Reach him at or (866) 717-1607, or visit the firm’s Web site at