Skip to content
a man and a woman talking on the phone

Four Steps to Respond to Fraud

Published
Aug 20, 2025
By
Kristen Herman
David Sumner
Topics
Share
On This Page
Identifying the Root Cause of the Fraud
Assessing the Impact of the Fraud on the Organization
Developing a Remediation Plan
Monitoring Remediation
What to do if you Suspect Fraud in a Company?

Get in Touch with EisnerAmper

Contact US

Fraud can be devastating and crippling to organizations in many ways. Having an approach to properly identify, assess, and develop a plan to remediate fraud is essential for decreasing future occurrences.   

This article provides a detailed discussion of the four steps an organization should take following the identification of fraud:  

  1. Identifying the root cause of the fraud  
  2. Assessing the impact of fraud on the organization  
  3. Developing a remediation plan  
  4. Monitoring remediation 

Key Takeaways  

  • Immediately after fraud detection, a thorough investigation should be started to identify the root cause, quantify losses, and pinpoint responsible parties. 
  • Fraud's impact extends beyond financial loss, encompassing significant reputational damage and severe legal or compliance implications. 
  • Developing a SMART (Specific, Measurable, Achievable, Relevant, Time-based) remediation plan is essential for preventing future occurrences. 
  • Consistent and independent monitoring of the remediation plan helps maintain its effectiveness and long-term success. 

Identifying the Root Cause of the Fraud: 

 When identifying fraud, the organization must conduct an internal investigation or engage a third party to determine:  

  • The amount involved 
  • The individual or individuals responsible 
  • The root cause to prevent similar incidents in the future 

This investigation should also involve determining whether controls did not operate as designed, were not designed appropriately to prevent or detect fraud, or were not implemented to mitigate the risk. It’s also important to consider if collusion among employees allowed controls to be circumvented.  

Example of Finding Fraud in Your Organization  

As an example, Company ABC’s Accounting department identifies an increase in expenses when performing a quarterly budget vs. actual analysis. Upon further investigation, it was discovered that Accounts Payable was making fraudulent payments to fictitious vendors.  

By reviewing system logs, it was identified that the Accounts Payable Manager made these payments. The root cause was that the Accounts Payable Manager had access within the system to create vendors, enter invoices, create check runs, and print checks. This set of circumstances are an example of improper segregation of duties and a lack of control.  

Assessing the Impact of the Fraud on the Organization 

Fraud may have multiple impacts on an organization. Understanding these impacts can help your organization respond appropriately.  

Financial Loss and Recovery Challenges 

First, and typically the most severe, is financial loss. In extreme cases of fraud, such as Enron or Worldcom, it can result in bankruptcy. Investigating helps determine the extent of the financial loss. This often requires extensive analysis and review of financial records. Only 13% of fraud cases recover all the losses, while 57% of fraud cases result in no recovery of stolen.

Organizations may also incur the cost of hiring a third-party firm to perform the investigation and determine the full financial impact if it cannot be performed in-house. In the example above, all fraudulent vendors would need to be identified in the vendor master file, and the payments made to each vendor would need to be quantified in order to determine the financial loss. Additionally, if the system allows vendors with a payment history to be fully deleted, reviews of bank statements may be necessary to identify the entire population of vendor payments fully. 

Reputational Damage  

Fraud can negatively impact an organization’s reputation. If fraud becomes publicly disclosed, customers and vendors may refrain from doing business with the organization. The organization may be perceived as lacking internal controls or having inadequate safeguards. Additionally, if employees become aware of the situation, they may feel that there is a lack of effective leadership and governance and choose to leave the organization. Nonprofit organizations are especially vulnerable to reputational risk, as it can significantly impact their fundraising efforts and donations. 

Legal and Compliance Implications  

Fraud can trigger legal or compliance implications for the organization. For example, if the company is publicly traded and the fraud is a material event, it should be disclosed in their 10-Q / 10-K SEC filing. Investors may then lose faith in the company and sell their shares, leading to a decline in the company’s stock price. It may also result in fines and penalties, lawsuits, or regulatory actions against both the organization and potentially key leaders.             

Developing a Remediation Plan 

Once the root cause of the fraud is identified, the organization should establish a remediation plan that will detect and prevent the issue from recurring. A SMART (Specific, Measurable, Achievable, Relevant, and Time-based) remediation plan is necessary to prevent recurrence.   

This plan should detail:  

  • Who is responsible for implementing each action?  
  • What specific actions will be taken?  
  • What are the deadlines for implementation?  
  • How will the action be performed and documented?  

Don’t hesitate to seek an outside or independent perspective on the corrective actions. Often, the original fraud occurred due to organizational blind spots, and an objective viewpoint can help avoid repeating those same challenges in the remediation plan.  

Example Fraud Remediation Plan  

Continuing with the accounts payable fraud example discussed above, the remediation plan may include:   

  • Implementing a system segregation of duties to ensure the same individual cannot create vendors, process invoices, process check runs, and issue payments. 
  • A systematic workflow approval of new vendors and vendor changes by a second individual, system approval of invoices by department managers.
  • A review of the payment run by an individual in the accounting department.  

While system changes may require time and resources, temporary manual controls (e.g., manual review of new vendors and check run reports by an independent party) can be implemented immediately to mitigate risk.  

Monitoring Remediation  

Once the remediation plan is established, it must be monitored until fully implemented. Ideally, this should be conducted by an independent party, such as an internal audit or a third-party consultant.  

Monitoring should include:  

  • Periodic follow-ups with the assigned owner to confirm the progress towards the estimated completion date and to determine what has been accomplished to date. 
  • After implementation, assess the design of the new or revised control to confirm it appropriately mitigates the fraud risk. This step helps to deter further issues down the road.
  • Once the control design is determined to be effective, operating effectiveness testing should be performed after the control has had sufficient time to operate based on the intended frequency.  

Example of Monitoring Fraud Remediation  

With the accounts payable example, the design assessment of the new vendor or vendor change review would include performing a walkthrough of the following:  

  • How is the new vendor or vendor change identified and communicated to the reviewer? 
  • How would the individual identify if a new vendor or vendor change was performed that was not communicated to the reviewer? 
  • What does the individual review to confirm if the new vendor or vendor change is legitimate and was accurately entered into the system?  
  • Confirming that the reviewer does not have access to enter or make changes to vendors in the system.
  • How are potential conflicts of interest logged and evaluated in the approval process? 

Operating effectiveness testing of the above would entail: 

  • Obtain a systematic listing of new vendors and vendor changes post-remediation 
  • Select a sample of those new vendors and vendor changes for testing 
  • Inspect evidence of review of the new vendor and vendor changes, and agreement to the underlying documentation
  • Obtain a system-generated user access listing and inspect it to confirm that the reviewer does not have access to create or modify vendors 

What to do if you Suspect Fraud in a Company?  

It’s important for an organization to develop an approach not only to detect fraud but also to make sure there is a consistent process in place after an incident to identify the root cause and develop a plan to detect and prevent future occurrences in a timely manner.  

By implementing these steps, organizations can better navigate through the challenges and disruptions that result from fraud. Contact EisnerAmper for a consultation on fraud prevention strategies and fraud response planning.  

Identifying the Root Cause of the Fraud
Assessing the Impact of the Fraud on the Organization
Developing a Remediation Plan
Monitoring Remediation
What to do if you Suspect Fraud in a Company?

Get in Touch with EisnerAmper

Contact US

What's on Your Mind?

a woman in a black suit

Kristen Herman

View Profile
a man in a suit

David Sumner

View Profile

Start a conversation with the team

Explore More Insights

Article

Cybersecurity Regulatory Risk Management for Investment Advisors and Broker-Dealers

  • Cybersecurity
Read More
diagram, engineering drawing
Article

Mitigating Fraud in Class Action Settlements

  • Fraud Awareness
Read More
Article

Private Equity Valuation Considerations

Read More
a couple of large ships in the water
Article

Business Valuations: Tariffs and TCJA Sunset

  • Tax
Read More
a screenshot of a computer
Article

Leveraging Technology for Advanced Audits: Transforming Internal Audit Processes

  • Artificial Intelligence
Read More
a person typing on a keyboard
Article

Harnessing AI in Fraud Prevention and Detection

  • Fraud Awareness
  • Artificial Intelligence
Read More
a calculator and glasses on top of a piece of paper
Article

No Enforcement of CTA Penalties While FinCEN and Treasury Revamp Rules and Filing Deadlines

  • Tax
Read More
a white building with a dome and a fountain in front of it
Article

The Critical Need for Efficiency & Compliance in Federal Funding

  • Tax Legislation
Read More
a large lighted structure
On-Demand Webinar

Government Webinar Series | Part II

Read More
a large white building with a flag on top with El Capitolio in the background
On-Demand Webinar

Government Webinar Series | Part I

Read More
a man holding a smart phone
Article

ISO 42001: The New AI Management System Standard

  • Artificial Intelligence
Read More
a person holding a tablet
On-Demand Webinar

How Property Insurance Risks Can Impact Real Estate Valuation

Read More
View All Insights

Receive the latest business insights, analysis, and perspectives from EisnerAmper professionals.

Subscribe