A prolonged program for the prevention of frauds and embezzlements is part of the entity level controls that are required by the Sarbanes Oxley Act and constituted an integral component of the organizations’ risk management.

What is a multi-year plan for the prevention of embezzlements?

If in the past, companies made due with investigating embezzlements once they occur, the modern approach believes that it is much more economical to take appropriate measures to prevent embezzlements from being perpetrated.  A structured plan for the prevention of embezzlements indicates to employees that management has taken a firm stand on the matter and will display zero tolerance.  In addition, it provides senior management and the board of directors with a sense of security.

Since it is impossible to totally eliminate all acts of embezzlement and fraud, the plan will focus on the work processes that are defined to have a high degree of risk.  The plan serves as a tool that assists the organization in contending with frauds and embezzlements risk.

Plan objectives

The plan will assist management, ownership and the auditors of the organization in achieving the following goals:

  • Minimizing economic and operational damages to the organization.
  • Minimizing legal, reputational and other damages to the organization.
  • Proper direction of organizational resources toward strengthening the control framework especially at its weak points.


The unique methodology developed by Grant Thornton, the international network of which we are the Israeli member firm, is based on the ERM (Enterprise Risk Management) approach developed by the COSO organization.  We integrate this methodology together with the vast experience we have amassed in implementing the Sarbanes Oxley Act and top things off with our expertise in the field of forensic accounting.

Work method

These are the lists steps to prevent fraud and embezzlement: In its first stage, a survey of fraud and embezzlement risks should be conducted. In the second stage, an examination of the relevant fraud and embezzlement scenarios should be conducted. In the third stage, a multi-year plan must be established to prevent fraud and embezzlement.

Stage I

The survey is designed to identify the processes having a high risk of fraud and embezzlement and the existing principal controls.


Stage II

As part of this stage, we check for the ability to perpetrate embezzlement at the audited organization, taking into consideration the weaknesses and loopholes in the internal control framework.  The audit is based on inter alia the “criminal mind” and an understanding of the many and varied methods of fraud in other cases.  At the conclusion of this stage, we will present:

  • Embezzlement scenarios that are relevant to the operations of the organization and the controls in place to contend with these scenarios.
  • Recommendations for improving the internal control framework, based on cost-benefit analyses of each proposed solution.

Stage III –  preparing a continuous program for prevention of frauds and embezzlements
Based on the embezzlements scenarios found in the previous stages to be high risk, focused control and tests should be implemented with a goal of strengthening the control framework in order to prevent these scenarios from occurring.  As part of these controls we would recommend:

  • Generation of periodic sophisticated reports to identify deviances
  • Performance of periodic sample tests (e.g. in the payroll and purchasing processes, etc.)
  • Staging “dummy” embezzlement and fraud scenarios in order to test the Company’s internal control framework
  • Checking documentation in order to assess scenarios found to be high risk.



Shay Medina, CPA

Contact us