While data breaches have dominated the news cycle, The Wall Street Journal’s “Risk and Compliance Journal,” reports that fraud is actually much more common, even if it generates fewer headlines.

6-28-2012.png?width=300In the fiscal year ending March 31st, 2015, instances of retail fraud averaged a 94% increase from the prior year when calculated by average loss of revenues. Industry reaction to this news has been relatively predictable: as many companies have decided to devote a higher percentage of their budget to preventing fraud. However, the cost of blindly applying risk mitigation activities has resulted in an unacceptable 1.32% reduction in total revenue. Indiscriminately applied screening and cookie cutter control implementations means more red flags, and more red flags means more time and resources expended evaluating potential problems.

The inability for organizations to manage the risk-reward trade-off related to their fraud detection and prevention strategies has resulted in inefficient mitigation activities, more false alarms, unnecessarily harassed customers, and ultimately has translated into less revenue.

Why Best Practice Risk Assessments are Needed

To both prevent fraud and maintain high efficiency levels, organizations need to adopt a best practice risk assessments and frameworks to first identify and assess the risks they face on a daily basis. By prioritizing controls with more effective risk assessments, red flags that are in actuality benign won’t waste time and money.

So why have these bad-for-business, knee-jerk relations been implemented? Visibility is the answer. Data breaches are very often news-worthy because of their potentially major implications and headline value, they’re the classic high impact, low likelihood risk. Fraud, in contrast, occurs incrementally and has a cumulative effect, meaning there is usually no single, cataclysmic event that captures everyone’s attention, but the results can be equally devastating to the business.

The conclusion? Fraud, even though it doesn’t necessarily culminate in a bang like a big data breach can, poses just as much of an organizational threat. The numbers show that attempting to mitigate cybersecurity and fraud without first adopting and conducting best practice risk assessments, will lead to increased inefficiency. The first step to minimizing fraud is using a root-cause risk library to prioritize and escalate concerns across business silos.


To learn more about identifying specific risks and aggregating information at the strategic level with best practice risk assessments, download our popular eBook, “5 Steps for Better Risk Assessments.”

Votes: 0
E-mail me when people leave their comments –

Steven Minsky, CEO and Founder of LogicManager, is a recognized thought leader in risk management. Steven is well known for his precinct abilities to guide organizations through future risk events. Steven is a frequent speaker in the Energy, Financial Services and Cyber industries. While the first wave of COVID-19 caught many organizations by surprise, Steven predicted the pandemic impacts in January of 2020 and swiftly published action plans to help organizations prepare.

You need to be a member of Global Risk Community to add comments!

Join Global Risk Community


  • Unless & until, the risk assessment goals are defined in accordance with the organizational objectives, till such time it may amount to playing in the dark. Also, the Risk Assessment Policy in place plays a greater role in determining the areas that need to be concentrated upon to evaluate the threats/risks and to understand the vulnerabilities in the business. Awareness has to be created for fraud prevention within the set up. Frauds cannot be predicted. Frauds happen when detected. Therefore, Best Practices for Risk Assessment play an important role in many ways and also help in enhancing revenues as areas causing income leakage can be identified. I have observed that in banking industry, Risk Based Internal Audit (RBIA) has helped to a larger extent thereby enhancing efficiency and profitability since it ensures as to how best the Best Practices in Risk Assessment are implemented.

This reply was deleted.

    About Us

    The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.

    Business Partners

    For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!