When it comes to fraud, many executives default to thinking either it won’t happen here, or we don’t have the resources to do anything differently. But there are five practical steps to prevent fraud that every company can manage.
1. Set Appropriate Corporate Governance
Preventing fraud starts with appropriate corporate governance. Appropriate corporate governance is set by the organization’s upper management, i.e. “tone at the top”. Upper management projects its integrity onto the entire organization.
When upper management is perceived as ethical, this tends to filter down into the rest of the organization. Consequently, when upper management is viewed as immoral, this may have a negative effect on the ethical environment of the organization.
To set an appropriate tone at the top, upper management should encourage ethical behavior via transparent means. Examples include an ethics policy, mission statement, or employee handbook, all of which should strongly reinforce the importance of ethical behavior. Such communications should also stress that unethical behavior will not be tolerated. This will help serve as a fraud deterrent.
2. Assess Fraud Risk
Assessing the risk of fraud within the organization is important because it can point to where internal control deficiencies exist and where the organization can improve. Assessing fraud risks can be done by brainstorming ways which the organization could be defrauded. Internal control assessments may also be performed to assess fraud risk.
Once your organization’s fraud risk assessment is complete, it is important to put together an action plan to address areas of weakness.
3. Implement Fraud Prevention Techniques
Effective fraud prevention techniques revolve around strong internal controls. Internal control starts with appropriate corporate governance and organizational level controls.
Organizational level controls are controls which apply to an organization as a whole, and not just to certain areas.
Examples include having strong ethics and HR policies. It is also important for the organization to do their homework and perform background checks, including criminal, civil and credit.
An employee should continue to be exposed to the HR policies of the organization subsequent to the hiring process.
Examples include having an employee sign a yearly ethical conduct affidavit, and carry out employee ethics training.
In addition to organizational level controls, functional level controls are also very important in fraud prevention. Functional level controls exist at lower levels within an organization.
Examples of functional level controls include segregation of duties, access controls, and account reconciliations.
Segregation of duties is important because it makes it difficult or impossible for a fraudster to act alone when committing a fraud, which significantly reduces the likelihood of fraud occurring.
Examples of segregation of duties include requiring checks be signed by two people, separating the cash disbursements/purchasing and the cash receipts/billing functions, and requiring approvals for manual changes to the organization’s information system. Examples of manual changes which should require approval include adding vendors to the vendor master file, adjusting compensation levels in the payroll system, and writing off uncollectible accounts.
Access controls are integral to preventing fraudulent activity because they deny certain employees from having the opportunity to defraud the organization. The organization should consider which employees absolutely need access to various aspects of the organization’s facilities and systems and prevent everyone else from having access.
There are two types of access controls:
- Physical Access – Examples of physical access controls include locking outside doors, and using keys or badges which only grant access to important areas to required individuals. Examples also include locking outside doors of the building, having a security guard, and locking sensitive areas of the building such as the server room, administrative offices, filing cabinets, or safe.
- Logical Access – Logical access refers to access to the organization’s information system.Similar to physical controls, logical access to certain aspects of the organization’s information system should be restricted to only the necessary individuals.
For example, only accounting employees should have access to the general ledger, only payroll/HR employees should have access to compensation data, and only sales employees should have access to customer quotes. Each of these areas contain sensitive data which may harm the organization if it falls into the wrong hands.
4. Enlist Fraud Detection Techniques
Fraud detection techniques are used to detect a fraud which has already taken place. This may be more costly than fraud prevention since damage has already occurred. Many of the fraud detection techniques discussed below serve dual purposes, as their presence may deter fraud and thus also be a fraud prevention technique.
Forty-three percent of all frauds detected are reported via a tip.
Therefore, it is important to have a fraud hotline available for employees to anonymously report fraud or other unethical behavior.
It is also important that upper management encourages employees to report unethical behavior. This allows employees to feel comfortable when deciding to report an issue and allows for open lines of communication.
Fraud may also be detected by analytical review and account reconciliations. Analytical reviews which should be conducted include budget to actual, horizontal and vertical analysis, and expense analysis.
An organizationâ€™s internal audit function may also assist in fraud detection. Detection controls such as a hotline, reconciliations, security cameras, and internal audit may also serve as a fraud deterrent and prevent an employee from attempting a fraud in the first place if there is a perception of being caught.
5. Create Reporting and Investigation Processes
The final step to preventing fraud is the reporting and investigation process.
This process includes evaluating the fraud allegation and implementing a corrective action.
When trying to prevent future frauds, it is important to have an appropriate corrective action for a fraud which has occurred. For cases when appropriate, criminal convictions should be sought to show the organization is serious about holding employees to its ethical standards. Swift and decisive action will also send a message to other employees and will show that the organization will not tolerate unethical behavior and will show that violators will be punished.
While the return on investment must always be considered, the cost of inaction cannot be ignored. Implementing even a few of the recommendations above may substantially reduce your exposure to unethical activity.