3 Steps To Protecting Your Business From Workplace Fraud

Published October 12, 2017

Every few months, a major fraud investigation hits the news. According to a new report titled Keeping Business Clean: A CGMA Guide to Countering Fraud & Corruption by the Association of International Certified Professional Accountants, despite awareness movements and advances in legislation, fraud and corruption continue to plague businesses. 

The World Economic Forum estimates that the typical organization can lose an average of 5 percent of its annual revenue to fraudulent behavior. The risk of fraud is increasing in magnitude in the current e-business environment since technology has enabled the methods of corrupt practices to evolve. 

Cybercrime, for example, and the multiple guises of it, including executive impersonation as well as internal cyber attacks, has become prevalent.

Fraud can have a huge impact on a business and its stakeholders, and it’s important for organizations to take steps to protect themselves. Many frauds are detected accidentally or as a result of tip-offs, catching companies off guard. 

However, this doesn’t need to be the case. While it’s not possible to eliminate all fraud, developing an effective fraud control system, including prevention, detection and response, can result in fraud deterrence in your organization. 

Fraud prevention

While there is no single reason behind fraud, three factors come together to enable it, known as the Fraud Triangle: the opportunity to commit fraud, a compelling reason to do so, and the ability to rationalize why it’s OK. Rationalization is difficult to address since it’s very personal, so fraud prevention is about controlling the opportunity and reducing the motivation — i.e., increasing the fear of being caught. This is achieved through two key elements: developing a culture of ethical behavior and a sound internal control system. 

In terms of culture, it’s important for senior executives to lead by example and set a strong tone from the top. Developing an anti-fraud policy and asking employees to sign a code of ethics also sends a message that fraud will not be tolerated, and encourages employees to identify instances where it’s occurring.

 

Second, it’s critical to implement an internal control system with policies and procedures designed to restrict opportunities and decrease the temptation to commit fraud. This may include:

  • Employee training to create awareness of what constitutes fraud

  • Background screenings, which can prevent the company from hiring people who have a greater propensity to commit fraud

  • Control mechanisms that divide responsibilities, also referred to as segregation of duties, such as requiring a minimum of two signatories to operate a bank account 

Fraud detection

Fraud prevention cannot be 100 percent effective, so organizations need to implement a second level of controls focusing on fraud detection. Here, keeping a close watch over fraud indicators is key. Fraud indicators include a lack of internal controls, poor processes and issues around transactions.

Fraud detection controls should include:

  • Strict processes — and monitoring of them. Fraud detection requires specific activities to be carried out at a transactional level in order for the company to detect anomalies. The use of technology makes this process much more effective.

  • Physical and electronic asset tagging. This enables the company to track high value assets — the threat of which may actually prevent fraud, but helps the company detect and respond to fraud if it does occur.

  • Whistle-blower protections. Employees are the main source of fraud detection and escalation.

The finance function in particular plays a critical role in assessing and addressing fraud risks and occurrences, given their position overseeing company finances and assets. Guided by their code and training, they’re also prepared to be vigilant in identifying and alerting the company to fraud and corruption, and in a position to challenge information that seems suspicious.

Create an environment that nurtures speaking up and provides clear routes to addressing any concerns. Whistle-blower policies and hotlines give employees an easy way to provide a confidential tip-off. 

Fraud response

Finally, a response plan is necessary to deal with any fraud that is suspected or actually detected. This provides a step-by-step procedure to help contain the damage. The plan should also detail evidence-gathering procedures to facilitate informed decision-making and make sure that any legal action can be adequately supported. Steps may include:

  • Conduct a thorough investigation. You may need to use forensic accountants, depending on the type of fraud. Review evidence, conduct interviews and take statements from witnesses and suspects. Also, maintain an investigation log that includes all detections dismissed as minor or otherwise not investigated; this is an important tool for managing, reporting and evaluating lessons learned.

  • Recover the misappropriated assets. The theft or misuse of assets could include theft of plant, inventory or cash, false invoicing, accounts receivable fraud and payroll fraud. Recovering the assets as best as possible is a key step. Recovery may require legal action and enforcement; this action becomes a strong signal and deterrent to future fraudsters.

  • Report the fraud externally. A plan to report the fraud to authorities is important for compliance and legal issues; it may also be necessary to communicate with stakeholders and provide assurance that the fraud is being dealt with in an effective manner.

Unfortunately, no company is immune to fraud. However, organizations that approach the risk of fraud in a systematic manner with formal systems and procedures can help deter and effectively manage fraud when it does occur.

(Source: AICPA - CPA Letter Daily - August 30, 2017)