By: Les Heitger
In last week’s article I discussed the importance of understanding the significant risk of fraud that all organizations face. Ignoring fraud risk enhances the chance it might occur and reduces a company’s ability to detect it in a timely manner.
Understanding that fraud risk is a major business challenge is typically not sufficient to prevent or detect fraud. Organizations should be proactive in implementing fraud prevention policies and creating systems of fraud detection.
An essential element of fraud prevention and detection is having an educational program in place to define your fraud risks, explain the key issues to prevent and detect fraud, and describe your organization’s fraud-related policies. Most employees have little knowledge of these issues, so such a program will significantly increase employee awareness — a crucial first step in fighting fraud.
Share your fraud risk policies with everyone in your organization — from board members and management to mid- and entry-level employees. Companies should clearly spell out behavior expected from employees.
For example, what are the policies for business travel expenses, personal use of company equipment, personal use of company supplies or inventory, and documentation for expense reimbursement?
Your fraud-related policies should be in writing and all employees should be required to read them and to re-read them periodically. When it’s clear to all employees that top management is fully invested in fraud prevention and detection, it sends a clear message that the fight against fraud is a major goal. This “tone-at-the-top” approach sends a clear policy message throughout the organization.
Of course, teaching employees about fraud risk does not stop those intent on committing fraud. So organizations must have other resources in place to fight fraud.
One major tool is to design and install controls making it more difficult to commit fraud. Controls, sometimes called Internal Controls, are systems or mechanisms designed to ensure that an organization’s assets are used for their intended purposes. Controls may be physical, such as locks and safes intended to ensure only authorized persons have access to assets. Other controls add layers of authority to activities, such as requiring two signatures on checks or multiple authorizations for purchases or work orders.
The nature and character of controls an organization creates depends on the type of organization, assets most at risk, size of the organization and risk level of the operations. Although additional controls make it more difficult for fraudsters to succeed, it does not prevent fraud if there is collusion or if controls are bypassed, as it is virtually impossible to completely eliminate fraud.
Fraud prevention systems and policies take time and effort as well as costing money, so you need to weigh that versus the benefits.
Although each organization experiences different fraud risks, some controls are common across business types: background checks when hiring, bonding employees, carrying fraud loss insurance, and holding unannounced cash or inventory counts.
It’s also a good idea to require ALL employees to take at least a two-week vacation each year, be aware of related party transactions and relationships, think outside the box — look for number, events, activities that just do not seem quite right, and carefully assess the level of fraud risk for each segment of the organization.
According to the Association of Certified Fraud Examiners “Report to the Nations”, the overwhelming source of information in detecting fraud is “tips” from employees and others involved in the organization.
Therefore, the most important fraud detection and prevention action may be to create a fraud hotline where employees and others can, anonymously if desired, report suspected fraudulent or other suspicious activities.
For large organizations with great amounts of assets at risk, there are powerful new tools available in the fight against fraud. Data mining, text mining and data analytics, digital forensics, augmented intelligence, data visualization and computer analytics are cutting-edge technologies that show great promise. These tools offer the possibility of early detection of fraud schemes, resulting in considerable reduction in fraud losses and sending a message that may act as a deterrent.
Fraud vigilance is logical and appropriate. Fraud prevention and detection programs do not suggest that companies don’t trust their employees. Instead, fraud vigilance may be the very thing that protects and defends the business and livelihood of the organization and its employees. These practices follow the adage: “trust but verify.”
Professor Les Heitger, Ph.D., CPA, is the BKD Distinguished Professor of Forensic Accounting in the School of Accountancy at Missouri State University. He is the National President of the Forensic Accounting Section of the American Accounting Association, he is co-author of “Forensic and Investigative Accounting,” and he teaches primarily graduate forensic accounting courses. He can be reached at firstname.lastname@example.org
This article appeared in the May 7th, 2016 edition of the News-Leader and can be accessed online here.