Reducing the risk of fraud from external and internal sources is something that all businesses have to consider at some time. Fraud is a serious problem that can damage or even destroy a business, particularly small- and medium-sized ones, which can’t afford the potential losses.
Now First Reference’s Finance and Accounting PolicyPro includes a dedicated fraud policy to address the seriousness of the issue.
Fraud can mean many things, as you’ll read in this new section. FAPP author Jeffrey Sherman says:
In a corporate environment, fraud generally refers to personal enrichment due to the misuse of corporate assets. More specifically, fraud refers to misappropriation, defalcation or similar irregularity, including but not limited to:
- Misappropriation of funds, securities, supplies or other assets
- Impropriety in the handling or reporting of money or financial transactions
- False accounting, false reporting, forgery or concealing information
- Unauthorized disclosure of confidential information
- Using confidential company information for personal gain
- Accepting or seeking anything of material value from contractors, vendors or persons providing services/materials to the company
- Destruction, removal or inappropriate use of records, furniture, fixtures and equipment
- Other dishonest actions
Does any of this sound familiar? Has your organization had to deal with employee fraud? Some cynical people believe that no organization is free from employee fraud. Even small organizations are hardly immune, despite the trust such employers place in their employees and the controls they have in place.
Consider these common misconceptions about employee fraud from author and security consultant John Case:
- Management doesn’t need to tell employees about policies on employee theft because they already know
- Well-paid employees are less likely to steal
- Honest and loyal employees will report other employees who steal
- Losses from shoplifting are higher than losses from employee theft
- Newer employees commit employee theft, while senior employees can be trusted
- Employee theft is detected in its early stages
And the reality:
- The opportunity to steal is more important than the need for money
- The majority of employee theft goes undetected by management
- Less than 10 percent of the employee population is responsible for more than 95 percent of the total losses from employee theft
- Nearly every business experiences some degree of employee theft
- Nearly one-third of all bankruptcies are caused by employee theft (Inc. magazine)
Last time I discussed fraud in the general context of good controls and managing risk. This time, the discussion is specific: what controls do employers need to put in place to discourage fraud before it happens, report and investigate fraud when it does happen, and manage the fallout. The risk is ever-present, and employers must be vigilant.
Besides implementing and communicating the new Finance and Accounting PolicyPro fraud policy, employers can implement a variety of practices and controls, depending on their size and resources. Consider the following strategies.
Designate a fraud committee or representative to receive allegations of fraud and ensure that action is taken. Naturally, all allegations must be in confidence, the identity of the witness must remain private, and the employer must promise not to punish any employee for making a non-frivolous allegation.
Educate all staff, management and higher-ups about fraud and the damage it can cause an organization, as well as any relevant policies and anti-fraud practices. Set a tone of trust and fairness from the highest levels of the organization. Set clear limits on employee behaviour in a code of conduct.
Examine all of your policies and practices to understand how they might be revised and strengthened to protect against fraud. For example, how stringent are your hiring practices? Do your employment agreements state that fraud is a firing offence? Could you place additional controls over money handling? How do you track company credit cards and mobile devices? Are your websites and networks secure?
Some of these controls are covered in other parts of FAPP, particularly under risk management. That’s because controls don’t have to be aimed directly at fraud in order to limit the risk of fraud. Sherman points out:
…policies designed to ensure effective internal control will also help prevent fraud. Apart from specific control techniques, having a strong control environment is an effective way of reducing the risk of fraud. This includes:
- Strong division of duties and separation of incompatible functions
- Good “tone at the top”—a culture of integrity and ethics
- Hiring qualified and ethical people
- Effective supervision
- Effective (and documented) policies and procedures
- Trained and motivated people
- An open environment where employees can ask questions and communicate within and across departments
- Monitoring both the ongoing processes in place to ensure that controls are working as well as ad hoc one-time (or more frequent) special reviews, such as internal audits
The Association of Certified Fraud Examiners offers a thorough “Fraud Prevention Check-Up” for free on its website.
Adam Gorley
First Reference Editor