Prevent Fraud with a “Perception for Detection” was published by JD Supra on 2/27/19.
There is a reality that fraud can occur at every level of a business. Every day businesses provide to their employees, peers and partners with internal resources, currency, checks, access to accounting systems, clients and other proprietary information. An increasing “perception of detection” is widely believed to be the most effective fraud prevention method within an organization. How a business disseminates the perception that fraud is being monitored and detected will lessen the probability of occurrence. Directors, officers and employees in an organization should ask themselves if what they are doing is legal, is it something permitted/encouraged in the organization and what could happen if the information goes public.
A Fraud Checkup List is important
The Association of Certified Fraud Examiners (ACFE), the world’s largest anti-fraud organization, has developed a Fraud Prevention Checkup that serves as a self-check for determining if adequate fraud prevention systems are in place within an Organization. The Checkup list consists of the following:
- Is there a process for fraud oversight? To what extent are the Board of Directors and Audit Committee involved?
- Is there ownership of fraud risk? Are members of senior management responsible for managing fraud risk across the organization, and for communicating with all business unit managers that are responsible for managing risks within their areas?
- Is there an ongoing assessment of fraud risk?
- Are there tolerance metrics for fraud risk? Has the Board of Directors approved the tolerance for different types of fraud risk? Some fraud risks are more tolerable and are associated with the risk of doing business. Other fraud risks can create financial as well as unwanted and unacceptable reputational damage.
- Is there a management policy for fraud risk? Is there a policy approved by the Board of Directors that identifies the “risk owner” responsible for managing fraud risk and identifying which risks will be rejected (rejecting certain types of business, transferring to third parties or internally managing the risk).
- Are there implemented measures for fraud risk? Are there measures to eliminate or minimize fraud risks identified in the risk assessment through process reengineering (segregation of duties, asset custody and recordkeeping/reporting transactions)? Are these measures designed to prevent, deter and detect the fraud risks identified in the assessment?
- Is the environment in the work place anti-fraud? Is there a strong emphasis on promoting ethical behavior deterring wrongdoing and encouraging all employees to communicate suspected or known wrongdoing to the appropriate person?
- Is there Proactive fraud detection? Are there fraud detection tests in place such as audit hooks and email monitoring?
There is a need for Organizations to create an environment, and implement appropriate controls for detecting fraud ahead of time
Some of the processes that an Organization ought to consider in order to promote ethical behavior, discourage wrongdoing and encourage communication are:
- Have a senior member of management openly communicate difficult issues that the organization is facing.
- Have a Code of Conduct with employee annual compliance confirmation.
- Training for all employees – at hiring and ongoing.
- A Helpline that might include an email or telephone line for employees. Anonymous tips ought to be welcomed.
- Prompt investigations, measures and resolution in place.
- Survey employees to measure if goals are being achieved.
- Incorporate ethics/compliance and fraud prevention goals to employee performance.
Management is Responsible for Fraud Risk Management
US Regulations including the Foreign Corrupt Practices Act (FCPA), Sarbanes-Oxley Act and Anti-Bribery legislation require that Management in a business have a zero tolerance for fraud and have an Audit Committee in place that will establish the procedures for receipt of complaints and anonymous employee tips with respect to irregularities in accounting methods, internal controls or auditing matters. Management is also expected to explain its:
- understanding of all regulations that apply to fraud
- programs in place to manage fraud risk
- steps being taken to detect and prevent fraud
- process in place to investigate fraud
- process in place for Corrective action
Don’t be a Victim of your own making
Consult a Certified Fraud Examiner (CFE) to ensure that your Organization has the appropriate controls in place to manage fraud risk. A CFE can assist a business in the creation and implementation of an effective fraud prevention program