Definition of Fraud
The term ‘fraud’ commonly includes activities such as theft, corruption, conspiracy, embezzlement, money laundering, bribery and extortion.
Even in a rapidly changing business environment with emerging technologies and constant challenges, at the core of every organization is its employees — those carrying out operations, executives, administrative personnel, and even the board. Employees are faced with an increasing pressure to meet the bottom line at work and at home, and they can be exposed to a variety of ethical dilemmas. These dilemmas can tempt employees to commit fraud against their employer.
The cost of occupational fraud can be minimized with fraud prevention. Depending on the size and complexity of an organization, internal audit can be called on to recommend improvements or evaluate an organization’s controls and commitment to fraud prevention. An organization’s internal controls are not always specifically designed to prevent fraud; however, often there are fraud prevention components inherent in internal controls related to the control environment, segregation of duties, and monitoring activities.
Different types of fraud
Fraud can mean many things and result from many varied relationships between offenders and victims.
Examples of fraud include:
Øcrimesby individuals against consumers, clients or other business people
Øemployee fraud against employers, e.g. payroll fraud; falsifying expense claims; thefts of cash, assets or intellectual property
Øcrimesby businesses against investors, consumers and employees Øcrimesagainst financial institutions,
Øcrimesby individuals or businesses against government, Øcrimesby professional criminals against major organisation Øe-crime by people using computers and technology to commit crimes
Control environment
The control environment is one of the interrelated components of internal control, and it is vital in establishing an effective fraud-prevention culture within an organization. A visible commitment to fraud prevention can exhibit to employees the importance of antifraud measures to the organization. Control activities related to fraud prevention can be evident in the hiring, onboarding, and training of employees, as well as the organization’s policies and procedures.
During the hiring pro- cess, companies may conduct background checks, validate references, or confirm certifications. Certain fields or industries may require background checks, which can serve as a first point of communication regarding an organization’s tolerance of fraudulent activity.
The introduction to the organization’s mission and values typically occurs during the onboarding process. This can be an opportune time to distribute and explain the code of conduct, code of ethics, or a separate fraud policy. Taking time to discuss the firm’s policies and procedures thoroughly can be an effective measure in fraud prevention.
For example, organizations subject to bid requirements should maintain sufficient documentation to support compliance with established protocols in place. Policies and procedures should be clearly defined, published, readily available, and required to be read and acknowledged annually by employees to correspond with terms of employment.
Fraud-related training can reinforce the importance of anti-fraud, waste, and abuse measures to the organization. To be effective, training that promotes fraud prevention should be tailored to the role and duties of the individual employee. Mandatory, continuous training for employees who progress within an organization can be implemented based on individual job responsibilities and within a department’s specific function. This can equip employees with the skills to detect fraud, and also educate employees about what to do when fraud is suspected.
Companies may opt to use hotlines for fraud reporting. Depending on available resources, an organization’s fraud reporting hotline may be third-party managed, in-house, or a combination of both. Information regarding the fraud report- ing hotline should be communicated during training, readily available, and publicly displayed in common areas so it is visible to all employees.
To build the trust of employees in the fraud-reporting process, disseminated materials should con- tain information regarding how hotline tips are evaluated, and what level of anonymity and confidentiality can be assured for the tip-reporting employee.
Segregation of Duties
The organization should provide employees with the authority to carry out their duties, but no single employee should have the ability to create, execute, and monitor activities within a business function. For example, in payroll processing, there should be separation between the ability to approve payroll, write and sign checks, receive bank statements, and reconcile those bank statements. In this instance, an accountant or other financial personnel could approve payroll, write checks, and reconcile bank statements; whereas an executive director could sign checks, receive and open bank statements, and review bank reconciliations.
The size of an organization can create complexities related to segregation of duties. Small organizations can experience challenges because of staff size limits. Careful consideration should be made so that no single employee has complete control over all aspects of a process or function. However, large organizations can experience distinct challenges because of the potential overlap of job duties among multiple departments, which can require a more concerted effort to deter- mine whether job responsibilities are adequately segregated.
Regardless of the size of an organization, controls should be designed and implemented so they cannot be over ridden without appropriate authority. Insufficient safeguards and consideration for employee responsibilities can lead to collusion. Segregation of duties should occur at all levels of an organization and be relevant to each specific function.
Comprehensive Monitoring
Monitoring implemented controls not only provides oversight, but it also can gauge compliance with established policies and determine whether controls are operating as intended. For example, controls established to segregate employee duties will be ineffective if those employees disregard controls in place. Ineffective controls can create the opportunity for an employee to perpetrate fraud. Monitoring should occur at all levels of an organization and not be limited to day-to-day operations.
Before establishing monitoring procedures, those responsible for monitoring activities should perform a fraud-risk assessment. Analytics are often used, but there are additional resources for an organization to consider.
Employees are a valuable resource because they are close to the operations responsible for achieving components of the organization’s goals. Those performing the fraud-risk assessment should use the skills and knowledge of employees to strengthen monitoring activities. Employees can provide insight on how someone might circumvent current controls, which in turn can help an organization strengthen controls designed to prevent the occurrence of fraud. The involvement of employees in the fraud-risk assessment pro- cess provides them with increased fraud awareness. They can become more knowledgeable of fraud terms and schemes such as asset misappropriation and procurement fraud. Lastly, involvement of employees fosters continuous training and rein- forces the organization’s established policies and procedures.
Publicizing monitoring activities within the organization can help deter employees from committing fraud because they realize the likelihood of detection is increased. Monitoring can serve as a preventive measure within the organization and can also minimize the duration of fraudulent activity.
As businesses grow or are redefined, fraud often presents itself unpredictably. Organizations that ignore the occurrence of fraud or maintain the “it can’t happen here” mind-set may find themselves dealing with increasing fraud-related costs. Carefully designed and monitored preventive measures are crucial in the fight against fraud.
A holistic approach to fraud management
Fraud has often been compared to a balloon, since pressing on one place in the balloon just forces the air into another. Like the air, fraud moves from one inefficient process to another within an organization.
When we stop transactions or decline claims without prosecuting the person responsible and without fixing the inefficient processes to begin with, we are training fraudsters to just keep trying. This cycle teaches people who are bent on criminal behavior how to attack your system. Many times you need to follow the suspect, rather than just disconnecting, in order to convict and eradicate. Indeed, business changes can often have a big impact on your fraud exposure, making it essential to be active and elastic in fraud prevention – not just fraud detection – and to use technologies that will grow as your needs grow.
A fraud framework is a complete set of processes that access and integrate data, produce alerts, provide holistic reporting, control workflows and case management, and learn from past experience to become – and remain – effective.
Fraud continues to be a major concern and that concern continues to grow. Currently, there are more white collar workers unemployed than ever before – and fraud is a white collar crime. The “fraud triangle” describes three factors present in fraud: motive, rationalization and opportunity. With a highly skilled unemployed population, these causal factors make for a trained, motivated and potentially desperate group of people. Add to that the Internet access available to so many people today and you have a toxic mix.
