How to protect your organisation against fraud
A recent survey found that more than half the world's largest companies were victims of fraud during the previous fiscal year, 25 per cent of them losing millions of dollars each during the previous five years. Many organisations are often too embarrassed to admit publicly that their employees have stolen from them. They fire the employees - but often fail to fix the underlying problems. In some places, trivial fraud and pilfering are accepted as normal practice. Fraud, to any degree, should not be tolerated. Before it's too late, it may be wise to implement fraud protection measures in your organisation…
1. Be aware: your staff are usually the villains.
Regrettably, your own employees pose the greatest threat when it comes to fraud - some are highly motivated to get rich quickly; they usually know what controls are in place; and they often have the ability to circumvent those controls and exploit company weaknesses.
Remember, the core element in all fraud is people; so effective human resource management in all forms is vital.
2. Check the references of potential employees.
Although previous employers are often reluctant to provide anything but confirmation of employment dates and positions held, as a rule they also do not want any other organisation burned by an unscrupulous worker. So, check all references - not just the last job held. As well, verify education qualifications and certifications - 'She claimed she was a CPA!' comes too late when the damage is already done.
3. Document and enforce policies and procedures.
Ensure that all internal control policies and procedures are well documented, communicated, and enforced. Your policies should address such issues as: Can staff accept gifts? When do gifts become bribes? When do hospitality and perks become corruption? When does pilfering become fraud? Written guidelines are needed so employees can differentiate between accepted custom and what is not acceptable. And how can suspicions of fraud be raised? Who is responsible for dealing with it? And how? If necessary, put in place an audit committee with a policy-development, monitoring, and investigative role.
4. Install safeguards to limit computer misuse.
Our dependence on computer technology has meant that almost all major fraud committed today involves the misuse of computers by staff who:
- establish phony accounts
- drain legitimate accounts
- purchase assets for private use
- change ownership of assets or ship assets to false addresses
- create phantom sales transactions
- give individuals rewards they have not earned.
The key to preventing this is to restrict access to sensitive transactions to those with a legitimate need and to monitor employee activities to ensure that misdeeds are detected and addressed. Tackle this issue through considering the use of:
- passwords which authenticate those seeking access to the network. To limit misuse of passwords, you may need to change them frequently, depending on the sensitivity of the material.
- firewalls which are programs that sit between your network and the Internet or other networks to reduce unauthorised access.
- encryption which prevents data intercepted by a criminal from being read, by encoding it with a special key known only to legitimate users.
- audit software which detects and responds immediately to suspicious or threatening computer transactions.
Databases integrated across departments also allow organisations to cross-reference information, and thus provide security-checks against fraudulant behaviour.
5. Review your vendor lists periodically.
A common fraud technique is to establish a fictitious vendor account. When signing a cheque payment, would you know the difference between IBM itself and a phony IBM Computer Inc.? And importantly, how would you know if the products were authorised or the services performed? Regularly print out and review your vendor master list to check that each vendor is authorised to supply goods and services, and compare this list with all payments made. Any discrepancy could be a cause for concern.
6. Regularly review bank statements.
Spotting fraud is like spotting pornography: 'I can't define it, but I know it when I see it'. Regularly review bank statements and cancelled cheques, enabling you to examine payees, endorsements, and cheque sequence.
7. Consider taking out insurance against fraud.
Insurance protecting employers against fraud is relatively inexpensive and worthwhile for all employees with finance-related responsibilities.
8. Take a stand against fraud.
The message about fraud and corruption must come loud and clear from the top and be reinforced with action. Be adamant that you treat the problem seriously. Define it clearly. Call it fraud if you find it. Use newsletters and seminars to explain your commitment to tackling it. Open up channels which allow staff identifying fraud to communicate their suspicions - around line managers if necessary. Never brush fraud under the carpet or be easy on it. Be seen to act when you uncover it. Remember, everyone in your organisation has a role in the process of spotting and preventing fraud.
