Imagine an open window next to your organization’s most liquid asset — cash. Suddenly a gust of wind blows the cash outside. Your first response (after attempting to collect the cash, of course) would be to shut the window, as doing so eliminates the risk of additional loss.
Unfortunately, many organizations let cash float right out the window due to instances of occupational fraud, often to a point where losses produce irreconcilable damage to the organization. According to a study published by the Association of Certified Fraud Examiners (ACFE), at the time the survey was conducted a staggering 58 percent of organizations hadn’t recovered any of their losses.
So what should businesses do to close those proverbial windows and guard against fraud? Develop a fraud prevention plan. A fraud prevention plan is a method that proactively identifies and removes the causal and enabling factors that contribute to fraud (such as poor tone at the top, inadequate segregation of duties, lack of a code of ethics, employee training, or a hotline). It can be seen as the cumulative effect of preventative and detection systems incorporated by management.
A fraud prevention plan will support your organization’s efforts to mitigate losses due to occupational fraud. It may not stop fraud from occurring altogether; however, organizations with active plans, which include anti-fraud controls, report lower losses and faster detection.
Fraud prevention plans have many shapes and sizes; however, all have the same eight key steps:
- Oversight.
The plan must have a responsible advocate to determine accountability and ensure acceptance. The advocate should have the authority and status to make changes. - Identification.
A fraud prevention plan requires an accurate picture of the organization’s risks. Fraud risks vary greatly between industries, and even organizations, due to multiple factors, including types of materials used in production, size of operation, physical location, etc. - Evaluation.
Review the control procedures in place. Make sure the existing controls are appropriately addressing key risk factors. - Remediation.
If you’ve identified unaddressed risks, revise and/or add control steps. Further, remove controls that are no longer appropriate. - Communication.
Fraud guidelines can be included in the employee handbook to define ethical standards that employees are expected to adhere to and to state consequences for noncompliance. The ultimate goal of communication is to create a culture of intolerance for fraud throughout an organization. - Education.
Ongoing training for new hires and existing staff is critical. Management must clearly communicate zero tolerance for fraud and reinforce the message on a regular basis. Programs for staff members should contain discussions on how and where fraud occurs and reinforce specific responsibilities at varying levels of the organization (staff, manager, audit committee). It’s important to continue to create awareness at all levels. You won’t be able to assess the effectiveness of the fraud prevention plan if employees aren’t using it. - Monitoring.
Once implemented, the plan needs to be monitored by an employee with enough authority to ensure the effectiveness of the plan and take appropriate action if it becomes ineffective or a preventative or detective control is compromised. Frequently review benchmark data presented in ACFE reports or in industry publications. This will help put the organization’s results in perspective. If significant differences are noted between the reported statistics and your organization’s performance, dig deeper to understand those variances. - Review.
Just as your business doesn’t remain the same (new products, new employees, regulatory changes, new software system, etc.), your fraud prevention plan shouldn’t remain the same. The plan should be reviewed consistently, especially after significant industry or organization events (layoffs, a hiring surge, meaningful growth, etc.). Even the most comprehensive fraud prevention plan can be overtaken by changes in the environment if the plan’s effectiveness isn’t regularly monitored.
Occupational fraud affects organizations of all sizes and industries. Failure to take a preemptive approach and put procedures in place to combat fraud could leave your organization exposed. That’s why a fraud protection plan is so important. Creating a plan that proactively identifies, assesses, monitors, and reviews your fraud risks actively shuts the windows a fraudster hopes to exploit. Maintaining the plan keeps them that way.