Imagine an open window next to your organization’s most liquid asset — cash. Suddenly a gust of wind blows the cash outside. Your first response (after attempting to collect the cash, of course) would be to shut the window, as doing so eliminates the risk of additional loss.
The plan must have a responsible advocate to determine accountability and ensure acceptance. The advocate should have the authority and status to make changes.
A fraud prevention plan requires an accurate picture of the organization’s risks. Fraud risks vary greatly between industries, and even organizations, due to multiple factors, including types of materials used in production, size of operation, physical location, etc.
Review the control procedures in place. Make sure the existing controls are appropriately addressing key risk factors.
If you’ve identified unaddressed risks, revise and/or add control steps. Further, remove controls that are no longer appropriate.
Fraud guidelines can be included in the employee handbook to define ethical standards that employees are expected to adhere to and to state consequences for noncompliance. The ultimate goal of communication is to create a culture of intolerance for fraud throughout an organization.
Ongoing training for new hires and existing staff is critical. Management must clearly communicate zero tolerance for fraud and reinforce the message on a regular basis. Programs for staff members should contain discussions on how and where fraud occurs and reinforce specific responsibilities at varying levels of the organization (staff, manager, audit committee). It’s important to continue to create awareness at all levels. You won’t be able to assess the effectiveness of the fraud prevention plan if employees aren’t using it.
Once implemented, the plan needs to be monitored by an employee with enough authority to ensure the effectiveness of the plan and take appropriate action if it becomes ineffective or a preventative or detective control is compromised. Frequently review benchmark data presented in ACFE reports or in industry publications. This will help put the organization’s results in perspective. If significant differences are noted between the reported statistics and your organization’s performance, dig deeper to understand those variances.
Just as your business doesn’t remain the same (new products, new employees, regulatory changes, new software system, etc.), your fraud prevention plan shouldn’t remain the same. The plan should be reviewed consistently, especially after significant industry or organization events (layoffs, a hiring surge, meaningful growth, etc.). Even the most comprehensive fraud prevention plan can be overtaken by changes in the environment if the plan’s effectiveness isn’t regularly monitored.