Business Fraud Prevention: A Contrarian’s Take on Best Practices

Many professionals think effective business fraud prevention is just wishful thinking. If that’s true in your case, it’s time to question your beliefs. The reality is there’s a lot we should be doing to manage risks better in our organizations. 

Where Most Organizations Get Business Fraud Prevention Wrong

Management of any business risk is built on three levels. And managing the risks of business wrongdoing, misconduct, employee theft, and outright fraud fit neatly into this three-level framework.

• Level one is specific risk identification and significance assessment as the foundation for effective business fraud prevention infrastructure controls and human behaviors. In short, it’s about determining what can go wrong and how important it would be. 
• Level two is the quick—ideally immediate—detection of wrongful acts that slip through despite our best prevention efforts.
• Level three is the prompt handoff of suspected wrongdoing and fraud to experts trained and authorized to handle it.

Pretty much common sense, right?

But if that’s true, why is there so much business fraud in the news every day? And why is the frequency and size of these cases greater than ever before—and continuing to trend upward?

Well, this 45-year auditor and “professional contrarian” has the answer. Organizations have failed to recruit and effectively train every employee in their business fraud risk management roles.

Again, common sense, right? So why isn’t it common practice?

Read on to learn how to close this Grand Canyon-sized gap in your anti-fraud efforts.

What Solid Business Risk Management Looks Like 

First things first… Effective business fraud prevention requires solid risk management. And business risk management is built on two foundational features: 

1. A strong fraud prevention infrastructure 
2. Effective human skills execution

Let’s take a closer look at these two features… 

Fraud Prevention Infrastructure

The risk management infrastructure is composed of about a dozen specific components that, taken together, create the potential for preventing or at least deterring fraud. And the more of these components you have in place, the stronger the defense.

For now, I’ll offer just a comment or two on each component. Some are common sense and don’t need explanation. But a few might benefit from a conversation. (Just let me know. I’m here to help.)

1. Assemble & Authorize the Anti-Fraud Leadership Team

Your anti-fraud leadership team might include the Chief Risk Officer if you are fortunate to have one (or, in their absence, the CEO or equivalent), the Chief Financial Officer, the Chief Information Officer, the Chief Counsel, and the Chief Internal Auditor. If they are part of your executive management team, the Chief Risk Officer should lead business fraud prevention efforts.

2. Find, Retain, and Train Subject Matter Specialists

In addition to the leadership team—and depending on industry and organization needs—subject matter support experts should be found in compliance, internal controls, loss prevention/security, human resources, procurement, facilities/construction, and other departments. Build a checklist of the specialists you’ll need. Then retain and train them to be ready should the alarm sound.

3. Perform Comprehensive Risk Assessment and Cost Measurement

There’s an old concept that’s a key part of any business improvement or quality initiative: What gets measured tends to improve over time. As a contrarian, I’ll go much further. 

Failure to measure the true cost of existing wrongdoing and fraud with precision will likely doom prevention efforts to eventual collapse. 

ROI drives business decisions—and prevention efforts ROI can’t be known without getting the leadership team in a room and figuring out what the current cost actually is. Once done, you have a starting point for improvement.

4. Develop Living Policies and Useful Relevant Procedures

Policies memorialize requirements and expectations, whereas procedures lay out approved action protocols. Both are important components of your business fraud prevention infrastructure. But they must also be useful and efficient and reflect the real-world challenges of day-to-day mid-level management and staff responsibilities. 

Can you say that about yours?

5. Design, Install, and Maintain Effective Anti-Fraud Controls

Internal controls mean many things to many people. But in their simplest form, relevant fraud prevention controls cover these five stages:

• Transaction initiation
• Documentation
• Review
• Approval
• Processing 

Effective business fraud prevention controls look at what should or could happen at each of these five stages to block wrongful activity from taking place.

6. Require Department-Level Fraud Risk Brainstorming

Department-level brainstorming looks directly at what can go wrong right in the department. It focuses on the documents, transactions, and relationships that the staff in each functional group can see, touch, and analyze. And it builds a bridge from identified risks to the corresponding red flags and symptoms staff can see and respond to quickly before losses occur. 

Build the brainstorming agenda and exercises now. And look hard at the best delivery method. Virtual efforts are fine. But getting everyone in the room to kick around ideas is much more effective.

7. Monitor and Analyze Data

This infrastructure component is simple to comprehend but critical to get right. For managers, supervisors, and staff to identify threats, they need transaction and relationship data prepared and made available ASAP. Plus, it needs to be in a format that allows for quick review and analysis before any approve/deny decision.

8. Pay Special Attention to 3^rd Party Relationships

Third parties like suppliers, contractors, consultants, joint venture partners, and others all have their own business objectives. We trust them to represent our interests under whatever documents govern the relationship. But they are not our employees and may or may not share in our profit, service, quality, or other goals. That gap creates exposure that deserves extra attention in our business fraud prevention efforts.

9. Build Useful Employee Skills Training—Tailored to the Job

Here’s a question for you: Are fraud prevention skills for your executives, managers, and key control staff a core competency they bring to their jobs? Let me tell you the answer: No, they are not. Yet few organizations recognize this gap between expectations and skills, and fewer still do anything proactive and meaningful about it. Step one is to identify the skills needed and build them into a training program that results in participants feeling, “Now that was useful to me and my work!”  Step two is the delivery of the anti-fraud skills training. We’ll cover that below.

Effective Human Skills Execution

Once the infrastructure is in place, it’s time to address the human component of business fraud prevention. Again, just a few supporting comments on each, but reach out if you want to discuss or would like more information on any or all.

1. Offer Consistent Visible Vocal Support—At Every Manager Level

Supervisors at every single level—“from the CEO to the factory floor”—must speak up about their support for preventing fraud and protecting the organization. Then they need to walk that talk through their own daily attention to details and example for their team to copy.

2. Recruit Everyone, State Expectations, and Ask for Help

Visible vocal support is backed up by three simple tasks. 

• Reach out to every staff member and ask them personally to help fight fraud “on their watch.”
• Explain expectations for getting it right the first time, for preventing errors, and for speaking up when something looks strange. 
• Say thanks for being an important part of the solution. 

That personal pitch directly from supervisor to staff breathes life into policy statements.

3. Schedule and Lead Department-Level Fraud Risk Brainstorming

Okay, it’s time to get everyone on your team talking. Preparing the brainstorming session agenda, examples, and format was discussed under the infrastructure section above. Now let’s get them together for an hour at your next staff meeting to toss around ideas. How could someone get us is the theme. And how could we see it and react quickly is the action takeaway.

4. Deliver Useful Employee Skills Training—Tailored to the Job

Ideally, you built the business fraud prevention skills training as the last component under infrastructure, which was discussed above. Now it’s time for delivery. Effective behavior-enhancing training comes from a combination of live in-person sessions, virtual recordings and reminders, written checklists, supervisor and fraud specialist coaching, and peer group discussion and support. Build the formal training objectives, structure, and content. Then deliver it across as many formal and informal options as possible.

5. Share Past Cases and Related Lessons / Learning Points

The details of past cases should be shared to the extent possible. Names and locations aren’t important. What happened, how it happened, what red flags popped up, and how it was caught contain the relevant learning points and action steps.

6. Address and Correct Flawed Beliefs

Ask staff what they believe about fraud and their role in prevention. Discuss and correct any flawed or incorrect beliefs. Be open about it. Let people talk about what they believe, and help them listen as you guide them toward better beliefs where needed.

7. Explain Why Controls Fail

A wise person once told me, “All controls fail over time.” And I’ve found it to be very wise counsel indeed. Things change, people get busy and distracted, seasoned experts move on, and other priorities crop up every day. And before we know it, controls begin to lose their effectiveness and eventually fail to prevent problems such as fraud. Keep controls alive, including being aware of why they usually die a slow death and ultimately fail.

8. Empower and Require Employees to Take Action

Supervisors: Tell your people exactly what you want them to do to prevent fraud—and then provide the time and tools they need to do just that. When they speak up, listen.

9. Hold Managers Accountable

There are four anti-fraud responsibilities for every manager: 

1. Be aware of what can go wrong in your areas of responsibility. 
2. Do your best to prevent it from happening on your watch. Meaningful controls backed up by daily behaviors are the key. 
3. When despite best efforts something slips through, find it fast. 
4. Speak up about suspected wrongful acts and transactions. Refer them to the experts designated by your organization for handling suspicions.

And yes, this goes for every manager in your organization. 

10. Preach and Teach—At Every Opportunity

This one is common sense. Never miss an opportunity to preach to your team about their role in preventing wrongdoing and fraud. Teach them what they need to know. Encourage them to be vigilant. And thank them for their help in your business fraud prevention efforts. Preach and teach as often as possible.

Prioritize Business Fraud Prevention as an Ongoing Process 

One last thought. Business fraud prevention isn’t a one-time event. It’s not the flavor of the month. It’s not the thing we focus on today and forget tomorrow.

It’s a daily campaign sustained over time and should become part of the muscle memory of every leader and staff member.

Our job is to move the organization in that direction by identifying and shoring up weaknesses in our infrastructure and the blind spots in behaviors. Start with the list in this article.And again, reach out if you need help!