preparation for fraud incident

Fraud Prevention Tip #43: Build The Response Team Before It’s Needed

Near our home, there’s a city firehouse. Inside 24 hours a day are trained professionals ready to go when the alarm sounds. Their equipment is maintained in outstanding condition, their trucks are fueled, and their protective jackets, boots and helmets are already in place. They don’t wait for the alarm to go off before thinking through what they might need, recruiting their staff, buying equipment and getting their training. That’s already done.

That’s exactly the way you should look at you ability to respond to fraud incidents. Evaluate your fraud response needs during periods of calm. Not crisis.

Gaps in capabilities should be addressed before a fraud incident is being pursued.

As part of fraud risk brainstorming, think through what skills might be needed later if identified risks become reality. In many organizations, these skills do not necessarily need to be available in-house. But you should know exactly who to call if you need them in a hurry. Assess internal capabilities. Build relationships with outsiders before they are needed.

Here is a list of good places to start.

Legal Oversight

At the center of the response team are lawyers skilled in criminal matters. These attorneys should be able to provide quick response guidance to members of the investigative team. They should be available when needed, and provide oversight of the investigative process. Consider other legal needs that may arise, such as employment law, government contracting, procurement, international commerce, real estate, technology, intellectual property, and environmental law.

Investigators, Fraud Examiners, and Forensic Accountants

This group will comprise the core investigative team. While the roles of the three groups mentioned in the title above are similar, the specific subspecialties of each are important to have available. These skills may all be found in one person, or we may need multiple experts to fill the investigative needs.

Certified Fraud Examiners

While there are many sources of help, many Certified Fraud Examiners (Association of Certified Fraud Examiners, Austin, TX www.acfe.com) are experts in fraud issues and can bring first-hand experience to your fraud incidents. In many organizations, CFEs are an integral part of the investigative team.

Internal Auditors

If your organization has a formal internal audit function, this resource should be utilized in pursuing reported suspicions. Internal auditors have the capability to review issues from the inside: that is, they can often pull data, double check facts and interview employees quietly. This allows the organization to take initial steps in the incident response process without attracting a lot of attention.

Experienced internal auditors have expertise in internal controls as a core skill. They should be an active part of efforts to identify fraud risks and assess the adequacy of prevention and detection controls. Using auditing analytical procedures and tools (including computer-assisted audit techniques), internal audit can also surface fraud indicators for further investigation. Last, they are a critical resource to management in efforts to strengthen controls after a fraud incident has surfaced.

Information Technology and Computer Forensics

Few business fraud cases fail to touch on electronic records. Information technology expertise is needed to assess the risks to these records and to assist in the collection of necessary data stored in electronic form.

Computer forensics expertise is often necessary to preserve data that will be used as evidence in legal proceedings. Qualified experts in these fields should be formally on call if not on staff. These skills should be found before you need them, as response time to collect and protect critical data may be very short.

Human Resources

The response team should include human resources specialists with fraud background. Fraud involves people, and often those people are employees.

Rights and obligations need to be honored. Laws and employment contracts must be respected. Decisions must be adequately and appropriately documented. Mistakes must be avoided. The qualified HR representative can assist in all of these concerns, and should be a core member of the response team.

John J. Hall, CPA

John J. Hall, CPA

John J. Hall, CPA, is an author, speaker and results expert who presents around the world at conventions, corporate meetings and association events. Throughout his 35-year career as a business consultant, corporate executive and professional speaker, John has helped organizations and individuals achieve measurable results. He inspires audience members in corporations, not-for-profit organizations and professional associations to step up, take action and “do what you can.”

 

 

he Anti-Fraud Toolkit Structure

Fraud Prevention Tip #42: Be Ready to Respond

Here’s an exercise that will keep you awake at night. Assume that despite your best efforts at fraud prevention, you get hit anyway. What should you expect when fraud is detected?

Explode False Beliefs

Start by exploding these three myths:

1. We’re ready to address what might come up
2. The authorities will take care of most of it for us
3. The insurance company will give us protection from loss

It would be great if these three statements were true – and sometimes they are. But often they’re not.

• Unless you deal with fraud on a regular schedule, you’ll find that you and your leaders may be very much unprepared to respond.
• The authorities will do their best to assist you in pursuing wrongdoing – if you cooperate fully with them and you are willing to supply the information they need to proceed. They are busy people just like you. They have limited resources and other priorities – again just like you.
• The insurance policy is a contract with requirements you must meet before any losses covered by the policy are paid. Are you in compliance? Have you ever read the insurance contract?

Once you have counterbalanced any existing myths and flawed beliefs, then do these three things:

The Anti-Fraud Toolkit Structure

The Anti-Fraud Toolkit Structure

In 9 modules, more than 6 hours of recorded video lecture, over 250 PowerPoint slides, and many practice ‘To-Do’ action items and practice tools (downloadable in each module), you’ll get the step-by-step, turn-by-turn instructions you need to take action right now. Short on theory and long on action steps, the lectures and tools in each module will enable you to take confident, effective action by building on the successes I’ve witnessed in my clients all of these years.
You’ll also get guidance on what not to do in the fight against fraud – to help you avoid common mistakes, focus your precious limited energy, and avoid undermining your own efforts through inefficiency and uncertainly!

Assemble the Team

There are inherent risks in responding to wrongdoing, misconduct and fraud. Legal, physical, career, reputation, regulatory, human resources and other risks should be managed by professionals with the requisite authority, background, resources, and interest. List the skills and relationships that will be needed when fraud is found. Recruit and prepare your team of experts in advance.

Prepare the Message

Before fraud is found (right now is a good time!) craft the basics of the message you may need to deliver to employees, customers, the press and others. Write out the bullet points of these messages before they’re needed. Be fully prepared to deliver these messages in an organized confident manner at the appropriate time and place, and by the appropriate authorized spokesperson. But get the basics on paper now when things are calm.

Put the Fraud Response Plan in Writing

Make sure that everyone in the organization knows who’s authorized (and who isn’t) to investigate, handle formal and informal information requests, and interact with any outside parties. Put this ‘crisis response plan’ in writing.

Correcting myths, preparing the team and messages and putting it all in writing isn’t everything, but it a foundation that will pay off many times over if you take care of it right now.

John J. Hall, CPA

John J. Hall, CPA

John J. Hall, CPA, is an author, speaker and results expert who presents around the world at conventions, corporate meetings and association events. Throughout his 35-year career as a business consultant, corporate executive and professional speaker, John has helped organizations and individuals achieve measurable results. He inspires audience members in corporations, not-for-profit organizations and professional associations to step up, take action and “do what you can.”

 

 

board members

Fraud Prevention Tip #41: Train Your Board Members

There is an assumption that once an individual is accepted into a Board position, they are qualified to provide governance oversight of the organization’s anti-fraud efforts. But for most Board members, nothing could be further from the truth.

History is filled with examples of corporate corruption and fraud at the highest levels that occurred right under the noses of the Board. And it’s not just highly-publicized for-profit organizations that are at risk. School districts, not-for-profits, municipalities, credit unions, universities, private foundations, family run businesses and dozens of others are at risk due to inadequate fraud risk management skills at the Board level.

Whose job is it to train Board members and bring their Fraud Risk Management skills up to speed? Strange as it may sound, it’s management’s job.

The Anti-Fraud Toolkit Structure

The Anti-Fraud Toolkit Structure | Module 2 – Leadership

The message of this module is simple: Nothing will happen without strong, visible, vocal executive leadership. And by ‘executive’ I mean the Chief Executive Officer – whatever their title may be in your organization.
The #1 executive must lead the anti-fraud charge. They must be willing to speak publicly and enthusiastically. They must provide you with the resources you need to initiate and sustain your anti-fraud initiative. They must embrace that fighting wrongdoing and fraud is a campaign waged over time with their continued support. It is not a once and done event that receives encouraging words but no meaningful follow-though. Your #1 job as an anti-fraud leader is to recruit and secure meaningful executive leadership support. Module 2 – Leadership will give you the specifics details of what you will need from the executive management team.

Here are three specific areas where the Board must be up to the task.

1. Oversight of the Organization’s Anti-Fraud Efforts

The Board must ensure that management has done a competent job of identifying fraud risks and putting into place effective controls and behaviors to mitigate those risks. And not just the risk of financial misstatement that consumes so much of Board and management efforts. They must also monitor the risks of significant misappropriation, misstatement of non-financial results, and corruption and shadow deals – especially where it relates to bribery of domestic and foreign officials. Of course the recent uptick in cybercrime and other exposures in the technology arena has even the best anti-fraud Board members squirming in the seats.

2. The Risk of Senior Management Override of Controls

It’s been proven too many times to count that no one in the employee ranks can survive taking on senior management when collusion at the top causes controls to be overridden and fraud to be perpetrated. Not even the Chief Internal Auditor or Chief Counsel. They may have legal remedies when they are fired for challenging the CEO, but no one I’ve ever encountered who has taken this route would do it again willingly. Only the Board can step in when the most senior executives are determined to cheat. That’s one of their key governance roles, and one of the fundamental reasons why the Board exists. To monitor and counterbalance senior management when needed.

3. The Risk of Fraud For the Organization

Not all fraud directly harms the organization, at least initially. Some schemes actually bring substantial benefit to the organization and its leaders. Intentionally misstating the safe use of products, illegally dumping toxic substances, and hiding the harmful effects of food additives and chemicals used in the home are just three examples. Board members must be aware of fraud and other wrongdoing that benefits the organization, and be willing to take effective steps to prevent these risks from ever happening.

Of course, there are many other Fraud Risk Management challenges that all Board members must accept. You can help by teaching them what they need to know and do.

We can help as well. Take a look at our strategic partner for Board quality and effectiveness. The Center for Strategic Business Integrity was recently formed specifically to improve the quality of oversight by Board members and their Trusted Advisors. Take a quick look: www.CenterSBI.com. Might be just what you need.

John J. Hall, CPA

John J. Hall, CPA

John J. Hall, CPA, is an author, speaker and results expert who presents around the world at conventions, corporate meetings and association events. Throughout his 35-year career as a business consultant, corporate executive and professional speaker, John has helped organizations and individuals achieve measurable results. He inspires audience members in corporations, not-for-profit organizations and professional associations to step up, take action and “do what you can.”

 

 

Boss in his office reading newspaper - the business section

Fraud Prevention Tip #2: Fight Through What Holds You Back

As CFO for his $3 billion company, David has a lot on his plate. Rapid growth, thin controls in new overseas markets, monthly and quarterly reporting deadlines, and overseeing a staff of over 75. Fact is he just never gets time to actively address fraud risks. He knows he should. But so far his efforts have been limited to keeping his fingers crossed and hoping for the best.

Until last week. That was when his accounts payable team found what is turning out to be a multi-million dollar vendor fraud. And it’s been going on for over three years. Not surprisingly, David is now ready to act.

I’ve been showing clients how to initiate, lead and sustain effective Anti-Fraud Campaigns for over 25 years. Unfortunately, for most organizations it takes a direct hit like David’s to force them into action.

But why should that be? Isn’t Fraud Risk Management just part of larger Business Risk Management ongoing efforts?

Quite simply the answer is yes. But there is a definite pattern of reasons and excuses about why organizations – especially large organizations – don’t take effective action to manage their fraud risks before they are victimized.

Here are three common excuses for inaction. Do they sound familiar?

Excuse 1: Uncertainty About How to Start and What’s Involved

How many times have we all heard that a journey of a thousand miles begins with a single step? Pretty basic stuff. Unless you don’t know which direction to Concept of businessman surrounded by questionstake that first step. North? South? East? West? Or something angled in between. Get the first steps wrong and you are headed way off in the wrong direction five steps later. And every subsequent step takes you even further from your intended goal.

The Anti-Fraud Tips in these blogs tell you pretty much every step to take. You’ll get the road-map to point you in the right direction from day one. Follow these ideas, and ‘uncertainty’ as an excuse for inaction evaporates, allowing confidence from taking proven actions to quickly fill in the void.

Following these ideas on your own may be all you need to get the job done over time. But an experienced guide can accelerate you progress on the anti-fraud trail. Just ask for help from someone who has walked this path too many times to count.

Excuse 2: Lost Momentum

We’ve seen dozens of corporate Anti-Fraud Campaigns start with a bang and then quickly fade away to a fizzle.

Why? Simple: inadequate leadership support.

Fighting fraud is a Campaign, not an Event. To work, it requires the visible, vocal support of senior managers over an extended period until it sticks and becomes how we do business at every level. It’s not the flavor of the day, to be pushed aside as other important issues need more immediate attention. It requires a sustained effort until fighting fraud becomes part of the reflex ‘muscle-memory’ of every employee.closeup of newton pendulum

Removing and replacing habits takes time. Investment in leadership time and other resources must be secured right from the start. And that leadership starts with the Chief Executive Officer. No one else can make it happen.

After all, isn’t the CEO the de facto Chief Risk Officer regardless of whether someone else may have that title on their business card? Shouldn’t the CEO lead the charge against fraud? You know the answer, and so does your CEO.

Excuse 3: Flawed Beliefs About the ROI from Anti-Fraud Campaigns

Many leaders in organizations both large and small have the same flawed belief: we don’t have much fraud and the cost of managing the little bit we have isn’t Child's Play - banker, financierjustified. In short, the ROI – Return in Investment – doesn’t justify the effort.

Yet when I ask them to quantify just how much fraud, misconduct, theft and other wrongdoing they experienced in the last 12 months, with only three exceptions in over 25 years they have no idea.

Enter the Association of Certified Fraud Examiners (www.ACFE.com). Their “2014 Report to the Nations on Occupational Fraud and Abuse” states that “the typical organization loses 5% of revenues each year to fraud.”

5 percent of revenues? I don’t buy it and never have. It’s just too big to be reality.

But in my own work with clients, I’ve never seen less than 1 percent in larger organizations. 1 percent of $3 billion for David in our example above would still be $30 million. His team just discovered a multimillion dollar case. I bet he’s wondering where the rest is hidden? (And if he’s not, he should be!)

In large organizations, you’ll never cut your losses from misconduct and fraud down to zero, so don’t make that you goal. But try this idea on for size.
Assume it’s 1 percent of your revenue. Could you cut that in half in 18 months? The answer is a resounding yes.

For David, those savings would be a minimum of $15 million added directly to his bottom line through better ‘fraud expense control’. And I’m confident of results two to three times that based on my past experience.

How’s that for ROI, CFO’s?

Exactly how do you do it? By following the ideas in these 40 Fraud Prevention Tips. You’ll need to stay tuned for more of the details – or reach out right now and we’ll get you started on your own Anti-Fraud Campaign today.

How many of these and other excuses blocking serious anti-fraud efforts do you face in your business or clients? Unfortunately every organization has them, and they won’t go away on their own. Right now is the time to fight through these barriers – these excuses for inaction – and get the job done.

We can help. Just say the word and we’ll get started together.

John J. Hall, CPA

John J. Hall, CPA

John J. Hall, CPA, is an author, speaker and results expert who presents around the world at conventions, corporate meetings and association events. Throughout his 35-year career as a business consultant, corporate executive and professional speaker, John has helped organizations and individuals achieve measurable results. He inspires audience members in corporations, not-for-profit organizations and professional associations to step up, take action and “do what you can.”

 

 

fraud investigation

Fraud Prevention Tip #1: Eight Fundamentals of Fraud Risk Management

Every leader in every business, education, government and not-for-profit organization has at least one thing on common. They all want to prevent fraud from happening on their watch.

To build, implement and sustain an effective Anti-Fraud Campaign, here are eight ideas to increase your odds of success.

  • Strong Prevention Controls – Formal procedures and daily behaviors directed at preventing fraud are the foundation of any anti-fraud effort. Preventive Clear Responsibilitiescontrols limit access to resources and information. They provide for high-quality recording, review, approval, and summation of transactions and other events. And they ensure that objectives are achieved and organization assets are protected.
  • Immediate Detection – Effective anti-fraud campaigns bring the one-two punch of prevention and quick detection procedures. The best assumption is that some wrongdoing will slip through your defenses. When that happens, be ready to find it right away – same day, same week, same month. No more.
  • Clear Responsibilities – Every employee, manager and executive must know exactly what to do and what to avoid when they suspect wrongdoing and fraud. Tell them in advance. Don’t leave them wondering about required next steps.
  • Anti-Fraud Training – Provide meaningful ‘how-to’ manager and staff training so that everyone knows not only what can go wrong but exactly what it looks like in the records they see every day. Not general awareness sessions; meaningful prevention and prompt detection skills education. Informed employees are your best line of defense. Teach them exactly what they need to know.
  • Confidence to Report Suspicions – Your team needs to feel confident to speak up. They must feel safe. They are the heroes you must have ready to take Suspicionsaction and report what doesn’t look right to them. Break down any barriers that discourage reporting. Make it easy to report – including anonymously.
  • Open Brainstorming of Risks – Have you ever initiated an open discussion of what could go wrong? If not, start today. Bring it up in a staff meeting. Say, “You know, we’ve never talked about fraud risks in our business. Let’s do that right now.” Get the input of everyone. You’ll be pleasantly surprised just how willing they are to share their concerns – and their willingness to better manage your risks.
  • Pre-plan Your Response – Fraud Risk Management includes planning in advance how you will respond if fraud does occur. Who should be involved? Who takes the lead? What resources will you need and who can provide them? Minimize the need for crisis-based decisions. Build the shell of your response in advance – before you need it.
  • Take a Strong Position in Legal Actions – Think seriously about your appetite for legal action before you need to pursue those options. Anti-Fraud Campaigns include an organizational stance that openly says, “We won’t tolerate it here. And if you target us, expect a fight!” Isn’t that what your honest employees, agents, vendors, customers and other stakeholders want to hear?

How does your organization stack up? These eight ideas form the foundation of a meaningful Anti-Fraud Campaign. But they are just the start.

This is the first in an in-depth series of fraud prevention blogs and articles we’ll be publishing in the coming months. Be assured we’ll go deep on these eight ideas and many, many more.

Stay tuned – and never hesitate to reach me if you want to kick around ideas or have questions related to implementation in your own unique organization. We’re here to help. Just ask.

 

John J. Hall, CPA

John J. Hall, CPA

John J. Hall, CPA, is an author, speaker and results expert who presents around the world at conventions, corporate meetings and association events. Throughout his 35-year career as a business consultant, corporate executive and professional speaker, John has helped organizations and individuals achieve measurable results. He inspires audience members in corporations, not-for-profit organizations and professional associations to step up, take action and “do what you can.”

 

 

next page