Fraud Prevention Tip #50: The Three Key Components of an Anti-Fraud Program

Fraud Prevention Tip #50: The Three Key Components of an Anti-Fraud Program

Somewhere out there, your organization is probably being targeted for fraud right now. Internet-based hackers, international organized crime organizations, and even a small percentage of employees all see your assets and information as too tempting to ignore.

But what are the three most important things you must do to deter these barbarians at the gate – or already inside your business?

Fraud Prevention Tip #50: The Three Key Components of an Anti-Fraud Program

How to Prevent Business Fraud: 8 Ideas That Work

The goals of anti-fraud efforts are prevention and immediate detection. While no anti-fraud system is foolproof, the 8 ideas in this program are critical to managing fraud risks in your business. And there is a cumulative effect – the more of them you apply in your business, the greater the chance of success. Providing turn-by-turn instructions for business leaders and owners, this program is short on theory and long on practical ‘how-to’ instructions on what you should do and what gets in the way. You’ll benefit by building a stronger defense against the risks of wrongdoing, misconduct, theft and outright fraud. Using the tools, checklists, talking points, and sample anti-fraud policies included in the program, you’ll be able to apply the ideas right away with minimal cost and maximum effect.

Managing business fraud risks requires your daily attention. It’s a ‘cat and mouse’ endeavor where the smarter we get, the harder they have to work to get us. While there are many prevention and deterrence steps you can take, here are three critical components of any business anti-fraud program.

1. Build a culture of honesty within your organization.

Ethics starts and ends with the actions of leaders. From the boardroom to the factory floor, every leader must not only talk, they must demonstrate exactly what ethical behavior looks like in their business habits. And the CEO must personally lead the pack.

Formalize the rules of acceptable behavior in a Code of Conduct. Be clear about what is not allowed as well. Address confidentiality, harassment, use and protection of intellectual property, avoiding conflicts of interest, and other ethical issues. Tell people what you expect of them. Be clear about relationships with third-party suppliers, customers and contractors.

2. Perform a meaningful fraud risk assessment, and brainstorm how to mitigate fraud risks.

Fraud risk assessment starts with an open discussion of what can go wrong. Bring it out into the open. Recruit every employee into the brainstorming process. Address theft, manipulated financial and operating results, and shadow deals with third parties.

Make sure every employee knows what can go wrong in their areas of responsibility, and tell them it’s their job to make sure fraud doesn’t happen on their watch. Help them implement or strengthen anti-fraud controls. Openly recognize their positive deterrence behavior.

3. Provide useful anti-fraud skills training.

Creating a culture of honesty and ethics is step one; step two is fraud risk brainstorming. But none of it matters without useful anti-fraud skills training.

Many organizations speak to their staff about fraud awareness. But if you are expecting them to fight fraud, you have to go much further and show them exactly what fraud looks like in the transaction records they see every day. There’s simply no short cut to meeting this essential need. Yet this is the one step that most business organizations skip.

Provide anti-fraud skills training in a classroom setting, in small staff meeting discussions, in organization newsletter articles, and using webinar, conference call and other simple technology (Skype, Apple FaceTime and others). Most effective of all but often overlooked is one-on-one coaching of staff by supervisors at every level.

Don’t keep fraud examples hidden from your team; bring what can go wrong out into the light where all can learn and react appropriately. Help them be successful in meeting your fraud risk management objectives. Encourage them to speak up and make it as safe as possible to report suspicions.

If you have questions about what you should do to fight fraud exposures in your organization, just let me know and we’ll talk it through.

Call me at (970) 926-0355. Or email John@JohnHallSpeaker.com and we’ll get the discussion started.

John J. Hall, CPA

John J. Hall, CPA

John J. Hall, CPA, is an author, speaker and results expert who presents around the world at conventions, corporate meetings and association events. Throughout his 38-year career as a business consultant, corporate executive and professional speaker, John has helped organizations and individuals achieve measurable results. He inspires audience members in corporations, not-for-profit organizations and professional associations to step up, take action and “do what you can.”

 

 

preparation for fraud incident

Fraud Prevention Tip #43: Build The Response Team Before It’s Needed

Near our home, there’s a city firehouse. Inside 24 hours a day are trained professionals ready to go when the alarm sounds. Their equipment is maintained in outstanding condition, their trucks are fueled, and their protective jackets, boots and helmets are already in place. They don’t wait for the alarm to go off before thinking through what they might need, recruiting their staff, buying equipment and getting their training. That’s already done.

That’s exactly the way you should look at you ability to respond to fraud incidents. Evaluate your fraud response needs during periods of calm. Not crisis.

Gaps in capabilities should be addressed before a fraud incident is being pursued.

As part of fraud risk brainstorming, think through what skills might be needed later if identified risks become reality. In many organizations, these skills do not necessarily need to be available in-house. But you should know exactly who to call if you need them in a hurry. Assess internal capabilities. Build relationships with outsiders before they are needed.

Here is a list of good places to start.

Legal Oversight

At the center of the response team are lawyers skilled in criminal matters. These attorneys should be able to provide quick response guidance to members of the investigative team. They should be available when needed, and provide oversight of the investigative process. Consider other legal needs that may arise, such as employment law, government contracting, procurement, international commerce, real estate, technology, intellectual property, and environmental law.

Investigators, Fraud Examiners, and Forensic Accountants

This group will comprise the core investigative team. While the roles of the three groups mentioned in the title above are similar, the specific subspecialties of each are important to have available. These skills may all be found in one person, or we may need multiple experts to fill the investigative needs.

Certified Fraud Examiners

While there are many sources of help, many Certified Fraud Examiners (Association of Certified Fraud Examiners, Austin, TX www.acfe.com) are experts in fraud issues and can bring first-hand experience to your fraud incidents. In many organizations, CFEs are an integral part of the investigative team.

Internal Auditors

If your organization has a formal internal audit function, this resource should be utilized in pursuing reported suspicions. Internal auditors have the capability to review issues from the inside: that is, they can often pull data, double check facts and interview employees quietly. This allows the organization to take initial steps in the incident response process without attracting a lot of attention.

Experienced internal auditors have expertise in internal controls as a core skill. They should be an active part of efforts to identify fraud risks and assess the adequacy of prevention and detection controls. Using auditing analytical procedures and tools (including computer-assisted audit techniques), internal audit can also surface fraud indicators for further investigation. Last, they are a critical resource to management in efforts to strengthen controls after a fraud incident has surfaced.

Information Technology and Computer Forensics

Few business fraud cases fail to touch on electronic records. Information technology expertise is needed to assess the risks to these records and to assist in the collection of necessary data stored in electronic form.

Computer forensics expertise is often necessary to preserve data that will be used as evidence in legal proceedings. Qualified experts in these fields should be formally on call if not on staff. These skills should be found before you need them, as response time to collect and protect critical data may be very short.

Human Resources

The response team should include human resources specialists with fraud background. Fraud involves people, and often those people are employees.

Rights and obligations need to be honored. Laws and employment contracts must be respected. Decisions must be adequately and appropriately documented. Mistakes must be avoided. The qualified HR representative can assist in all of these concerns, and should be a core member of the response team.

John J. Hall, CPA

John J. Hall, CPA

John J. Hall, CPA, is an author, speaker and results expert who presents around the world at conventions, corporate meetings and association events. Throughout his 35-year career as a business consultant, corporate executive and professional speaker, John has helped organizations and individuals achieve measurable results. He inspires audience members in corporations, not-for-profit organizations and professional associations to step up, take action and “do what you can.”

 

 

board members

Fraud Prevention Tip #41: Train Your Board Members

There is an assumption that once an individual is accepted into a Board position, they are qualified to provide governance oversight of the organization’s anti-fraud efforts. But for most Board members, nothing could be further from the truth.

History is filled with examples of corporate corruption and fraud at the highest levels that occurred right under the noses of the Board. And it’s not just highly-publicized for-profit organizations that are at risk. School districts, not-for-profits, municipalities, credit unions, universities, private foundations, family run businesses and dozens of others are at risk due to inadequate fraud risk management skills at the Board level.

Whose job is it to train Board members and bring their Fraud Risk Management skills up to speed? Strange as it may sound, it’s management’s job.

The Anti-Fraud Toolkit Structure

The Anti-Fraud Toolkit Structure | Module 2 – Leadership

The message of this module is simple: Nothing will happen without strong, visible, vocal executive leadership. And by ‘executive’ I mean the Chief Executive Officer – whatever their title may be in your organization.
The #1 executive must lead the anti-fraud charge. They must be willing to speak publicly and enthusiastically. They must provide you with the resources you need to initiate and sustain your anti-fraud initiative. They must embrace that fighting wrongdoing and fraud is a campaign waged over time with their continued support. It is not a once and done event that receives encouraging words but no meaningful follow-though. Your #1 job as an anti-fraud leader is to recruit and secure meaningful executive leadership support. Module 2 – Leadership will give you the specifics details of what you will need from the executive management team.

Here are three specific areas where the Board must be up to the task.

1. Oversight of the Organization’s Anti-Fraud Efforts

The Board must ensure that management has done a competent job of identifying fraud risks and putting into place effective controls and behaviors to mitigate those risks. And not just the risk of financial misstatement that consumes so much of Board and management efforts. They must also monitor the risks of significant misappropriation, misstatement of non-financial results, and corruption and shadow deals – especially where it relates to bribery of domestic and foreign officials. Of course the recent uptick in cybercrime and other exposures in the technology arena has even the best anti-fraud Board members squirming in the seats.

2. The Risk of Senior Management Override of Controls

It’s been proven too many times to count that no one in the employee ranks can survive taking on senior management when collusion at the top causes controls to be overridden and fraud to be perpetrated. Not even the Chief Internal Auditor or Chief Counsel. They may have legal remedies when they are fired for challenging the CEO, but no one I’ve ever encountered who has taken this route would do it again willingly. Only the Board can step in when the most senior executives are determined to cheat. That’s one of their key governance roles, and one of the fundamental reasons why the Board exists. To monitor and counterbalance senior management when needed.

3. The Risk of Fraud For the Organization

Not all fraud directly harms the organization, at least initially. Some schemes actually bring substantial benefit to the organization and its leaders. Intentionally misstating the safe use of products, illegally dumping toxic substances, and hiding the harmful effects of food additives and chemicals used in the home are just three examples. Board members must be aware of fraud and other wrongdoing that benefits the organization, and be willing to take effective steps to prevent these risks from ever happening.

Of course, there are many other Fraud Risk Management challenges that all Board members must accept. You can help by teaching them what they need to know and do.

We can help as well. Take a look at our strategic partner for Board quality and effectiveness. The Center for Strategic Business Integrity was recently formed specifically to improve the quality of oversight by Board members and their Trusted Advisors. Take a quick look: www.CenterSBI.com. Might be just what you need.

John J. Hall, CPA

John J. Hall, CPA

John J. Hall, CPA, is an author, speaker and results expert who presents around the world at conventions, corporate meetings and association events. Throughout his 35-year career as a business consultant, corporate executive and professional speaker, John has helped organizations and individuals achieve measurable results. He inspires audience members in corporations, not-for-profit organizations and professional associations to step up, take action and “do what you can.”

 

 

webinar training

Fraud Prevention Tip #40: Record an Anti-Fraud Webinar or Teleconference

Here’s where you get to have some real fun. Prepare and personally lead a 15-minute Webinar or audio conference call addressing one of the anti-fraud ideas on your list. Use any of the ideas in these Fraud Prevention articles as the basis for your script and slides.

Webinars and teleconference calls are an inexpensive, easy, low-risk way to teach. Avoid the theory and the normal long introduction of concepts and agenda. Don’t overthink it. Parachute right in like this:

“Hi, everyone. I’m John from the Corporate staff. Thanks for joining us today.”

Have you ever wondered about what details you should check before approving supplier invoices for payment [time cards, procurement cards, reconciliations, journal entries, standard month-end reports…]? Well, in this program I’ll give you great questions you should ask yourself before you put your good name on that payment. Let’s jump right in.

Question 1… Example 1… (Use the same ‘script’ in Fraud Prevention Tip #36 in this series as a format guide to all topics presented). Question 2… Example 2… (And so forth.)

Thanks for being part of this short Webinar. I hope I answered your questions about invoice approval. And if you want more – including our assistance on how to brainstorm risks in your department – just let us know. You can reach us at [email address] and [phone number].

Always remember, you’re the solution to our fraud risks. Don’t let it happen on your watch!”

You’re off and running. Get ready to be recognized as an expert-hero who is interested in helping everyone else do a better job.

One last point. You may be wondering if this Webinar suggestion steps on any print articles you have published addressing the same topic. Is it redundant? Maybe – but who cares. DO BOTH! Reach as many people as you can. And both ideas are easy and virtually free.

John J. Hall, CPA

John J. Hall, CPA

John J. Hall, CPA, is an author, speaker and results expert who presents around the world at conventions, corporate meetings and association events. Throughout his 35-year career as a business consultant, corporate executive and professional speaker, John has helped organizations and individuals achieve measurable results. He inspires audience members in corporations, not-for-profit organizations and professional associations to step up, take action and “do what you can.”

 

 

Avoid Form Over Substance in Managing Risks

Fraud Prevention Tip #39: Avoid Form Over Substance in Managing Risks

I’ve been a professional auditor for almost 40 years. And I’ve seen it over and over and over again – hundreds if not thousands of times. Form over substance controls and behaviors targeting fraud risks.

Here’s what I mean:

• Two signatures are required on transactions over a threshold like $5,000. But neither signer knows what to look for. And each signs simply because the other did.

• Inventory policies require a wall-to-wall count at least once each year. Staff see several years of dust piling up on boxes along the back wall, but don’t bother asking, “What’s really in those boxes – if anything?”

• Managers approve monthly invoices from service providers, but never get out from behind their desk to find out if the service is being provided in accordance with agreements.

• Property housekeeping supervisors work from 9 to 5, and never show up unannounced in the middle of the night to observe when the work is actually being performed.

• Because it’s hot out on the docks, receiving personnel just initial bills of lading from trucking companies instead of counting the number of boxes received. They haven’t opened and inspected the contents of boxes in over a year.

• Managers are surprised when their month-end budget reports show unexplained spending, unknown vendors, and other variances. But they just assume ‘it’s probably OK’ and fail to double-check details.

• Payroll department supervisors see unusual patterns of overtime in two or three employees, but don’t take the time to verify that the reported hours are accurate.

• The assistant controller approves any journal entry placed on his desk for processing. He blindly trusts his staff to make sure that the entries are correct. And everybody in the department takes advantage of it.

• An executive knows one of her managers is extremely cozy with a key supplier and is living well beyond his means. But she shies away from determining if the source of the manager’s ‘income’ is actually a side-deal they have with the supplier.

• The New York based manager who oversees four company locations in Africa has never left the US to inspect these critical overseas operations.

Avoid form over substance. Insist on quality – especially in anti-fraud controls. Hold your people accountable for their signature and results. Refuse to be an easy target for wrongdoing and fraud.

John J. Hall, CPA

John J. Hall, CPA

John J. Hall, CPA, is an author, speaker and results expert who presents around the world at conventions, corporate meetings and association events. Throughout his 35-year career as a business consultant, corporate executive and professional speaker, John has helped organizations and individuals achieve measurable results. He inspires audience members in corporations, not-for-profit organizations and professional associations to step up, take action and “do what you can.”

 

 

next page