Drafting a fraud prevention strategy – back to basics
The risk of fraud is present in almost every business regardless of size, shape or complexity. The risk can emerge in an employee, a vendor, a client or in the boardroom and can be simple or sophisticated and complex.
Fraud prevention requires effective internal controls, a clear policy on an organisation’s attitude towards dishonesty, effective detection ability, a strong investigative component and a history of dealing harshly with transgressors, all known to employees of the organisation. Through this, companies can achieve the necessary safeguards and deterrents vital to effective fraud prevention, Renaldo Du Plessis, Senior Consultant at Volition Consulting Services, writes in this month’s SmartProcurement.
The key objectives of any fraud prevention strategy are based on the four basic steps: prevention, detection, investigation and deterrence or sanctions. The best fraud prevention strategies consist of policies and procedures, a clear and unambiguous code of conduct and guidelines as well as leadership endorsement and awareness training, which is essential to ensure the attitudes of staff are in line with the organisation’s approach to fraud.
The primary step in any fraud prevention strategy is to draft a Code of Conduct and ethics relevant to the entity and its business. This code should clearly define key standards that speak to acceptable business practices and conduct in the workplace. A well-defined code of conduct goes far beyond simply stating or restating an entity’s policies – such a code sets the overall tone for the entity’s approach to control, raising awarenes, demonstrating management’s commitment to integrity and the support structures available to help all employees achieve the entity’s compliance goals. Research shows that the implementation of a fraud prevention strategy is not only the responsibility of management or internal audit, but a combined effort of all employees.
Creating awareness and training on a multi-level approach is essential to the success of the implementation. A bi-level approach of conscious and unconscious enforcement of the fraud prevention plan will reinforce the message that company rules, own moral judgement and employees’ consciences will play a major role in curbing incidence of fraud. A culture of accountability must be fostered within the emloyee corps. This, together with open reporting mechanisms and visible enforcement of the sanctioned policy can go a long way in preventing fraud.
Prevention requires an in depth risk assessment of all processes and control frameworks and the integration of “red-flag” mechanism in all identified risk areas. These should be broad ranging and must encompass controls to prevent, detect and report incidents of potential fraud. Implemented controls or “red-flag” mechanism should be evaluated on a regular basis to ensure effectiveness. Reporting mechanism like an “anonymous hotline” will provide employees the opportunity to report possible incidence of fraud without fear of retribution or victimization.
Common anti-fraud controls include:
- External Audit of Financial Statement (F/S)
- Code of Conduct
- Management of Certification of F/S
- Internal Audit / Forensic Examiners Department
- External audit of internal controls over financial reporting
- Management Review
- Independent Audit Committee
- Employee Support Programs
- Fraud Training for Managers/Executives
- Fraud Training for Employees
- Anti-fraud Policy
- Formal Fraud Risk Assessments
- Surprise Audits
- Job Rotation/Mandatory Vacation
- Rewards for Whistleblowers
Detection should ideally include a comprehensive and integrated array of “red flags” that will avoid duplication of effort and “slip between the cracks” that is often the case with a process silo approach. Throughout the supply chain, there are many opportunities to commit fraud. From procurement to distribution, both employees and external parties, such as suppliers, distributors and competitors, all have opportunities. These range from false invoicing, bribery and kickback schemes to inventory theft and acceptance of substandard goods. Experts should look closely at data and other records. Attention must typically be focused on:
- ‘Out of hours’ transactions.
- Matching employee and vendor details.
- Short term changes to employee or supplier accounts.
- Inappropriate authority to transact deals.
- Conflicts of interest.
- Transactions concluded without the appropriate approval.
Many of the fraud indicators reside within an entity’s financial, operational and transactional data and can be identified using data analysis tools and techniques. Proactive analysis and cross-matching can reveal non-obvious relationships in data that have remained hidden, and could highlight potential fraud areas never identified before.
Investigation of potential fraud incidents should be credible and comprehensive and should be focused on uncovering all the facts and factors of the case. Investigation should ideally be done by outside agencies that can perform and unbiased, independent and qualified assessment. Reporting and management protocols should be strictly adhered to, and the investigation should as far as possible be done without any undue pressure or interference from management. Due to the lack of specialised skills and knowledge in the detection and investigation phase, it is estimated that upwards of 53% of fraudulent activity is not successfully prosecuted.
Deterrence and sanctions must be consistent and credible. Disciplinary processes are a key control that can be effective in deterring fraud and misconduct. By mandating and enforcing meaningful sanctions, management can send a signal to internal and external role players that the entity sees managing fraud risk as a business-critical priority.
For more information on developing a fraud prevention strategy email Renaldo Du Plessis on RduPlessis@volition.co.za