Even in a rapidly changing business environment with emerging technologies and constant challenges, at the core of every organization is its employees — those carrying out operations, executives, administrative personnel, and even the board. Employees are faced with an increasing pressure to meet the bottom line at work and at home, and they can be exposed to a variety of ethical dilemmas. These dilemmas can tempt employees to commit fraud against their employer.
The cost of occupational fraud can be minimized with fraud prevention. Depending on the size and complexity of an organization, internal audit can be called on to recommend improvements or evaluate an organization’s controls and commitment to fraud prevention. An organization’s internal controls are not always specifically designed to prevent fraud; however, often there are fraud prevention components inherent in internal controls related to the control environment, segregation of duties, and monitoring activities.
The control environment is one of the interrelated components of internal control, and it is vital in establishing an effective fraud-prevention culture within an organization. A visible commitment to fraud prevention can exhibit to employees the importance of anti-fraud measures to the organization. Control activities related to fraud prevention can be evident in the hiring, onboarding, and training of employees, as well as the organization’s policies and procedures.
During the hiring process, companies may conduct background checks, validate references, or confirm certifications. Certain fields or industries may require background checks, which can serve as a first point of communication regarding an organization’s tolerance of fraudulent activity.
The introduction to the organization’s mission and values typically occurs during the onboarding process. This can be an opportune time to distribute and explain the code of conduct, code of ethics, or a separate fraud policy. Taking time to discuss the firm’s policies and procedures thoroughly can be an effective measure in fraud prevention. For example, organizations subject to bid requirements should maintain sufficient documentation to support compliance with established protocols in place. Policies and procedures should be clearly defined, published, readily available, and required to be read and acknowledged annually by employees to correspond with terms of employment.
Fraud-related training can reinforce the importance of anti-fraud, waste, and abuse meausres to the organization. To be effective, training that promotes fraud prevention should be tailored to the role and duties of the individual employee. Mandatory, continuous training for employees who progress within an organization can be implemented based on individual job responsibilities and within a department’s specific function. This can equip employees with the skills to detect fraud, and also educate employees about what to do when fraud is suspected.
Companies may opt to use hotlines for fraud reporting. Depending on available resources, an organization’s fraud reporting hotline may be third-party managed, in-house, or a combination of both. Information regarding the fraud reporting hotline should be communicated during training, readily available, and publicly displayed in common areas so it is visible to all employees. To build the trust of employees in the fraud-reporting process, disseminated materials should contain information regarding how hotline tips are evaluated, and what level of anonymity and confidentiality can be assured for the tip-reporting employee.
Segregation of Duties
The organization should provide employees with the authority to carry out their duties, but no single employee should have the ability to create, execute, and monitor activities within a business function. For example, in payroll processing, there should be separation between the ability to approve payroll, write and sign checks, receive bank statements, and reconcile those bank statements. In this instance, an accountant or other financial personnel could approve payroll, write checks, and reconcile bank statements; whereas an executive director could sign checks, receive and open bank statements, and review bank reconciliations.
The size of an organization can create complexities related to segregation of duties. Small organizations can experience challenges because of staff size limits. Careful consideration should be made so that no single employee has complete control over all aspects of a process or function. However, large organizations can experience distinct challenges because of the potential overlap of job duties among multiple departments, which can require a more concerted effort to determine whether job responsibilities are adequately segregated.
Regardless of the size of an organization, controls should be designed and implemented so they cannot be overridden without appropriate authority. Insufficient safeguards and consideration for employee responsibilities can lead to collusion. Segregation of duties should occur at all levels of an organization and be relevant to each specific function.
Monitoring implemented controls not only provides oversight, but it also can gauge compliance with established policies and determine whether controls are operating as intended. For example, controls established to segregate employee duties will be ineffective if those employees disregard controls in place. Ineffective controls can create the opportunity for an employee to perpetrate fraud. Monitoring should occur at all levels of an organization and not be limited to day-to-day operations.
Before establishing monitoring procedures, those responsible for monitoring activities should perform a fraud-risk assessment. Analytics are often used, but there are additional resources for an organization to consider. Employees are a valuable resource because they are close to the operations responsible for achieving components of the organization’s goals. Those performing the fraud-risk assessment should use the skills and knowledge of employees to strengthen monitoring activities. Employees can provide insight on how someone might circumvent current controls, which in turn can help an organization strengthen controls designed to prevent the occurrence of fraud. The involvement of employees in the fraud-risk assessment process provides them with increased fraud awareness. They can become more knowledgeable of fraud terms and schemes such as asset misappropriation and procurement fraud. Lastly, involvement of employees fosters continuous training and reinforces the organization’s established policies and procedures.
Publicizing monitoring activities within the organization can help deter employees from committing fraud because they realize the likelihood of detection is increased. Monitoring can serve as a preventive measure within the organization and can also minimize the duration of fraudulent activity.
It Can Happen Here
As businesses grow or are redefined, fraud often presents itself unpredictably. Organizations that ignore the occurrence of fraud or maintain the “it can’t happen here” mind-set may find themselves dealing with increasing fraud-related costs. Carefully designed and monitored preventive measures are crucial in the fight against fraud.