Prevent fraud at your company

Posted on October 04, 2007 5:25 AM

• By Craig Siiro

View full bio

Fraud comes in all sizes, ranging from billion dollar cases of corporate fraud and thousand dollar cases of
employee embezzlement to employees overcharging their expense reports.

Therefore, an effective fraud prevention strategy must be multi-dimensional, considering senior

management, employees and even outside parties such as customers and vendors. An effective fraud
prevention strategy must also be adaptable to the ever-changing fraud schemes as internal controls and
technology change the operating environments of most companies.

So how does a company develop a fraud prevention strategy without spending millions of dollars and
scrutinizing all of its transactions? One technique is to break the problem into smaller pieces. Let’s consider
(1) the work environment; (2) control systems; and (3) fraud-specific procedures.

Work environment
An effective fraud prevention strategy begins with creating a work environment that defines and reinforces
anti-fraud behavior. This includes how the company treats its customers, employees and suppliers. No
matter how many internal control systems or anti-fraud procedures are used, there needs to be the proper
"tone at the top" that demands to "always do the right thing no matter what the cost to the company."
Without a strong anti-fraud culture, opportunity and rationalization will appear to those individuals with
enough pressure to commit the fraudulent act. A key element to an anti-fraud work environment is a clearly
written fraud policy. This policy should describe the corporate commitment to the fair treatment of all
employees, customers, and suppliers.

Any variances from company policy need to be handled according to the written fraud policy. Any variances,
no matter the size, will limit the effectiveness of the company policy allowing the rationalization of future
fraud activity.

It is important to have a history of prosecuting fraudulent activity.

The whistle blower system is also an effective tool for the work environment. According to the "2006 Report
to the Nation on Occupational Fraud and Abuse" of the Association of Certified Fraud Examiners (ACFE), 34.2
percent of the initial reports of occupational abuse resulted from tips. These tips came from employees,
customers and vendors. An effective whistle blower system allows key individuals to report fraud without the
threat of retribution. It is also important to have a history of prosecuting fraudulent activity. Too often,
employees caught committing fraud against the company are terminated without the negative,
embarrassing consequences of being prosecuted for their crime. Faced with only termination, the employee
often commits the act again at their next employer.

Control systems
Control systems include the internal control systems of the company. These control systems are front lines in
the fight against fraud. An adequate system of internal controls reduces the number of opportunities
available to those individuals with pressure and rationalization. The importance of internal control systems is
evident by Section 404 of Sarbanes-Oxley. This law requires not only the establishment of a system of
internal controls but also is concerned with how management assesses these controls. Currently, public
companies are spending significant resources, both people and money, in compliance with this law. ACFE’s
“2006 Report to the Nation” illustrates the importance of control systems with 20.2% of initial reports
resulting from internal audits and 19.2% resulting from internal controls.

Fraud-specific procedures
The core of the fraud prevention strategy is the use of fraud-specific procedures. These procedures are
specifically designed to detect fraud, in contrast to the control activities of the internal control systems which
are generally applied to achieve the control objectives.
Whereas control objectives are designed to reduce the opportunities for fraud, the fraud-specific procedures
are designed to test for the presence of fraudulent activity.

These procedures are analogous to a medical exam. Even though an individual may live a healthy lifestyle,
with proper eating and exercise habits, regular medical exams are still recommended. During these medical
exams, the doctor is looking for the presence of disease or other medical conditions, that if detected early,
can be effectively treated. Similarly, the use of fraud-specific procedures looks for the presence of fraud-
related activities. These procedures should be performed randomly throughout the year by testing a variety
of areas of potential fraud, including areas such as ghost employees, fictitious vendors, kiting and inventory
shrinkage.

The application of these procedures offers two benefits. The first benefit is the possible discovery of a fraud
in progress. This is a direct benefit resulting in a reduction of the possible financial damage from the
fraudulent activity. The other is the indirect benefit of reducing the opportunity to commit fraud. With the
presence of these random, fraud-specific procedures, anyone contemplating a fraud needs to consider the
potential their fraudulent activity will be identified. This unknown may be enough to convince an individual
that opportunity does not exist, therefore the fraudulent activity cannot be successful.
A fraud prevention strategy starts with a work environment intolerable to fraudulent behavior.
Fraud is committed by individuals motivated by pressure, opportunity, and rationalization, working in an
ever-changing environment. In order to be effective, a fraud prevention strategy needs to be multi-
dimensional. The strategy starts with a work environment intolerable to fraudulent behavior. This work
environment is supported by robust control systems which are monitored and revised to address current
environmental conditions. In addition, these control systems are supplemented by fraud-specific procedures,
designed to identify existing fraudulent activity.