A Pro-active Approach to Occupational Fraud and Abuse

LEAD BY EXAMPLE
Senior management and business owners set the example for the organisation’s employees. A non-consistent attitude toward rules and regulations by management will more than once be reflected in the attitude of employees. Every employee, regardless of their position, should be held accountable for their actions, so yes that includes top management.

And in all honesty, more than once we have found our initial client contact to be the involved party. It is often management that has the greatest access to fraudulent opportunities and it is more than once that same management that can get away with control overrides.

POSITIVE WORK ENVIRONMENT
Create a positive work environment that encourages employees to follow established policies and procedures and act in the best interests of the organization.

Fair employment practices, written position descriptions, clear organizational structures, comprehensive policies and procedures, open lines of communication between management and employees, and positive employee recognition will all work to reduce the likelihood internal fraud and theft.

I see the importance in my daily practice. Once fraud and/or theft is established and a  perpetrator has been identified, more than once the issue of feeling not-recognised is at least part of the motive for stepping accross the line.

INTERNAL CONTROLS- Internal controls are designed to ensure the effectiveness and efficiencies of operations, compliance with laws and regulations, safeguarding of assets, and accurate financial reporting (See for instance the COSO model).

The internal controls controls for safeguarding assets and financial reporting require policies and procedures that address amongst others:

• Separation of Duties
  No employee should be responsible for both the recording and processing a transaction. I am aware that In New Zealand with a substantial percentage of very small businesses this is sometimes hard. However there are always options and more than once overriding this basic procedure for the sake of practicability has been disasterous.
  
• Access Controls
  Access to physical and financial assets and information and accounting systems should be restricted to authorized employees and its use should be monitored on a regular basis.Start off with simple checks: just ask your employees out of the blue, I need the password of so and so who's not hewre today, can anyone help me? You'll be surprised, or check for the yellow post its on the bottom of the screen or the back of the computer.
  
  And where it comes to physical access: more than once actually today I could have nicked all the confidential assets of my client: the person I was supposed to meet was tucked away in the back of the building, the rest of the creqw was at a seminar, and me I walked aroud and saw computers standing open, no one to receive me at the door and access to all offices. Not good.
  
  
• Authorization Controls
  Policies and procedures addressing the controls to initiate, authorize, record, and review financial transactions.
  
  Internal controls will reduce the opportunity for fraud as a detterent factor and will enhance the efficiency and effectivity of your operations.
  

EMPLOYEE SELECTION
If you hire dishonest employees you run a risk. Honest employees are an asset to any organisation, even one with poor internal controls. However, a dishonest employee will ignore management’s attempts to provide a positive work environment and search for ways to defeat even the most comprehensive internal controls to commit fraud.

It is good to realise upfront that no internal control system is  100% fail safe.

Therefore it is very important to keep dishonest applicants from becoming an employee. A thorough pre-employment background check should include:

• Criminal history for crimes involving violence, theft, fraud, etc
• Civil history for lawsuits involving collections, restraining orders, fraud, etc
• A financial background check ( Baynet)
• Driver license for numerous or serious violations especially where drinving is part of the job
• Education verification to verify degrees from accredited institutions. By now I receive approximately 20 emails a day offering me different buyable degrees and certifications. You can no longer afford to be just impressed with what you see.A check is a  requirement.
  
• Employment verification to verify positions, length of employment, reason for leaving
  

EMPLOYEE EDUCATION
Employees should receive information on the policies and procedures related to fraud, the internal controls in place to prevent fraud, the organisation’s code of conduct and ethics policies, and how violations of these policies will be disciplined.

Every employee should sign a form to verify the receipt of this material. On a periodical basis it is recommended that employees receive training on these subject matters.

REPORTING SYSTEM
If anything, more than once I encounter witnesses saying that they "had this feeling all along that something was not ok. But I didn't know where to go to to express my concerns and I didn't want that colleague to become a suspect for nothing"

Every organization should provide a confidential reporting system for employees, vendors, and customers to anonymously report any violations of policies and procedure and even concerns.

Employers should promote and encourage the use of the reporting system. Not just from a reactive point of view but also pro-actively. More than once vices are involved or  signs are visible at an early stage, bosses don't see, colleagues do: make sure they can communicate those concerns.

AUDITS/ASSESSMENTS
Random, unannounced financial audits and fraud assessments are important to identify new vulnerabilities and measure the effectiveness of the controls in place.

In addition to gathering important business intelligence through audits and assessments; it will deliver a strong message to employees that a pro-active stance in respect of fraud is a priority 

INCIDENT INVESTIGATION
A thorough and prompt investigation of policy and procedure violations, allegations of fraud, or the warning signs of fraud will provide management with the facts necessary to make informed decisions and reduce losses.

And again it send a strong message to the internal organisation that these things are taken seriously.