Fraud comes in all sizes, ranging from billion dollar cases of corporate fraud and thousand dollar cases of employee embezzlement to employees overcharging their expense reports.
Therefore, an effective fraud prevention strategy must be multi-dimensional, considering senior management, employees and even outside parties such as customers and vendors. An effective fraud prevention strategy must also be adaptable to the ever-changing fraud schemes as internal controls and technology change the operating environments of most companies.
So how does a company develop a fraud prevention strategy without spending millions of dollars and scrutinizing all of its transactions? One technique is to break the problem into smaller pieces. Let’s consider (1) the work environment; (2) control systems; and (3) fraud-specific procedures.
Work environment
An effective fraud prevention strategy begins with creating a work environment that defines and reinforces anti-fraud behavior. This includes how the company treats its customers, employees and suppliers. No matter how many internal control systems or anti-fraud procedures are used, there needs to be the proper "tone at the top" that demands to "always do the right thing no matter what the cost to the company."
Without a strong anti-fraud culture, opportunity and rationalization will appear to those individuals with enough pressure to commit the fraudulent act. A key element to an anti-fraud work environment is a clearly written fraud policy. This policy should describe the corporate commitment to the fair treatment of all employees, customers, and suppliers.
Any variances from company policy need to be handled according to the written fraud policy. Any variances, no matter the size, will limit the effectiveness of the company policy allowing the rationalization of future fraud activity.
It is important to have a history of prosecuting fraudulent activity.
The whistle blower system is also an effective tool for the work environment. According to the "2006 Report to the Nation on Occupational Fraud and Abuse" of the Association of Certified Fraud Examiners (ACFE), 34.2 percent of the initial reports of occupational abuse resulted from tips. These tips came from employees, customers and vendors. An effective whistle blower system allows key individuals to report fraud without the threat of retribution. It is also important to have a history of prosecuting fraudulent activity. Too often, employees caught committing fraud against the company are terminated without the negative, embarrassing consequences of being prosecuted for their crime. Faced with only termination, the employee often commits the act again at their next employer.
Control systems
Control systems include the internal control systems of the company. These control systems are front lines in the fight against fraud. An adequate system of internal controls reduces the number of opportunities available to those individuals with pressure and rationalization. The importance of internal control systems is evident by Section 404 of Sarbanes-Oxley. This law requires not only the establishment of a system of internal controls but also is concerned with how management assesses these controls. Currently, public companies are spending significant resources, both people and money, in compliance with this law. ACFE’s “2006 Report to the Nation” illustrates the importance of control systems with 20.2% of initial reports resulting from internal audits and 19.2% resulting from internal controls.
Fraud-specific procedures
The core of the fraud prevention strategy is the use of fraud-specific procedures. These procedures are specifically designed to detect fraud, in contrast to the control activities of the internal control systems which are generally applied to achieve the control objectives.
Whereas control objectives are designed to reduce the opportunities for fraud, the fraud-specific procedures are designed to test for the presence of fraudulent activity.
These procedures are analogous to a medical exam. Even though an individual may live a healthy lifestyle, with proper eating and exercise habits, regular medical exams are still recommended. During these medical exams, the doctor is looking for the presence of disease or other medical conditions, that if detected early, can be effectively treated. Similarly, the use of fraud-specific procedures looks for the presence of fraud-related activities. These procedures should be performed randomly throughout the year by testing a variety of areas of potential fraud, including areas such as ghost employees, fictitious vendors, kiting and inventory shrinkage.
The application of these procedures offers two benefits. The first benefit is the possible discovery of a fraud in progress. This is a direct benefit resulting in a reduction of the possible financial damage from the fraudulent activity. The other is the indirect benefit of reducing the opportunity to commit fraud. With the presence of these random, fraud-specific procedures, anyone contemplating a fraud needs to consider the potential their fraudulent activity will be identified. This unknown may be enough to convince an individual that opportunity does not exist, therefore the fraudulent activity cannot be successful.
A fraud prevention strategy starts with a work environment intolerable to fraudulent behavior.
Fraud is committed by individuals motivated by pressure, opportunity, and rationalization, working in an ever-changing environment. In order to be effective, a fraud prevention strategy needs to be multi-dimensional. The strategy starts with a work environment intolerable to fraudulent behavior. This work environment is supported by robust control systems which are monitored and revised to address current environmental conditions. In addition, these control systems are supplemented by fraud-specific procedures, designed to identify existing fraudulent activity.
Craig Siiro is a partner at Virchow Krause & Company LLC, where he leads the accounting firm’s Fraud and Forensic Accounting Team. He specializes in fraud examinations and forensic accounting services. He can be reached at csiiro@virchowkrause.com.
