the risk management blog

Key Components of a Fraud Risk Prevention Policy

byMark Lowers | June 03, 2014
fraud prevention

Preventing organizational fraud demands systematic planning and implementation. This entire process, from inception and assessment to performance evaluation is complex, even in smaller organizations. Yet, the payoff for the effort can be huge.

In this post, we offer an overview of the elements of a fraud prevention program that would be useful in any organization. Summarized from, Managing the Business Risk of Fraud: A Practical Guide, produced by a consortium of associations, the guidelines point to specific steps managers can take to implement an effective fraud prevention program.

General Principles of Fraud Prevention

Every business is vulnerable to fraud, only the specific risks involved will vary across organizations. Thus, evaluation of fraud risks is a first essential step in developing an effective prevention program. One tool you can use in this process is the Fraud Prevention Scorecard found on page 61 of the Guide.

The general process for developing a program requires the assignment of responsibility to a manager or managers, who will then involve more people in the organization as needed to ensure that all aspects of the organization’s activities are evaluated for fraud risks. Note that actual fraud may still occur so the broad process will need a continuous monitoring and assessment component to track effectiveness.

Once a fraud prevention program is in place, it is critical to communicate it to everyone in the organization, from top to bottom. This may involve training or testing, but it will help to inform everyone about the organization’s definition of fraud and expectations about how employees should treat it.

The summary guidelines here address preventative actions. Since fraud is a hidden risk, your enterprise risk management plan should include detection efforts as well as preventative ones.  However, where good preventative controls are in place, managers will get a boost in detection as well as prevention.  For example, training on your fraud risk prevention program may not only deter some fraud, it may encourage honest employees to report what they observe about fraud.

Some Specific Fraud Prevention Controls

The list here is not intended to be exhaustive, but it gives a good overview of some best practices for fraud prevention.

Background screening:
One of the most effective ways to prevent fraud is to exclude people who are higher risks for fraud. Organizations should screen potential employees, employees being considered for important new roles, and outside vendors or partners to the extent possible.

Anti-fraud training:
As we noted above, training is important. It helps to create transparency in the organization’s policy to set expectations and create acceptance of enforcement actions. No employee – at any level – should be exempt from this training.

Performance evaluation:
A common finding in research on organizational fraud is that people who were previously trustworthy commit frauds. Often they rationalize their behavior because of their treatment, e.g., on being passed over for promotion or raises. Sometimes incentive-based payment systems tempt people to pad or cut corners. Performance evaluations have to be correct, fair, and communicated.

Exit interviews:
Employees who leave for whatever reason may have information that can help in both prevention and detection.

Segregation of duties:
This well-known principle is foundational for fraud prevention.

Authority and access:
Specific controls on who is authorized to approve an action as well as policies about access to data are preventative.

Transaction controls:
Violation of internal controls is a common source of fraud. Policies should support continuous monitoring of transactions across the enterprise for immediate identification of inappropriate or suspicious activities.

Auditing:
Both external and internal audits can support fraud control. The professional standards upgrades since Sarbanes-Oxley point strongly to making fraud prevention an important part of audits.

Documentation

The need to document a fraud prevention policy is obvious. In order to maintain, train and replicate the program across time, this documentation is essential. However, it is also useful in two other ways. First, in the event of adverse action on a fraud related issue, it can be important in a legal strategy. Second, if your organization is one of a growing number of entities that applies for Fidelity/Crime insurance, the documentation will be invaluable in the underwriting process.

Fraud prevention as part of a general enterprise risk management plan is an important component of every organization’s management process. Let us help you design an effective fraud prevention program.