Time and time again reports show that when it comes to fraud, the greatest threat is not from outsiders but from insiders. Organizations can be proactive in preventing, detecting, investigating and resolving employee theft and fraud.
LEAD BY EXAMPLE
Senior management and business owners set the example for the organization’s employees. A non-consistent attitude toward rules and regulations by management will more than once be reflected in the attitude of employees. Every employee, regardless of their position, should be held accountable for their actions, so yes that includes top management.
And in all honesty, more than once we have found our initial client contact to be the involved party. It is often management that has the greatest access to fraudulent opportunities and it is more than once that same management that can get away with control overrides.
POSITIVE WORK ENVIRONMENT
Create a positive work environment that encourages employees to follow established policies and procedures and act in the best interests of the organization.
Fair employment practices, written position descriptions, clear organizational structures, comprehensive policies and procedures, open lines of communication between management and employees, and positive employee recognition will all work to reduce the likelihood internal fraud and theft.
I see the importance in my daily practice. Once fraud and/or theft is established and a perpetrator has been identified, more than once the issue of feeling not-recognized is at least part of the motive for stepping across the line.
INTERNAL CONTROLS– Internal controls are designed to ensure the effectiveness and efficiencies of operations, compliance with laws and regulations, safeguarding of assets, and accurate financial reporting (See for instance the COSO model).
The internal controls controls for safeguarding assets and financial reporting require policies and procedures that address amongst others:
- Separation of Duties
No employee should be responsible for both the recording and processing a transaction. I am aware that In New Zealand with a substantial percentage of very small businesses this is sometimes hard. However there are always options and more than once overriding this basic procedure for the sake of practicability has been disastrous.
- Access Controls
Access to physical and financial assets and information and accounting systems should be restricted to authorized employees and its use should be monitored on a regular basis.Start off with simple checks: just ask your employees out of the blue, I need the password of so and so who’s not here today, can anyone help me? You’ll be surprised, or check for the yellow post its on the bottom of the screen or the back of the computer. And where it comes to physical access: more than once actually today I could have nicked all the confidential assets of my client: the person I was supposed to meet was tucked away in the back of the building, the rest of the crew was at a seminar, and me I walked around and saw computers standing open, no one to receive me at the door and access to all offices. Not good.
- Authorization Controls
Policies and procedures addressing the controls to initiate, authorize, record, and review financial transactions.
Internal controls will reduce the opportunity for fraud as a detterent factor and will enhance the efficiency and effectivity of your operations.
EMPLOYEE SELECTION
If you hire dishonest employees you run a risk. Honest employees are an asset to any organization, even one with poor internal controls. However, a dishonest employee will ignore management’s attempts to provide a positive work environment and search for ways to defeat even the most comprehensive internal controls to commit fraud.
It is good to realize upfront that no internal control system is 100% fail safe.
Therefore it is very important to keep dishonest applicants from becoming an employee. A thorough pre-employment background check should include:
- Criminal history for crimes involving violence, theft, fraud, etc
- Civil history for lawsuits involving collections, restraining orders, fraud, etc
- A financial background check (Baynet)
- Driver license for numerous or serious violations especially where driving is part of the job
- Education verification to verify degrees from accredited institutions. By now I receive approximately 20 emails a day offering me different degrees and certifications for sale. You can no longer afford to be just impressed with what you see. A check is a requirement.
- Employment verification to verify positions, length of employment, reason for leaving
EMPLOYEE EDUCATION
Employees should receive information on the policies and procedures related to fraud, the internal controls in place to prevent fraud, the organisation’s code of conduct and ethics policies, and how violations of these policies will be disciplined.
Every employee should sign a form to verify the receipt of this material. On a periodical basis it is recommended that employees receive training on these subject matters.
And before I forget: referring new employees to the companies intranet for further advice without providing them a full package is not a good option top keep them updated. They are an important asset, make education something personal.
REPORTING SYSTEM
If anything, more than once I encounter witnesses saying that they “had this feeling all along that something was not ok. But I didn’t know where to go to to express my concerns and I didn’t want that colleague to become a suspect for nothing”
Every organization should provide a confidential reporting system for employees, vendors, and customers to anonymously report any violations of policies and procedure and even concerns.
Employers should promote and encourage the use of the reporting system. Not just from a reactive point of view but also pro-actively. More than once vices are involved or signs are visible at an early stage, bosses don’t see, colleagues do: make sure they can communicate those concerns.
AUDITS/ASSESSMENTS
Random, unannounced financial audits and fraud assessments are important to identify new vulnerabilities and measure the effectiveness of the controls in place.
In addition to gathering important business intelligence through audits and assessments; it will deliver a strong message to employees that a pro-active stance in respect of fraud is a priority
INCIDENT INVESTIGATION
A thorough and prompt investigation of policy and procedure violations, allegations of fraud, or the warning signs of fraud will provide management with the facts necessary to make informed decisions and reduce losses.
And again it send a strong message to the internal organization that these things are taken seriously.
APPROPRIATE PUNISHMENT
Employees who are identified as committing fraud and theft should receive appropriate punishment for their misdeeds. A failure to do so leaves an impression that the only risk for this conduct is termination. At all times it is recommended that recovery of damages including the costs of investigation, litigation or prosecution is sought.
This post was previously posted at the Dierckx & Associates Blog. I believe, based on current experiences that it is still current.