11th September 2018 | Fraud Prevention | by Dr Alexander Schuchter
Which methods of FRAUD PREVENTION work? Such as to prevent any recurrence of fraud? How can I assess the risk of fraud?
Unbelievable but true – independent studies show that 5% of turnover is lost every year to fraud. The damage caused is both material and immaterial.
THE BAD NEWS: prevention measures that prove highly effective for one company may not have the same effect in another setting! This is due to reciprocal effects which numerous studies have enabled me to identify.
THE GOOD NEWS: Some fraud prevention measures work (virtually) everywhere. Deployed in a targeted manner, a handful of these can have a big effect.
The complexity of fraud prevention is something that hits me again and again. So condensing such a diverse field into one brief article is naturally challenging. Nonetheless, I have succeeded in summarising 8 RELEVANT KEY POINTS:
Clear anti-fraud goals
Good Corporate Governance
Anti-fraud goals need to be aligned to your specific corporate strategy. According to the Swiss Code of Best Practice, Corporate Governance encompasses all of the principles aimed at safeguarding sustainable company interests.
Questioning of systematics
Fraud prevention has to be tailored to the specific level of risk you are willing to accept in your company or department. This will depend on your Code of Conduct, anti-fraud guidelines and other guidelines, and your company’s public image. Next, the content needs to be communicated in a comprehensible manner.
CAUTION: fraud affects all industries. Current statistics indicate that the average damage per fraud case in Western Europe totals USD 200,000. And the more senior the offender, the higher the damage. Accordingly, fraud prevention has a direct impact on the success of a company.
Effective prevention measures
Depending on the respective situation and setting, the approach chosen to combat fraud will differ. People often fail to realise that recommending specific prevention measures depends largely on the type of fraudster.
Measures depending on the type of fraudster
A MNEMONIC AID: everyone knows that vaccinations protect against disease. But different vaccinations are required for different diseases.
When dealing with a fraudster of the “white-collar victim” type, tried and trusted measures such as the
- segregation of duties,
- signature rules,
- four-eyes principle etc.
have proven effective.
However, this type of fraud prevention is totally ineffective when dealing with a “pin-striped predator”. Such offenders see straight through conventional controls and can easily manipulate public accountants and regulatory bodies with little experience in fraud.
In-depth insider knowledge is required in order to counter the predator’s belligerence and his complex methods of concealment.
Bundle of Measures
So basically, ideal fraud defense and investigations will always include a range of measures, tailored specifically to the type of fraudster in question. Experts who know which types of fraudsters they’re looking for can help companies to develop targeted protection accordingly. This approach is far more efficient.
Organisational structures & skills
The organisational structure should be developed on an ongoing basis. In order to prevent fraud, areas of responsibility should not overlap. Duties and areas of responsibility should be kept clearly separate – even in smaller companies.
Ideally, your company should
- ensure that the division of tasks and duties is recorded clearly in writing, and
- have a dedicated anti-fraud task force or officer.
Assigning responsibilities accordingly is another area which should not be neglected. Regulating the division of tasks and areas of responsibility is a key step on the road to effective fraud prevention.
Fraud Risk Assessments
Fraud Risk Assessments are another cornerstone when dealing with fraud. Such assessments, which should ideally be repeated periodically, help to identify vulnerable areas.
Besides assessing the level of risk, they also assess the potential impact. Such assessments also include a specific evaluation of the efficacy of existing internal control systems. A Fraud Risk Heat Map can help by visually highlighting sources of danger. Following the assessment, each company needs to choose whether to accept, reduce, eliminate or outsource the risk.
Naturally, there is always a danger of overlooking key risk areas or failing to account for some business field.
Mechanisms for early detection
Widely known, the “Fraud Triangle“ is the instrument most commonly associated with early detection. This says that fraud is committed when the following 3 elements merge:
- motivation and
Numerous accounting standards are based on the Fraud Triangle, and its significance is uncontested. However, in day to day management, the reality is often far more complex, and CANNOT be condensed into 3 elements. Additional mechanisms for early detection are required.
And in fact there are a whole range of tools which send out warning signals to show where there is increased risk. The discipline of “Red Flagging Management” is a recent addition, but contains numerous useful tools. As early detection can often help to prevent the worst, qualified expertise is of the essence to ensure it is implemented in an effective manner.
Raising awareness effectively
Tone from the top
In day to day business life, the fact that suspected or proven fraud is taken seriously is rarely communicated with sufficient zeal. Immediate colleagues become aware of fraud very quickly.
But employees should never be left with the impression that too little action is being taken. Failure to communicate such action is tantamount to promoting a “self-service” mentality. To uphold employee morale and set the right “tone from the top”, a zero tolerance attitude towards fraudulent behaviour must be clearly communicated.
Controls as Fraud Prevention
I was not always aware of just how effective control checks can be in fraud prevention. It was only after talking in depth to convicted fraudsters that I realised the connection: control checks will only act as deterrents if they are actively perceived as control checks.
If you conduct your checks quietly and unobtrusively in the background and nobody knows they’re happening, they will not act as deterrents and hence have no preventive value.
Developing a Response Plan
The risk of fraud can be greatly reduced by taking effective steps – but it cannot be eliminated entirely. So an Intervention Plan is always a meaningful criteria of fraud prevention.
This emergency plan details a systematic and structured course of action. In an emergency, it accelerates the response time and thus protects the company from cover-up, financial losses and loss of reputation.
In order to keep damage to a minimum, it can also help to appoint a crisis committee. A professional communication strategy should create a clear division of duties within such a committee. Because under certain circumstances, external communication may also be required – with law enforcement authorities, for example.
In auditing standard no. 5, one of the recommendations made by the DIIR is telephone lists with the respective availabilities and an internal emergency phone number.
Forensic reporting is not the same as conventional reporting. This is because forensic investigations have their own peculiarities.
Assessing the effort correctly
One of the greatest challenges is to ensure the report contains appropriate recommendations that will prevent a recurrence of fraud. And making the requisite recommendations requires qualified expertise and, above all, insider knowledge.
CAUTION: Forensic reports must be kept strictly confidential. All files should be password protected.
Report content and assessment
Amongst other things, a professional report will contain findings, evidence and recommendations:
- calculation of the damage,
- asset tracing and recovery,
- evaluation of existing weak spots,
- identification of the circle of offenders,
- „lessons learned“ & fraud prevention,
- predictive analytics & risks etc.
IMPORTANT: Investigations and future defensive measures are often not judged on WHAT is uncovered and recommended, but on HOW it is presented.
Last but not least
FRAUD PREVENTION is more important and challenging than it appears at first glance. Each of the 8 criteria stand or fall according to the abilities of the professionals involved. Ideally, an expert will have the required forensic expertise and insider knowledge, and can channel this knowledge into effective prevention measures. The more effective such measures, the lower the risk of fraud.
Some don’t start thinking about fraud prevention until it’s too late and the damage has been done. Implementing lessons learned the hard way can take an incalculable amount of time. And once the horse has bolted, it’s virtually impossible to check recommendations or assess risk in an unbiased manner.
Planning and checking is far more reliable if in-house knowledge is supplemented with impartial, external expertise.
© Content protected by copyright