11th September 2018 | Fraud Prevention | by Dr Alexander Schuchter

“The controls do not work. You can report a faked up story… the opportunity was given, I did not want to do it but I had to do it… The organisation is a nice one but there are leaks everywhere.”

Statement by a fraudster | personal interview


Which methods of FRAUD PREVENTION work? Such as to prevent any recurrence of fraud? How can I assess the risk of fraud?

 

Unbelievable but true – independent studies show that 5% of turnover is lost every year to fraud. The damage caused is both material and immaterial.

THE BAD NEWS: prevention measures that prove highly effective for one company may not have the same effect in another setting! This is due to reciprocal effects which numerous studies have enabled me to identify.

THE GOOD NEWS: Some fraud prevention measures work (virtually) everywhere. Deployed in a targeted manner, a handful of these can have a big effect.

The complexity of fraud prevention is something that hits me again and again. So condensing such a diverse field into one brief article is naturally challenging. Nonetheless, I have succeeded in summarising 8 RELEVANT KEY POINTS:

Clear anti-fraud goals

Good Corporate Governance

Anti-fraud goals need to be aligned to your specific corporate strategy. According to the Swiss Code of Best Practice, Corporate Governance encompasses all of the principles aimed at safeguarding sustainable company interests.

Questioning of systematics

Fraud prevention has to be tailored to the specific level of risk you are willing to accept in your company or department. This will depend on your Code of Conduct, anti-fraud guidelines and other guidelines, and your company’s public image. Next, the content needs to be communicated in a comprehensible manner.

One observation from my own management experience: getting new employees to sign a Code of Conduct as part of the recruitment procedure falls short of the mark; a typical offender will have been working in your company for a decade. So this approach is often completely ineffective.


CAUTION:
fraud affects all industries. Current statistics indicate that the average damage per fraud case in Western Europe totals USD 200,000. And the more senior the offender, the higher the damage. Accordingly, fraud prevention has a direct impact on the success of a company.

Effective prevention measures

Depending on the respective situation and setting, the approach chosen to combat fraud will differ. People often fail to realise that recommending specific prevention measures depends largely on the type of fraudster.

Measures depending on the type of fraudster

A MNEMONIC AID: everyone knows that vaccinations protect against disease. But different vaccinations are required for different diseases.

When dealing with a fraudster of the “white-collar victim” type, tried and trusted measures such as the

  • segregation of duties,
  • signature rules,
  • four-eyes principle etc.

have proven effective.

However, this type of fraud prevention is totally ineffective when dealing with a “pin-striped predator”. Such offenders see straight through conventional controls and can easily manipulate public accountants and regulatory bodies with little experience in fraud.

In-depth insider knowledge is required in order to counter the predator’s belligerence and his complex methods of concealment.

Bundle of Measures

EXPERT TIP: Don’t waste valuable time searching for one single blanket solution! Our analysis of just 12 interviews with convicted offenders yielded more than 400 prevention measures. The impact of any given measure will vary, depending on the type of offender and the respective situation.

So basically, ideal fraud defense and investigations will always include a range of measures, tailored specifically to the type of fraudster in question. Experts who know which types of fraudsters they’re looking for can help companies to develop targeted protection accordingly. This approach is far more efficient.

Organisational structures & skills

The organisational structure should be developed on an ongoing basis. In order to prevent fraud, areas of responsibility should not overlap. Duties and areas of responsibility should be kept clearly separate – even in smaller companies.

Ideally, your company should

  • ensure that the division of tasks and duties is recorded clearly in writing, and
  • have a dedicated anti-fraud task force or officer.

Assigning responsibilities accordingly is another area which should not be neglected. Regulating the division of tasks and areas of responsibility is a key step on the road to effective fraud prevention.

Fraud Risk Assessments

Fraud Risk Assessments are another cornerstone when dealing with fraud. Such assessments, which should ideally be repeated periodically, help to identify vulnerable areas.

Besides assessing the level of risk, they also assess the potential impact. Such assessments also include a specific evaluation of the efficacy of existing internal control systems. A Fraud Risk Heat Map can help by visually highlighting sources of danger. Following the assessment, each company needs to choose whether to accept, reduce, eliminate or outsource the risk.

Naturally, there is always a danger of overlooking key risk areas or failing to account for some business field.

To make sure this does NOT happen to you: you should classify risk separately for each potential group of offenders. This is the procedure recommended by the “Fraud Risk Management Guide” (Chartered Institute of Management Accountants).

Mechanisms for early detection

Widely known, the “Fraud Triangle is the instrument most commonly associated with early detection. This says that fraud is committed when the following 3 elements merge:

  • opportunity,
  • motivation and
  • rationalisation.

Numerous accounting standards are based on the Fraud Triangle, and its significance is uncontested. However, in day to day management, the reality is often far more complex, and CANNOT be condensed into 3 elements. Additional mechanisms for early detection are required.

And in fact there are a whole range of tools which send out warning signals to show where there is increased risk. The discipline of “Red Flagging Management” is a recent addition, but contains numerous useful tools. As early detection can often help to prevent the worst, qualified expertise is of the essence to ensure it is implemented in an effective manner.

TIP: Benford’s Law is one example of a useful tool. Requiring little more than Excel and a few mouse clicks – wholly without the need for expensive software – series of numbers can be checked against this mathematical law, and anomalies and dubious results can be identified quickly.

Raising awareness effectively

Tone from the top

In day to day business life, the fact that suspected or proven fraud is taken seriously is rarely communicated with sufficient zeal. Immediate colleagues become aware of fraud very quickly.

But employees should never be left with the impression that too little action is being taken. Failure to communicate such action is tantamount to promoting a “self-service” mentality. To uphold employee morale and set the right “tone from the top”, a zero tolerance attitude towards fraudulent behaviour must be clearly communicated.

Expert advice: Calling in an external professional is one of the best ways to underscore this aspect. Employees welcome an unbiased, neutral verification of the facts. “Something is being done at last!” is a sentence I often hear in this context.

Controls as Fraud Prevention

I was not always aware of just how effective control checks can be in fraud prevention. It was only after talking in depth to convicted fraudsters that I realised the connection: control checks will only act as deterrents if they are actively perceived as control checks.

If you conduct your checks quietly and unobtrusively in the background and nobody knows they’re happening, they will not act as deterrents and hence have no preventive value.

PRACTICAL ADVICE: Tell your employees that control checks are being conducted, and why! According to the convicted offenders I have interviewed, it is extremely important to communicate the fact that qualified fraud experts are at work (and not just the chartered accountant).

Developing a Response Plan

The risk of fraud can be greatly reduced by taking effective steps – but it cannot be eliminated entirely. So an Intervention Plan is always a meaningful criteria of fraud prevention.

This emergency plan details a systematic and structured course of action. In an emergency, it accelerates the response time and thus protects the company from cover-up, financial losses and loss of reputation.

TIP: In order to respond swiftly if the worst comes to the worst, it helps to know the different types of danger and fraudsters. This makes it easier to spot the clues, recognise patterns and protect the organisation in a targeted manner.

 

In order to keep damage to a minimum, it can also help to appoint a crisis committee. A professional communication strategy should create a clear division of duties within such a committee. Because under certain circumstances, external communication may also be required – with law enforcement authorities, for example.

In auditing standard no. 5, one of the recommendations made by the DIIR is telephone lists with the respective availabilities and an internal emergency phone number.

Professional reporting

Forensic reporting is not the same as conventional reporting. This is because forensic investigations have their own peculiarities.

Assessing the effort correctly

One of the greatest challenges is to ensure the report contains appropriate recommendations that will prevent a recurrence of fraud. And making the requisite recommendations requires qualified expertise and, above all, insider knowledge.

PRACTICAL ADVICE: Unlike a conventional auditing report, a forensic report cannot fall back on boilerplate text modules. As a result, they’re more work. Make sure you plan in sufficient time for writing up the report – particularly if it will be needed in court.


CAUTION:
 Forensic reports must be kept strictly confidential. All files should be password protected.

Report content and assessment

Amongst other things, a professional report will contain findings, evidence and recommendations:

  • calculation of the damage,
  • asset tracing and recovery,
  • evaluation of existing weak spots,
  • identification of the circle of offenders,
  • „lessons learned“ & fraud prevention,
  • predictive analytics & risks etc.

IMPORTANT: Investigations and future defensive measures are often not judged on WHAT is uncovered and recommended, but on HOW it is presented.

Last but not least

FRAUD PREVENTION is more important and challenging than it appears at first glance. Each of the 8 criteria stand or fall according to the abilities of the professionals involved. Ideally, an expert will have the required forensic expertise and insider knowledge, and can channel this knowledge into effective prevention measures. The more effective such measures, the lower the risk of fraud.

Some don’t start thinking about fraud prevention until it’s too late and the damage has been done. Implementing lessons learned the hard way can take an incalculable amount of time. And once the horse has bolted, it’s virtually impossible to check recommendations or assess risk in an unbiased manner.

Planning and checking is far more reliable if in-house knowledge is supplemented with impartial, external expertise.

© Content protected by copyright

Dr. Alexander Schuchter

I have been working in forensic since 2008 – but not as a fraudster! As Managing Director of Schuchter Management GmbH, I support executives and companies.

Contact us!

Further contributions