8th November 2017 | Fraud Management | by Dr Alexander Schuchter
“Naturally, there was also a break up in the family.”
Statement by a convicted former manager | personal interview
Fraud experts use numerous synonyms for the term “Fraud Management”. Some of the most common synonyms include “Anti Fraud Management”, “Fraud Risk Management” and “Forensic Services”.
“Internal audit” and “Compliance” are also often used in this connection.
Companies should implement Fraud Management before the horse bolts! In cases where Fraud Management is not activated in time, I have observed the following:
As soon as an anomaly turns out to be a case of severe fraud, the first reaction is disbelief. This is closely followed by panic. People react rashly – often entailing more costs than the fraud itself. Whether from a tarnished reputation due to insufficient planning or a lack of expertise, or from procuring forensic services at inflated prices, or from other “horseplay”.
The rule of thumb: The sooner you build up defences, the better! Fraud Management requires ongoing development and comprehensive professional expertise.
What is Fraud Management?
Definition of Fraud Management
Fraud Management means handling fraud in accordance with economic considerations. It embraces all measures for preventing, detecting and reacting to fraud. It also involves optimising systems and dealing with any damage.
The words “fraud” and “fraudulent” come from the Latin word “fraus”, which means deception. Fraud is a conscious action or intentional omission, designed to deceive others.
Fraud Management covers all categories of fraud which are relevant in the business world – including external and internal fraud. External fraud is an attack from outside of the company, e.g. CEO fraud or espionage, generally consists of
- false identities and manipulated documents,
- externally caused property crimes (including theft of intellectual property) and
By contrast, internal fraud such as misuse of company property or manipulated accounts is often referred to as “occupational fraud”. This includes:
- manipulating accounts – also known as Financial Statement Fraud,
- asset misappropriation committed by persons within the company and
Why is Fraud Management important?
Hugely underestimated risks
Some ten years ago – before I started working in earnest in the field of fraud – I asked myself which organisations were actually affected by fraud. Today, I ask myself – who is NOT affected by fraud, and could be the next victim? Are you one step ahead of the offender?
Perhaps surprising: by international comparison, Western Europe suffers above-average losses! The most recent ACFE report cites losses of $263,000 per case. Thus we have the dubious honour of ranking second (out of nine) on a global scale.
The personal liability risks for senior managers and executives in the event of bad Fraud Management are massively underestimated. Experience shows that in a court of law, the question of whether an effective Fraud Management system was implemented plays a key role for sentencing. Effective Fraud Management helps to build a strong reputation for the company and can also further one’s own career prospects.
Many of the companies I know have realised that Fraud Management can – and needs to – be far more than just meeting minimum statutory requirements.
Fraud Management on a growth curve
Recent years have shown a clear trend:
- Between 1st January 2005 and 1st January 2010, a search on Google.ch listed 4670 entries for “Fraud Management”. Five years later, the number of hits had soared to 26,200. This represents a rapid increase of more than 500%!
- Increasingly, in-house auditors are being given forensic tasks. Compliance Management is booming. Major companies are establishing Fraud Units for the first time.
- Forensic Services have become one of the fasting growing fields of business in the Big 4 … and one of the most important.
- Small accounting firms and business consultants are now offering Fraud Management services for the first time etc.
Why such growth? Regulations? Not just.
My practical experience: people have realised that good Fraud Management is a major success factor in all fields of business, and provides a competitive advantage.
Who is responsible?
When I ask who is responsible for ensuring effective Fraud Management, I often hear the answer “the chartered or public accountant”. Although I’m no longer surprised by this answer, it still leaves me speechless. This is a dangerous misconception – but sadly very widespread. In auditing, there’s even a special term for this misunderstanding: „expectation gap“.
False expectations of public accountants
A public accountant is responsible for determining with reasonable assurance or certainty whether or not the accounts contain any essential errors. Nothing more. Nothing less. The focus is strongly restricted to the financial statements. Public accountants do not require fraud expertise for their work. From my own experience as a former public accountant for a Big 4, I know that they do not have fraud expertise. Fraud Management is not their job, and not their responsibility!
An example: Public accountants work with so-called “materiality thresholds”. So long as individual fraud amounts fall beneath this threshold, a public accountant will neither question nor investigate them.
Management & supervisory boards are liable
So who is responsible? Who can be called to account – under employment law, criminal law and civil law? People often underestimate the fact that personal liability is not restricted to the offender – the management and supervisory bodies are also liable. The reason why: the primary responsibility for the prevention and detection of fraud rests with management and those charged with governance of the company!
In recent years, a clear trend can be seen in court cases: senior managers and executives increasingly being sentenced for having neglected to implement suitable preventative measures.
Besides avoiding legal consequences, this will also save you from immediate dismissal, career “hiccups” and personal loss of trust and reputation.
How does it work?
Any and every organisation can become a victim of fraud. It is impossible to completely eliminate all fraud risks. And in fact, even reducing them to an absolute minimum frequently doesn’t make economic sense. To achieve an acceptable level of risk, regular “fraud risk assessments” can be useful. Fraud Management is cost-effective so long as the costs incurred for staff, training and resources do not exceed the potential financial damage caused by fraud.
Fraud Management involves 3 processes:
- Detection and
In business practice, I generally find that people unanimously agree that the best way to deal with fraud is to prevent it from happening in the first place. Although preventative measures have gained in importance following the major fraud scandals of recent years, many companies still have much potential for development in this area. The offenders I have interviewed personally agree with this assessment. This reluctance is generally due to a huge underestimation of the risk of personally falling victim to fraud.
My experience: once the horse has bolted, it’s too late for prevention measures.
Folgende Themen werden mit Prävention in Zusammenhang gebracht:
- deploying resources in a targeted manner
- corporate culture, integrity, fairness, appreciation
- a culture of compliance, code of conduct, guidelines
- signature procedures, access restrictions
- effective controls and deterrents
- clearly communicated fields of responsibility
- state regulation without excessive regulation
- “tone at the top” and “tone from the top”
- mindful management, competent supervisory bodies
- sensitisation, anti-fraud training courses
- ongoing development of Fraud Management
- external and neutral experts
At the first rumour of fraud – if not sooner – Fraud Management is responsible for the detection process. New technology plays an important role here. The process consists of techniques which aim to provide clarity, fully identify fraudulent behaviour and furnish evidence for such – from rumours through to specific offences. Typical examples include whistleblower systems (whistleblower hotline), proactive controls and data analyses.
I frequently observe that one important effect is sadly neglected in practice: controls which run invisibly in the background cannot have a deterrent effect! Deterrents, however, are a highly efficient instrument! Contrary to popular opinion, they do not spawn a “climate of fear”. On the contrary – they convey values such as fairness, transparency and integrity.
Fraud accusations, allegations or suspicions should be investigated, at the same time safeguarding any evidence which could be used in a court of law. Clear internal reporting paths should also be determined. Confidentiality and discretion are essential in this process. The question sometimes arises as to external communication: how much should the media, prosecution, supervisory bodies, investors, employees be told, and how should such information be shared? Mistakes in this area can be highly awkward.
Forensic investigations can quickly gain impetus and become very expensive. So regular checks need to be made to ensure they do not grow out of proportion. From the start, all persons involved – from forensic experts through to lawyers – need to pull together. Careful planning can help limit extensive damage.
Key players in Fraud Management!
Those who hold office within a company are often confronted with Fraud Management or fraud. Most people underestimate the level of expertise required by persons in certain positions of authority if they are to perform certain tasks effectively. This applies in particular to:
- Supervisory bodies: top “Fraud Managers” with primary responsibility and supervisory roles
- C-suite and executives: top “Fraud Managers” with primary responsibility and decision-making powers, role model function
- Internal auditors: prevention, assessment, detection, reaction, recommendations
- Compliance Officers: prevention, reaction, compliance with the law, guidelines, integrity
- HR Officers: prevention, professional development, sensitisation, background checks
- Risk Officers: detection, analysis, assessment, fraud risk management
- Crisis managers and safety managers: reaction, handling cases of fraud
- In-house lawyers: supporting legal procedures
- IT experts: prevention, detection, reaction, evaluation
- Analysts: monitoring, in-depth fraud analyses
- Risk Controllers: planning, detection, key performance indicators, fraud reporting
- Chartered or Public Accountants: professional skepticism
As you may imagine, the areas of responsibility for the different offices can vary in different companies.
Services connected with Fraud Management, also known as Forensic Services, are amongst the services which are most frequently procured externally. As with IT services, procuring the professional external support of a fraud expert is generally well worth the expense.
Providing Best Practice checklists for Fraud Management would be to lull people into a false sense of security. Because depending on the area and the way processes play out in practice, the efficacy of the various measures varies. Moreover, the existing Fraud Management and the interplay of various factors will also vary strongly from organisation to organisation. Nonetheless, there are certain basic principles which are vital for good Fraud Management.
The correct attitude: “Let’s talk about …fraud”
The most important precondition for the efficacy of Fraud Management is developing a corporate culture in which employees can talk openly about fraud. Those in management positions need to act as role models, and promote such openness.
One case from my professional experience: Some time ago, I had a lively discussion with the CFO of a respected organisation. He was convinced it was better for employees not to talk about fraud. After all and according to him, there had NEVER BEEN A CASE OF FRAUD IN THIS COMPANY … Sadly, this was our last discussion. Shortly afterwards, he lost his job and his professional reputation due to a case of CEO fraud (also known as “Social Engineering”). The company suffered considerable financial damage. He disappeared completely from my radar.
The reason for “NEVER HAVING HAD A CASE OF FRAUD” was obvious: “See no evil! Hear no evil! Speak no evil!”
If your employees don’t know about fraud, they won’t be able to
- recognise fraud in daily business practice,
- actively shape fraud prevention procedures,
- uncover fraud during control procedures and
- respond appropriately to cases of fraud.
Don’t forget: people don’t reckon on getting caught! So mindfulness – which also means being open for what you might encounter – is central in Fraud Management. This will enable you to recognise anything unexpected at an early stage and take action effectively.
Last but not least
The most important step you can take if you are in a management position and need to set an example to your employees is to take the initiative! Don’t let the fraudster make the first move. Always be one step ahead!
Effective Fraud Management, in other words, doesn’t just ward off severe consequences – it can turn out to be a success factor in its own right! The management process extends from prevention through to detection through to reaction. Leadership functions play a key role and also bear the responsibility. Do something before fraud does – don’t leave your professional career to chance!
© Content protected by copyright