Fraud is a black hole for every company in the world. According to statistics, around 5% of companies’ revenues go to fraud. This negatively affects companies’ profits. Companies generally do not take precautions or preventive measures until they face fraud. Unquestionably, it is important to detect fraud, but ideally, companies should aspire to avert fraud before it happens. In other words, preventive medicine is preferred over performing an autopsy on a dead body. Essentially, we should make the fraudster’s job very difficult. Companies and organizations should be on alert for fraud risks.
There are five basic steps and strategies for companies to prevent fraud.
Internal control system
The first thing companies must do is establish an internal control system to prevent and detect fraud. Internal control means “taking under control,” not “checking.” Control points should be placed in every business process of the company, which enables easier detection and prevention of fraudsters.
Internal control is also a managerial tool that significantly inflates the quality of management. Properly designed, internal control structures increase both efficiency and effectiveness in organizations. Examples of good practices include:
Clarifying duties, authorities, and responsibilities
Creating acceptance of ethics throughout the organization
Increasing the quality of decision-making processes by producing data, information, and knowledge in a healthy and accurate manner, and by delivering the right information to the right people at the right time
Reducing losses with effective risk management
Protecting from legal risks and protecting reputation by full compliance with internal and external regulations
There are fundamental steps to take to establish a solid and tight internal control system:
Ensure duties are segregated
Identify the risks
Develop policies and procedures
Perform reconciliations regularly
Review and approve processes and transactions
Maintain adequate supporting documentation
If an organization has no internal control, it leaves that entity open to theft, embezzlement, and liability. If there are no internal operations controls, then there is no control over cash flow, profitability, sustainability, etc.
The second step is undoubtedly an internal audit. It is an independent, objective assurance and consulting activity that helps with risk management, internal control, and corporate governance. Internal audits contribute to the adaptation of accountability in organizations. A strong internal audit function is a deterrent force in front of fraud. Many big companies have this function, but even mid- or small-sized companies should conduct internal audits.
But why are internal audits important? In the first step, I mentioned internal control is a foundation we must establish to prevent fraud. An internal audit will tell a company if its internal control is running effectively or not. Conversely, an internal audit can tell a company which areas are at fraud risk and which areas should be stronger. Internal audits play a key role in developing a system of fraud indicators, so suspicious activities are flagged and investigated. Internal audits can do this for past and future transactions or processes. Therefore, our second important step is setting up an internal audit function. It should directly report to and consult with a company’s executive team. It should be independent and objective, and the internal audit staff should be experienced enough to detect and prevent fraud.
The third step is just as important as the previous two. In fact, it is perhaps the most essential: an ethics line. In order to fight fraud effectively, organizations should set up an ethics line. We know tips and whistleblowing are among the best tools to detect and prevent fraud. According to an Association of Certified Fraud Examiners (ACFE) report to nations, almost half of all occupational fraud cases in the world are detected and discovered by ethics lines.
To have an effective ethics line, all employees should be trained about the process and encouraged to talk if they see something unethical around them. Organizations should further reward sources for speaking up and catching unethical behavior.
Ethics lines implemented based on internal and external irregularities become key within the framework of fighting fraud in a company, since their existence triggers the detection of irregularities within large corporations.
The fourth step to preventing fraud is to have an ethical corporate culture. Corporate culture represents the personality of an organization and its shared beliefs, values, and behaviors: in other words, the way things are done and its explicit and implicit rules. Accordingly, training is a crucial aspect of building a solid corporate and ethical culture. Awareness affects all employees, and it is critical in the fraud fight. Employees should be aware of the fraud-risk policies and procedures, including fraud types and associated consequences. Periodic in-house seminars and training will create awareness among employees.
When corporate leaders value integrity, behave ethically, and respect the organization’s regulatory compliance requirements, employees of the business are more likely to adopt similar attitudes.
One other essential element of corporate culture is upper management’s response to fraud cases. Management should be clear about fraud when such cases come to their desk. Simply dismissing fraudsters from their positions and cutting ties isn’t enough. Companies should seek to prosecute fraudsters in court to set an example.
The final step is data analytics. The second-most-effective solution in the fight against fraud is simultaneous control and continuous auditing systems. In this way, the operational control of employees, as well as the financial control of all business transactions, is possible. There are systems that continuously audit, analyze, and cross-examine the data produced from critical areas that are at risk of fraud. The simplest way to do this is by using Excel spreadsheets. However, there are more sophisticated software options dedicated to this task. When company boards see the benefits of continuous auditing by data analytics, they appreciate the results. These tools, integrated with a company’s data management system, help internal auditors or fraud examiners analyze all the operational and financial data.
Moreover, continuous auditing using data-analytic tools is always on. Within the defined parameters, they work at all times. When decision-makers implement these tools in their organization, they are instantly warned about suspicious activities.
If these five strategies are implemented together, companies can establish a solid fraud-prevention mechanism. It is not possible to reduce fraud to zero. The best thing we can do is to set up barriers and mitigate fraud risk to a minimum.
As long as we work with human beings, reducing fraud to zero is impossible, but we have strong tools to mitigate it as much as possible.
Initial strategies to combat fraud should be establishing an internal control system, recruiting a robust internal audit unit, and shaping corporate culture.
Setting up an ethics line, that influences the moral judgment of employees and stakeholders, can be the “eyes and ears” of the internal control system.
Automating the validity and conformity of company operations and transactions with a continuous monitoring system makes the fraud fighter’s job easier.
The tone at the top and the level of commitment to honesty and integrity by management are crucial aspects of fighting fraud.