According to the 2015 Fraud Examiner’s Manual (“the Manual”), a fraud prevention program encompasses specific policies and procedures set in place by management that will reduce the likelihood of fraudulent activity and increase the possibility of detecting such an occurrence in the future.
Reputational risk, loss of trust by investors and creditors and public embarrassment are important considerations in adopting such a program. In order for a fraud prevention program to be effective management must be receptive to change and have an appreciation for the impact it can have on the bottom line results.
The policies and procedures of a fraud prevention program should be tailored to the unique aspects of a business, but should also include the following:
- Increased Perception of Detection: A tailored system of internal controls that are implemented and monitored at all levels of an organization are the foundation of an effective fraud prevention program. Increasing the perception of detection, however, will deter those who may be thinking of committing fraud. The Fraud Examiners Manual suggests an increase in perception is accomplished through the use of “proactive audit policies, employee anti-fraud education, enforcement of mandatory-vacation and job-rotation policies, strong management oversight, and effective reporting programs.”
- Use of Proactive Audit Procedures (e.g., surprise audits, analytical review, and fraud risk inquiries): The use of internal audit and surprise inspection procedures can serve to demonstrate “management’s intention to aggressively seek out” fraudulent activity, the manual states. Analytical procedures consisting of trend analysis, key performance indicators, and operational metrics can serve to validate the results of operations and provide a basis for further investigation of anomalies and surprise variances. Fraud risk inquiries should also be conducted periodically of staff to determine their attitude toward and awareness of fraudulent behavior.
- Employee Anti-Fraud Education: According to the Manual, an organization should have a policy for educating existing employees and those newly hired about fraud and the importance of prevention and detection. The topics should include what fraud is and is not; how fraud can hurt the organization; how fraud can hurt the employees and its owners; who is likely to perpetrate fraud; how to identify fraud (e.g., financial, transactional and behavioral red flags); and how to report fraud and the consequences of committing fraud (termination and/or prosecution). Training may involve live instruction, pre-recorded audio and video, or self-study material.
- Enforcement of Mandatory Vacations: A policy of mandatory vacations may serve to prevent fraud from occurring or perpetuating in an organization.
- Job Rotation Policy: The Manual suggests that many reported fraud cases involve situations where an employee took time off (voluntary or not) from work and was unable to perpetuate a fraud scheme. Periodic job rotations can serve to prevent and increase the likelihood of detection.
- Reporting Programs: Establishing a system whereby employees can confidentially report suspicious behavior or actual fraud activity is a key element of a fraud prevention program. Some companies utilize internal or external hotlines to report observations anonymously.
- Background Checks: Background checks should be performed for all newly-hired employees or those elected to serve as members of the board. Periodic updates should also be performed for those individuals whose roles and responsibilities have changed and/or have been granted access to sensitive data or company resources. Drug screening and reference checks should also be utilized, including verification of previous employment history and education data.
- Performance Management and Measurement: Employees at all levels within an organization must be provided with clear descriptions of their roles and responsibilities. Performance metrics should also be established to monitor progress and results.
- Handling of Known Fraud Incidents: Anti-fraud education is a key component of any fraud prevention program, the Manual states. A zero-tolerance policy must be explicitly communicated. When fraud incidents occur, specific steps should be taken internally and externally to punish those involved, including filing police reports.
- Minimizing Employee Pressures: A well-designed internal control structure that segregates duties, serves to deter pressures that perpetrators feel to commit fraud. An open-door policy, where employees can discuss concerns, can also serve to prevent fraudulent behavior.
- Fraud Prevention Policy: A written fraud prevention policy that outlines the procedures and individuals responsible for implementing the policy should be communicated. The Manual suggests the scope of the policy address actions that constitute fraud, non-fraud irregularities, investigation responsibilities, confidentiality, reporting procedures, and termination. The policy should be shared as part of the anti-fraud education for all existing and newly-hired employees.
- Ethics Program: A written ethics policy should be adopted and communicated as part of the anti-fraud education for all existing and newly hired employees.
Sources & Reference: Association of Certified Fraud Examiners – Fraud Examiners Manual 2015 Section 4.601 to 4.645