We often only associate fraud with human resources when we think of what happens after fraud is discovered. However, a solid human resource plan from entrance to exit can not only minimize the likelihood of fraud occurring, but it can also lessen the effects of fraud after it occurs.
What is your organization’s potential for fraud?
Prevent Fraud Before It Happens with Better Hiring Practices
Hiring new employees can be a long and grueling process. However, there are steps that can be taken to make this process easier and more effective. Background checks allow businesses to make confident hiring decisions and avoid fraudulent candidates or negligent hiring. Placement services make the hiring process easier as well, as many businesses have positions to fill but do not have the time or skills necessary to focus on recruiting, reviewing resumes, and scheduling and conducting interviews. A deeper look into these human resources topics can provide insight on the many issues that may arise during the process of hiring.
The following are recommendations for vetting potential candidates during the pre-employment hiring process to avoid becoming the next victim of fraud or embezzlement:
Although these recommendations are essential in mitigating embezzlement and fraud risks, your organization should follow its hiring policy. If your hiring policy hasn’t been updated in several years, consider working with an employment attorney to review and update your policy manual to today’s standards.
The hiring process is an important step in fraud prevention because fraud doesn’t happen if people aren’t involved. The next step in preventing fraud is to ensure your organization has the proper checks and balances over its cash receipts, cash disbursements, payroll and all other assets. Your organization’s internal controls are only as good as its weakest link, so be sure to review and monitor your internal controls on a periodic basis.
Fraud prevention begins with ensuring proper internal controls.
LEARN HOW TO REDUCE YOUR FRAUD RISK
Mitigate Risk by Having a Whistle-Blower Hotline
The Sarbanes-Oxley Act of 2002 requires publicly traded companies to provide a confidential way for employees to report fraudulent and wrongful behavior. The American Institute of Certified Public Accountants (AICPA) recommends that all organizations implement a whistleblower system for reporting wrongdoing, regardless of whether the organization is publicly traded or not. Why? Simply put, all businesses—large and small—are at risk from both intentional ethical and legal violations, as well as unintentional mistakes that may not be easy to report.
Utilizing a fraud hotline can be beneficial in many ways. Not only can fraud hotlines prevent fraudulent and illegal behavior, but they can also detect issues before they become serious, reduce losses that could hurt the company, and promote a healthy work environment. The anonymity of fraud hotlines is vital both for employers, who can receive important anonymous tips from their employees, and for employees, who can report wrongful behavior anonymously without fear of retaliation.
Financial fraud isn’t the only concern for businesses. Ethical violations of every sort imaginable can take place at any organization and within any department. According to a 2013 National Business Ethics Survey (NEBS) conducted by the Ethics Resource Center, 41% of the respondents indicated they witnessed some form of workplace misconduct, including conflicts of interest, discrimination and violations of health and safety regulations.
With an anonymous whistleblower hotline in place for employees, tips can be submitted safely and securely for all manner of wrongdoing:
According to ACFE’s 2018 Report to the Nations, anonymous tips were the most common fraud detection method, regardless of whether the organization had a hotline system in place. However, tips were submitted at a much higher rate when the company had a hotline, as illustrated by the below chart.
With an anonymous, easy-to-use reporting system, employees feel much more comfortable reporting wrongdoing. They know their name won’t be attached to the tip. They won’t fear retaliation. But they will report the issue that could end up saving the organization money and even lives, thanks to early detection and correction. Having adequate controls that seek out fraud, rather than relying on external or passive detection methods, can dramatically reduce the cost and duration of illicit activity.
Suspect fraud in your organization?
The Risks of Employee Emails and Social Media
There is great risk in intermingling personal accounts with work-administered systems. Management can reduce risk to the organization by encouraging employees to keep personal accounts separate from their work-related digital profiles.
Best practice is to prohibit combining personal account use with work email addresses, and to also disable use of personal email accounts through email filtering.
Other tips for online web-browsing and social media activities include:
What is your organization’s potential for fraud?
Digital Forensics in Your Human Resource Plan
What happens to your employee’s computer and other issued devices when they leave the company? Typically, the equipment is taken to IT and wiped clean and made available to the next employee. But you should also be asking why the employee is leaving. Are they being fired for cause? Are they a disgruntled employee? Or are they leaving for another opportunity? Are they going to a competitor, and did they have access to key files or client lists that could bring harm to the company if in the wrong hands?
More and more companies are sending their former employees’ devices to a digital forensic investigator for digital forensics services to protect themselves against possible litigation. These investigators act as an independent third party and create a forensic image of each device for HR and legal to hold if a suit is filed against the company, or if they feel the former employee might have conducted themselves in a manner that hurts the company and need to open an internal investigation.
Why not have your own IT department do this? Internal IT teams should not investigate employees for the same reason that it is never a good idea to self-collect data in a litigation proceeding or represent yourself in court: it is less defensible and a standard best practice to show that an independent third party imaged the data. This takes away the possibility of questions like, “How do we know that data wasn’t erased or added to make my client look guilty?” This can certainly be proven, but at a much greater expense than outsourcing to a third party.
The Importance of Human Resources in Your Fraud Prevention Plan
By ensuring you have adequate hiring protocols, a fraud hotline, an acceptable use policy and a digital forensics policy for employee exits, your human resource department can greatly lessen the chances that your company will experience fraud.
See what more we can bring to organizations just like yours.Financial Institutions Manufacturing & Distribution Nonprofit Government Construction & Real Estate