How to Reduce Your Fraud Risk

The impact of fraud is far-reaching and can have devastating effects on an organization’s bottom line. It is important to be aware of the trends in fraud, so your organization can avoid occupational fraud and abuse. The longer a fraud scheme occurs without detection, the greater the financial damage.

Ways to Reduce Your Fraud Risk
Although a business may be unable to completely prevent fraud from occurring, the business should be able to detect fraud when it happens to minimize any losses. Here are a few ways to detect and prevent fraud at your organization.

1. Sign up for a fraud hotline service.
One way to stay on top of fraud cases is through a hotline. Fraud hotlines offer an anonymous way for people connected with your business to report suspicious activity. More than a third of fraud cases are detected by a tip line, and in 51.5% of cases, employees are the source of the tip.

Hotlines are beneficial for both the employer and the employee due to ease and anonymity. Organizations with a hotline are 50% quicker at detecting fraud.

2. Require a background check on all employees.
Background reports are inexpensive and a great way to protect the culture and quality of your business.

• Check for inconsistencies between the application and the background report. A person’s dishonesty can prove detrimental to your business. When dishonesty is apparent, you should look deeper into the candidate’s background or consider another candidate.
• Be especially diligent about checking backgrounds on employees who enter people’s homes. Failing to utilize background checks could create additional liability for the company.
• Know who you are hiring. Use their application, and take time to call previous employers and listed references.

One of the keys to preventing fraud is involving HR in all aspects.

LEARN MORE

3. Establish preventative controls.
Setting up a fraud prevention program begins with understanding that any organization is susceptible to fraud and realizing the greatest threat to any organization is its own employees. Under the right circumstances, any employee could cross the line and begin manipulating their job duties for their own benefit.

Preventive controls include deterring or preventing unauthorized transactions, requiring proper authorization, and instilling physical safeguards such as locks, keys and passwords.

Another important preventative measure is an inventory control system. By keeping an accurate inventory count, an organization can identify irregular purchases as well as any item being used at an unusually high rate. An organization can then conduct a review to see if this unusual activity is an indication of deeper issues.

4. Establish detective controls.
Detective controls include independent checks to ensure transactions have proper authority and are recorded correctly. This can include:

• Rotating job duties
• Mandatory vacation requirements
• Surprise audits
• Routine inventory counts
• Assuring adequate documentation and records

Be watchful for things like reoccurring charges, employees you don’t know you hired, expenses you don’t remember signing for, excessive voids and duplicate payments. Also, ensure requests for invoices/supporting records are performed by someone independent of those handling the day-to-day accounting for the organization.

5. Be actively involved in your company’s finances.
Check your company’s bank balance and expenditures on a monthly basis. Know what it costs to run your company. Be able to recognize when expenses seem too high, or revenue seems too low for the company’s volume of sales.

• Send your payables and receivables to a P.O. Box, not your office.
• Open and read your mail.
• Know how much money is coming in and going out, then bring it to your bookkeeper.
• If you can, segregate the duties. Have your receptionist or office manager open, list and log all checks received in the mail. Then review reconciled bank statements and compare the check log to the deposit slips.
• Sign your own checks. Avoid stamp signatures whenever possible.

6. Review your company’s financials.
Fully review your company’s financial statements. Read beyond the first page of the Profit and Loss Statements—review every item on every page. A fraudulent employee will try to hide the fraud loss in detail level pages; if you don’t examine your company’s statements thoroughly, these red flags will be impossible to find.

If you don’t understand something on your P&L, ask questions until you do. It can help to rename things you don’t understand so that they make sense to you.

Know what each line item on your financial statement is. It’s your company—it is vital that you understand how every piece is put together.

7. Limit access to key data.
All financial programs should have ways to limit access to valuable information.

• Each employee should have their own password and user ID to sign into their computer. Also, implement an automatic sign off when the computer is not being used.
• Keep passwords secret, not posted on the computer via a sticky note. Make sure sensitive company, employee and customer information doesn’t make its way into the wrong hands.
• Check stock and company credit cards are stored in a locked drawer.
• Use dual authorization methods are for electronic bank transfers.
• Make sure accounting and computer software has user restrictions set up to limit access to individuals.

8. Implement a system of checks and balances.
Implement a “checks and balances” program at your company. There are many companies where employees’ work goes unchecked. This allows employees to commit fraud more easily, because they know no one is watching. Operating without a system of checks and balances can end up costing the company significantly, even leading to bankruptcy.

When internal controls are established and everyone knows their work will be double-checked, the opportunity for fraud is greatly reduced. The bottom line: using checks and balances makes trusting your employees easier.

We’ve developed a checklist to help identify potential areas susceptible to fraud.

DOWNLOAD

9. Conduct continual fraud training for all employees.
Educating your employees helps raise awareness about fraud, including its impact on the company, and minimizes the opportunities available to fraudsters.

In addition, increase the perception of getting caught. Perception of detection is one of the most effective deterrents to fraud. Make your office a fraud unfriendly place through fraud education programs with company personnel, fraud assessments, mandatory vacations, surveillance, fraud hotlines and violation enforcement.

Commit to keeping your fraud program current. Some fraudsters will learn how to override your controls. A commitment to a responsive program keeps this in check.

10. Institute a code of conduct and fraud policy.
Set clear boundaries of what is and is not tolerated in your company. State the repercussions of the employees’ dishonest actions. Employees must know the rules of the company in order to prevent breaking them.

Be consistent in enforcing your code of conduct. The moment management diverts from the policy is the moment employees stop following it.

11. Ensure written policies and procedures are in place.
Policies, procedures and job duties are set up not only to protect the company, but the employee as well. These requirements provide guidance for an employee to do their job, and so that they are not accused of doing things they are not supposed to be doing.

Many businesses, no matter the size, do not review how their written policies or procedures are being implemented during day-to-day operations. Just because something seems like a good idea on paper does not mean it is the most efficient way to complete the task. Review your policies/procedures on a regular basis and update as needed.

One policy to pay extra attention to is your credit purchases policy. Have employees sign contracts indicating that they will not make any personal purchases on the card, and that they are responsible for any personal charges.

• Company policy should state that misuse will result in termination.
• Have restrictions to the account assigned by the bank based on spending limits or merchant accounting codes. This will ensure employees can only spend up to approved amounts at approved locations.
• Establish specific rules for company credit card use. Be extremely careful when initially giving out the privilege to use the company credit card.

12. Obtain employee dishonesty insurance.
Check to see if your company has employee dishonesty insurance. Most business insurance policies have small coverage allowance for employee dishonesty. Some insurance policies require prosecution or an accurate accounting of the loss to submit a claim.

13. Be observant.
Does someone appear to be living beyond his or her means? Is an employee going through a divorce or child custody dispute? Are they having an affair? Affairs are extremely costly, and for the parties involved, using a personal credit card is often not an option. Therefore, individuals may use the company credit card, so the charges aren’t visible to their spouses. Also, the disposable income needed to carry on an affair has to come from somewhere. People will steal the money to continue the affair.

14. Be mindful of cybersecurity challenges.
Most security breaches originate from within your company—usually from your employees or contractors. As an organization, you’re only as secure as your weakest point. In many companies, that means your internal network. Check your firewalls on a regular basis and have policies covering what is appropriate on company computers and what is not. Conduct random checks of your network, including your network staff, and make sure your IT policies are updated on a regular basis.

With increasing numbers of remote working arrangements, it is especially important to consider security risks associated with a remote workforce:

• Ensuring secure connectivity and data transfer. The “office” may be remote, but data still needs to be protected. Security is not the default for most technologies. Organizations should take the initiative to implement tools and solutions that will facilitate the security of data for remote workers. These solutions should be tailored to your organization’s needs and operations.
• Training and educating your workforce on how to be secure when working offsite. Each remote worker has a role to play in securing your organization’s data. Remote workers need to understand the steps they should take to protect their home network. Helping employees understand risks and suspicious behavior will help both of you succeed.
• Verifying the identities of remote workers when they connect to your systems. It’s essential to add additional controls for authentication with remote workers. Take the initiative to implement solutions that will provide multiple factors or methods for authenticating users.
• Providing technical support to remote workers. Where will you guide your staff when they have an issue at home? What if they have trouble logging into an application, if their keyboard stops working or if they can’t connect to their own home WiFi? Ensure you have a plan for communicating and getting them the help they need to increase productivity.

You might also consider asking yourself the following questions to ensure you’ve safeguarded against potential cyber threats:

• What are the key applications my staff will need to access remotely? Focusing on what is needed and how to secure those connections with remote workers will help to ensure valuable time isn’t spent trying to provide or secure a solution that won’t be used. Align your risk mitigation to the systems and solutions employees will be using.
• Which of our employees needs remote access and how can we limit their permissions to only those systems and data necessary to perform their responsibilities? System access and permission should be based on roles and job responsibilities. Having remote workers compounds this necessity and reduces the risk and exposure if an account is compromised.
• Are my employees using their own or company issued computers? How you secure each type of device is different. In addition, while it may be more costly up front to provide company computers/laptops, it may be more economical in the long run and it provides greater protection which can be invaluable.
• What can remote workers do with my data? Are they able to copy sensitive or proprietary data to an unsecure location like their personal computer or Dropbox account? Providing workable solutions for employees will help ensure data resides in approved, secure locations.
• What solutions have we put in place to secure email from malicious actors? Scammers are taking advantage of these times to target users with phishing emails and fraudulent activities; email is any easy target.

How to Prevent Fraud from Occurring
With appropriate measures in place, you can successfully decrease the risk of fraud in your organization. Believe it or not, most frauds are uncovered by accident. It’s important to remember not to overlook the most obvious signs.

When establishing a fraud prevention program, the first step is getting employees to understand what is taking place, as well as the reasons behind the changes. However, this educational process is not as important as the “tone at the top.” Unless management commits to supporting a successful program that holds all employees accountable for their actions, no program can be sustained. Fraud prevention programs require accountability and continued review and improvement.

Have concerns about potential fraud in your organization?

LEARN MORE