December 3, 2019
If your organization becomes a victim of internal fraud, it won’t just hurt the bottom line — the incident also could do devastating damage to your reputation. By implementing some simple controls, though, your organization can help protect itself from these risks.
One of the most important preventive measures is the segregation of accounting duties, especially those related to executing outgoing payments. You should assign different employees to approve, record and report transactions. And the employee who generates checks for payment or approves invoices shouldn’t also be responsible for signing checks or initiating online payments.
Similarly, the staffer who makes bank deposits shouldn’t be charged with reconciling the organization’s bank statements. If your operation is too small to segregate duties fully, consider rotating staff through the various duties regularly, or involving a board member to oversee the process. You also can adopt a mandatory vacation policy to make it more difficult for fraudster employees to conceal their schemes.
Research conducted by the Association of Certified Fraud Examiners (ACFE) shows that organizations with antifraud training programs experience lower losses, and frauds of shorter duration, than those without. Businesses and other organizations should provide targeted fraud awareness training not just for managers but also for employees.
At a minimum, the ACFE recommends explaining to staff which actions constitute fraud, how fraud harms everyone in the organization and how to report suspicious activity. Managers and employees also should be educated on the behavioral red flags of perpetrators and encouraged to keep an eye out for them. Red flags include an employee who appears to be living beyond his means or one who refuses to take time off. Additionally, some insurance providers offer discounts if certain anti-fraud training is attended by a majority of staff members.
Set Up a Hotline
Fraud hotlines are one of the most effective strategies for uncovering fraud. The ACFE has consistently found that tips are the most common means of detecting fraud. The majority of tips come from employees, but the hotline also should be available and publicized to vendors and constituents.
Management should encourage employees to report any suspicious activity and enforce an anti-retaliation policy so employees aren’t reluctant to speak up. Ideally, the hotline should be anonymous, or at least confidential.
The AICPA published an Audit Risk Alert: Not-for-Profit Entities Industry Developments. The alert urges not-for-profit organizations to develop a formal fraud risk management program, including a fraud risk assessment. The document can also be useful to for-profit organizations.
According to the AICPA, a fraud risk assessment should identify:
- The fraud schemes that could potentially happen
- The possible concealment strategies that a fraudster can use to avoid detection
- The individuals within or outside the organization who pose the highest risk of committing fraud, such as accounting or information technology personnel
- The controls currently in place to deter or detect fraud
- A list of warning signals or red flags that can be used to educate the organization, including both employees and board members.
The goal of the assessment is to identify any vulnerabilities and gaps in internal controls that could leave your organization susceptible to damage to its finances and reputation.
Make It a Joint Effort
Cutting the risks of fraud requires management (and the board of directors, if you have one) to be aware of your organization’s vulnerabilities. Staff also must pitch in, staying on the lookout for red flags, conflicts of interest and other potential issues — and they must be comfortable reporting any concerns. Your financial adviser can help, too, by conducting a fraud risk assessment and suggesting ways to establish appropriate controls.