An effective fraud risk management framework helps organisations deal with this particular risk in a consistent, continuous way. But what exactly is fraud, and how can organisations tell when it is happening? Almost all companies experience fraud in the course of doing business; the only differentiating factors may be the levels at which it is committed, the loss the company has to bear, and the fallout which it will inevitably have to deal with. Fraud is not merely a matter of making false expense claims or stealing stationery; it is insidious and can go on for a long time before it is discovered.
“Fraud” usually refers to unsanctioned and often illegal commercial and/or corporate activities like theft, corruption, money laundering, bribery, embezzlement or any means used to deceive for personal gain. It has far-reaching consequences particularly because of the interconnectedness of businesses the world over today, and the knock-on effects that result from the incident, like the loss of confidence of investors in the business, and damage to the organisation’s reputation. Corporate fraud and misconduct are especially damaging because these involve the highest levels of authority in an organisation.
Additionally, nothing erodes investor confidence as quickly as realising that the people you trusted with your money are the same ones who have been intent on stealing it. Both public and private sectors are vulnerable to fraud. The annual Auditor-General’s Report is littered with examples of how public funds are being plundered, and how funds that are intended to benefit the neediest, often end up lining the pockets of those entrusted to disburse them. In recognition of this, anti-fraud programmes, controls, standards, regulations and legislation have become more stringent in recent times.
Overall, people have become more careful, and there has been a thrust towards greater transparency, accountability and corporate governance because of the understanding of how fraud undermines the economy. Companies today also recognise the role that fraud mitigation plays, in business sustainability and long-term performance. There has been a concerted move towards combatting fraud by instituting better checks and balances, systems and frameworks, and training that encourages more proactiveness in addressing it. Fraud risk management operates on the key principles of prevention, detection and response.
However, there is no silver bullet for fraud, primarily because the form it takes depends on the organisation in which it occurs. While basic fraud mitigation measures may be instituted, the way in which they are implemented will have to be customised to the respective organisational cultures of companies for them to be effective. Prevention, detection and response may seem the common-sense approach to fraud risk management, but operationalising these is difficult, considering the circumstances under which fraud is often committed. It is covert, and in most cases, the result of internal parties taking advantage of their positions, more than the breaches committed by external parties.
Even so, companies intending to put a stop to fraud should start by putting in place a clear organisational policy that states their stand on fraudulent practices, and the penalties that come with contravention. Then, they should ensure that adequate controls are in place. Fraud risk management must include awareness, training and ongoing education on ethics, governance and integrity, and how these relate to organisational stability and sustainability. Awareness should start with the definition of fraud within the context of the organisation and the individual’s position. Employees should be clear from the outset about what fraud is, how to recognise it and what to do in the event they realise it has happened.
They should also understand the consequences; this may prove to be the best deterrent. There are other measures as well that can be set in place. Because fraud is a crime of opportunity, organisations should have systems that reduce the opportunity for the commission of fraud. In fact, making an assessment of systems that are in place, is a prerequisite of fraud risk management. Without proper assessment, there will be no way of identifying the shortfalls in the existing systems, and thus, no way of addressing them. Organisations should be frank in their assessments; it may save them a great deal of pain later.
While no one should commit fraud, the onus of ensuring that fraud does not happen is on the Board and senior management. It is their duty to ensure the proper systems and controls are in place. They also need to ensure that together with policies, strategies, systems and controls, their behaviour sets the right example of what is expected throughout the organisation, when it comes to integrity and ethical behaviour. Many incidents of fraud occur because the perpetrators feel entitled to their ill-gotten gains. The right tone at the top, and the correct behaviour of those at the highest levels of authority, will go a long way in emphasising that nobody is exempt from punishment.
Besides the tone at the top, one of the best ways of mitigating fraud may be through background checks of potential employees, particularly if they are being interviewed for positions where they have authority over finance or compliance. It is worth noting that while fraud prevention methods are worth investing in, it is virtually impossible to completely eliminate fraud. At best, an organisation can limit the extent of its commission, and mitigate its after effects. Fraud does have a negative impact on the organisation, its employees, shareholders and stakeholders.
It can also affect the organisation’s suppliers and customers, and has been known to be the reason for the collapse of major companies. When this happens, the livelihoods of the organisation’s employees are affected; banks and creditors lose money when the business can no longer service its loans. The effects can be far-reaching and disastrous. Companies would do well to pause and imagine the consequences of even the most minor acts of fraud, and determine if they can actually tolerate such losses, or if instituting fraud risk management measures will be a better long-term option.
