The monumental task of managing the human elements in fraud risk management
Hard Fact #1: Fraud can never be totally eliminated from an organisation’s operations. At best, it can be minimised, and its most damaging results mitigated so as to cause as little damage to the organisation as possible. All companies have experienced fraud at some point or another – or they just haven’t realised it yet. We’re not talking about a ream or two of paper, or the pilfering of paper clips or staples. Fraud is not merely making false expense claims or stealing stationery; it is insidious and can go far deeper before someone stumbles across it.
It includes corruption, theft of identity or company assets, embezzlement of company funds, money laundering and generally using power or authority for personal enrichment, to the detriment of the firm. Although many may consider it a victimless crime – rationalising that “the company can afford it” – fraud has severe repercussions and can damage a company’s operations, competitiveness, sustainability and reputation, in the long run. Its far-reaching consequences may span anything from summary dismissal of the perpetrator, to the firm’s liquidation and retrenchment of its workers.
Long-running fraud may deplete the firm’s reserves; its discovery may erode the confidence of its investors, and even affect its share price. Globalisation and the interconnectedness of the business environment is driving the need for fraud risk management more today than ever before but identifying and mitigating it is getting more difficult because fraudsters are becoming increasingly sophisticated. Technology can mitigate the destructive effects of fraud to a certain extent, but putting in technological checks and balances may be an expensive exercise. Besides, even the most advanced systems have manual overrides.
Because the human element figures so prominently in the commission of fraud, mitigation should start with human resources. Generally, the most effective fraud risk management programmes encompass three elements: prevention, detection and response or mitigation. Organisations should set in place an official policy on fraud as part of their corporate strategy – and they have to ensure that it is understood at all levels. This should be followed with a clear, detailed plan of action that is simple enough to be understood at all levels. If necessary, training of staff at all levels should be a part of fraud risk management strategy.
A comprehensive induction programme that includes clear organisational policy on fraud should greet new hires. They should also be in no doubt about the penalties that flouting the policy will invoke. Prevention is better than cure, so it pays to do background checks on potential new hires. Due diligence should include why they left their previous positions, and if they have been asked to provide referees for the job, then check with the references given. This is critical if the potential employee will be taking on a job that involves compliance or finance at any level.
Staff training in fraud risk management should also encompass whistleblowing. Many of the biggest financial scandals ever known were unearthed because of whistleblowing but this came to light often at great cost to the whistleblowers. Potential whistleblowers should have enough confidence in the organisation’s systems to provide information on wrongdoing without fear of repercussion or retaliation should their information prove accurate. With policy, strategy and systems in place, what else can organisations do to further support fraud risk management? They can make sure the tone at the top is the right one.
Nothing makes a better impression on employees than seeing their superiors walking the talk; nothing encourages the development of an organisation’s culture of risk-awareness more than a Board and senior management with personal integrity, the right ethical values and strong moral principles. The standards at the top are the ones that the rest of the organisation will follow.