Conducting frequent fraud risk assessments is among the top ways to discourage individuals from committing fraud.
Strengthening your internal controls and taking advantage of data and analytics (D&A) will go a long way to preventing fraud – or at least increasing the likelihood of detection before it can cause catastrophic damage. Below are four ways to put these strategies into action:
- Fight back with technology: Companies should be using automated computer programs with D&A capabilities to conduct 24/7 surveillance and monitoring. Our survey found that only three percent of frauds were detected by proactive data analytics; this is a clear indication that companies are not fully utilizing this important fraud-fighting weapon.
These types of software programs are capable of monitoring and analyzing:
- all business transactions, anywhere in the world
- employee conduct, including when they arrive and leave; computer usage; where they go on business premises, etc.
- public records, news and social media for indications of employee or third party lifestyle changes, financial activities, questionable activities, etc.
D&A programs can be designed to flag aberrations or changes in behavior or business patterns that might be indicators of fraud.
- Conduct regular fraud risk assessments: One of the best strategies to combat fraud is a regular fraud risk assessment conducted as part of an enterprise-wide risk assessment process. Formal assessments should be conducted annually; it should be done more frequently if the company is experiencing high levels of change. This would include companies expanding globally, implementing new business operations, or subject to new regulations.
These assessments can show where a company has gaps in its internal controls (e.g., both activity-based and entity-level). They can also help companies prioritize the areas in which it needs to invest in anti-fraud measures.
- Know your business partners and third parties: In addition to monitoring their employees, companies need to scrutinize their business partners and other third parties conducting business on their behalf. This is particularly true as companies extend their reach across the globe.
Specifically, organizations should:
- perform comprehensive background searches and integrity evaluations prior to entering into a business relationship.
- periodically check to ensure that suppliers are billing them as per contractual agreement; this can be required under the “right to audit” clause that’s normally included in business agreements.
For companies with hundreds, let alone thousands or tens of thousands, of business relationships, this may seem like an overwhelming task. But the same technology and D&A advancements discussed above can enable you to conduct cost-effective due diligence of third parties and contractual agreements, both initially and throughout the course of your relationship.
- See something, say something: One of the most effective ways of detecting fraud is through the good, old-fashioned technique of encouraging tips from employees and/or vendors and suppliers. To be successful, however, it’s essential to develop a strong culture in which employees (and third parties):
- are aware of the risks of fraud
- know what to look for
- have ready access to reporting options
- are not afraid to come forward (this is critical)
What to look for: As noted earlier, it’s likely that the fraudster is an employee who’s been with your company for several years, often a well-respected individual who no one suspects. But there typically are tell-tale signs of fraud, if you look closely enough.
For example, the following are some of the top red flags associated with fraudsters1:
- Living beyond means
- Financial difficulties
- Overly close association with vendors/customers
- Control issues/unwillingness to share duties
- “Wheeler-dealer” attitude/shrewd or unscrupulous behavior
- Divorce/family problems
Nurture a culture of trust: See something, say something is a catchy phrase. But it won’t mean a thing unless employees believe that they won’t have to fear for their job if they raise a red flag. This may be an easier task for some companies than others, but it will be worth the effort.
Provide training courses on fraud, and offer a variety of “whistle blowing” options, such as their supervisor, a human resources person, or an anonymous hotline (preferably that’s independent from the company).
Take appropriate action: Once an alarm is sounded – whether from a tip or a D&A alert – you need to take appropriate action.
Not every transactional aberration, change in behavior, or employee exhibiting a red flag means that a fraud is being perpetrated. However, you need to at least make an inquiry into the matter, regardless of who the suspect is. And depending on the tip or the result of your initial inquiry, a more formal investigation may need to be conducted.
It’s also a good practice to publicize when an executive, manager or other employee is found guilty of fraud, particularly if it’s the result of a tip. It will help reinforce the perception that your company takes tips seriously, acts upon them, and does not retaliate against people who come forward.
All of these action steps will not prevent fraud from occurring but will discourage some individuals from attempting it. The simple truth is that as long as individuals think they can gain financially through illegal means without getting caught, they will try to commit fraud.
However, by being aware of who potential fraudsters are, and employing the strategies covered in this article, you stand a better chance of ferreting them out before they can do real damage.
Phil Ostwalt is a Partner with KPMG. He currently is KPMG’s Investigations Service Network Leader.