Organizations of all sizes and business sectors are susceptible to fraudulent activity perpetrated by both internal and external parties. Fraud can have severe and sustained adverse impacts on an organization’s reputation and financial bottom-line. The 2016 Report to the Nations on Occupational Fraud and Abuse (“2016 ACFE Report”) prepared by the Association of Certified Fraud Examiners (“ACFE”) found that the typical organization loses 5% of revenues annually to fraud.
Various measures can be employed to prevent, detect, and respond to fraudulent activity. These include “hard” controls, such as policies, procedures, and systems that regularize internal operations and allow for deviations to be identified and corrected. However, “hard” controls can and should be accompanied by “soft” controls that encompass the competence, dedication, and integrity of the organization’s workforce. It is these “soft” or “ethical” controls that often get overlooked when designing, implementing, and evaluating an organization’s internal control environment. Promoting an ethical work environment is difficult, but essential to effectively mitigate fraudulent activity. The following highlight some “soft” controls to be considered when implementing a robust fraud prevention program.
Tone at the Top
This is the leadership commitment by senior management (including boards of directors, where applicable) to ethical values, integrity, and honesty within an organization. Management must not only preach ethical values, but lead by example. A senior management conveying a message of “do as I say, not as I do” will be distrusted by honest employees, and rationalize misconduct by dishonest ones. Strong, ethical leadership will establish the climate in which employees will interact with management, one another, and external parties in a fair, honest and respectful manner. Effective fraud prevention will be hard to achieve if senior management only “talks the talk” but doesn’t also “walk the walk” with respect to ethical conduct.
Establish and Communicate Clear Expectations
Employees have the right to know management’s expectations in terms of job duties and responsibilities, as well as acceptable personal conduct. Clear and concise job descriptions, integrated with written policies and procedures, will help employees perform their duties more productively and provide the basis for holding them accountable for job performance.
In addition, a written Code of Conduct is important to set parameters for employees’ acceptable on-the-job behavior regarding such topics as time and attendance, personal use of business assets, conflicts of interest, harassment and discrimination, acceptance of gifts, handling proprietary information, alcohol/substance abuse, and mandated reporting of wrongdoing.
These expectations should be communicated at the time of initial employment and periodically reinforced on a going-forward basis. Employees should acknowledge in writing receipt of distributed documents and completion of all related training.
Business partners, including vendors, also should be made aware of relevant guidelines. For example, organizations limiting or prohibiting gifts to its employees should communicate these guidelines to business partners to mitigate violations.
Anonymous Reporting Mechanism
The 2016 ACFE Report noted that tips were the most common fraud detection method (39.1% of cases), and that organizations with reporting hotlines “were much more likely to detect fraud through tips than organizations without hotlines (47.3% compared to 28.2%, respectively).” Any process for mandated employee reporting of wrongdoing should include a mechanism, such as a hotline, for anonymous reporting to management or an independent third-party entity, and strictly prohibit retaliation or reprisal against employees making reports of wrongdoing in good faith. Simply put, employees will be more inclined to report wrongdoing if they feel they are not putting themselves in harm’s way. In addition, business partners should be encouraged to report employee wrongdoing and be advised of the appropriate reporting channels.
Complaint Response Process
Management should develop a well-defined complaint response plan, and ensure it is implemented without impairment or interference. Investigations of alleged wrongdoing should be swift, impartial, consistent, and professional. A poorly executed investigation can be more counterproductive than conducting no investigation at all. Employees closely watch and evaluate management’s response to these situations, and how management reacts can affect future employee behavior and morale. Management’s allowing the investigative “chips to fall where they may” is typically uncomfortable, but is invariably the best course to follow.
The professionals at Ferraro, Amodio & Zarecki, CPAs have extensive experience in designing and implementing fraud prevention and response programs. We also offer a confidential fraud reporting hotline platform through a proprietary, web-based portal that allows employees and business partners to anonymously report fraudulent activity and misconduct. For further information on these services, contact Ed Dominelli at firstname.lastname@example.org, or contact our office at 518-288-2160.