Last week, we looked at the introduction of risk management and we gave hints on employee frauds, a significant cause of most institutions’ failures. We looked at the fraud triangle and link them to the MFI and banking sector. Today we shall look at how we could prevent the fraud and also how to detect them by putting in place controls, procedures, and policies.
Employee fraud is a significant problem faced by organizations of all types, sizes, locations, and industries. While everyone would like to believe employees are loyal and working for the benefit of the organization (and most of them probably are), there are still many reasons why your employees may commit fraud and several ways in which they might do it. According to the 2016 Report to the Nation on Occupational Fraud and Abuse (copyright 2016 by the Association of Certified Fraud Examiners (ACFE)) research shows that the typical organization loses 5% of its annual revenue each year due to employee fraud. The total loss caused by the cases in ACFE study exceeded $6.3 billion, with an average loss per case of $2.7 million.
The staggering figures should give us a cause for concern, and we should be setting detection and prevention methods and mechanisms to counter the huge losses.
Types of Fraud
Fraud comes in many forms but can be broken down into 3 categories: asset misappropriation, corruption, and financial statement fraud.
Asset misappropriation made up 83% of all fraud cases studied but causing the smallest median loss of $125,000. These are schemes in which an employee steals or exploits its organization’s resources. Examples of asset misappropriation are stealing cash before or after it’s been recorded, making a fictitious expense reimbursement claim and/or stealing non-cash assets of the organization.
Financial statement fraud was on the other end of the spectrum, occurring in less than 10% of cases but causing a median loss of $975,000. These are schemes that involve omitting or intentionally misstating information in the company’s financial reports. This can be in the form of fictitious revenues, hidden liabilities or inflated assets.
Corruption cases fell in the middle, with 35.4% of cases and a median loss of $200,000. Corruption schemes happen when employees use their influence in business transactions for their own benefit while violating their duty to the employer. Examples of corruption are bribery, extortion, conflict of interest, nepotism (employing family and relations at key positions).
It is essential to an organization, both large and small, to have a fraud detection and prevention plan in place. The fraud cases studied in the ACFE 2016 Report revealed that the fraudulent activities studied lasted an average of 18 months before being detected. In 94.5% of the cases in the ACFE’s study, the perpetrator took some efforts to conceal the fraud. The most common concealment methods were creating and altering physical documents.
1. Know Your Employees
Fraud perpetrators often display behavioral traits that can indicate the intention to commit fraud. Observing and listening to employees can help you identify potential fraud risk. It is important for management to be involved with their employees and take time to get to know them. Often, an attitude change can clue you into a risk. This can also reveal internal issues that need to be addressed. For example, if an employee feels a lack of appreciation from the organization or anger at their boss, this could lead him or her to commit fraud as a way of revenge. Any attitude change should cause you to pay close attention to that employee. This may not only curtail a loss from fraud but can make the organization a better, more efficient place with happier employees. Listening to employees may also reveal other clues. An employee with heavy workload but smaller matching salary who is also under family or financial stress is most likely to commit fraud.
Employers must ensure that workload is equally and equitably distributed and employees compensated accordingly. This will not entirely eliminate fraud but would abate it.
2. Reporting System
Awareness affects all employees. Everyone within the organization should be aware of the fraud risk policy including types of fraud and the consequences associated with them. Those who are planning to commit fraud will know that management is watching and will hopefully be deterred by this. Honest employees who are not tempted to commit fraud will also be made aware of possible signs of fraud or theft. These employees are assets in the fight against fraud. According to the ACFE 2016 Report, the most common detection method was tips (39.1% of cases), but organizations that had reporting hotlines were much more likely to detect fraud through tips than organizations without hotlines (47.3% compared to 28.2%, respectively). This should be contained in the Whistleblowing Policy.
While most tips come from employees of the organization, other important sources of tips are customers, vendors, competitors, and acquaintances of the fraudster. Since many employees are hesitant to report incidents to their employers, consider setting up an anonymous reporting system. Employees can report fraudulent activity through a website keeping their identity safe or by using a tip hotline.
3. Implement Internal Controls
Internal control, as defined in accounting and auditing, is a process for assuring achievement of an organization’s objectives in operational effectiveness and efficiency, reliable financial reporting, and compliance with laws, regulations, and policies (Source: Wikipedia).
Segregation of duties is an important component of internal control that can reduce the risk of fraud from occurring. Most microfinance institutions and banks do not allow their operations staff (Branch Managers, Loan Officers, etc) to handle cash. Customers are directed to make a direct deposit into the institution’s bank account or handle this to the cashiers if the institution has a banking facility.
Documentation is another internal control that can help reduce fraud. From the generation of a transaction through approval and payment process, there must be documentation. Nothing verbal is allowed in business transactions and every personnel must sign off each process. In addition, make sure all cheques, purchase orders and invoices are numbered consecutively. Use “for deposit only” and “paid” stamps on all incoming cheques, require two signatures on cheques above a specified amount and avoid using a signature stamp.
Internal control programs should be monitored and revised on a consistent basis to ensure they are effective and current with technological and other advances. If you do not have an internal control process or fraud prevention program in place, then you should hire a professional with experience in this area. An expert will analyze the company’s policies and procedures, recommend appropriate programs and assist with implementation.
4. Staff should take leave
You might be fascinated by the employees who haven’t missed a day of work in years. While these may sound like loyal employees, it could be a sign that these employees have something to hide and are worried that someone will detect their fraud if they were out of the office for a period of time. It is also a good idea to rotate employees to various jobs within a company. This may also reveal fraudulent activity as it allows a second employee to review the activities of the first.
5. Hire Experts
Certified Fraud Examiners (CFE), Association of Chartered Certified Accountants (ACCA), Certified Public Accountants (CPA) and qualified accountants who are Certified in Financial Forensics (CFF) can help you in establishing anti-fraud policies and procedures. These professionals can provide a wide range of services from complete internal control audits and forensic analysis to general and basic consultations.
6. Live the Corporate Culture
A positive work environment can prevent employee fraud and theft. There should be a clear organizational structure, written policies and procedures and fair employment practices. An open-door policy can also provide a great fraud prevention system as it gives employees open lines of communication with management. Business owners and senior management should lead by example and hold every employee accountable for their actions, regardless of position (Source: Stephen Reed, CFA)
In addition to prevention strategies, you should also have detection methods in place and make them visible to the employees. According to Managing the Business Risk of Fraud: A Practical Guide, published by Association of Certified Fraud Examiners (ACFE), the visibility of these controls acts as one of the best deterrents to fraudulent behavior. It is important to continuously monitor and update your fraud detection strategies, risk profile and risk register to ensure they are effective. Detection plans usually occur during the regularly scheduled business day. These plans take external information into consideration to link with internal data. The results of your fraud detection plans should enhance your prevention controls. It is important to document your fraud detection strategies including the individuals or teams responsible for each task. Once the final fraud detection plan has been finalized, all employees should be made aware of the plan and how it will be implemented. Communicating this to employees is a prevention method in itself. Knowing the company is watching and will take disciplinary action can hinder employees’ plans to commit fraud.
Fraud is not limited in the size of the company. The fraudsters could play in any weak control systems and succeed well. Internal controls must, therefore, be up to scratch and must be improved from time to time. Also, fraud reporting mechanisms should be working in every financial institution. Nothing should be left absolutely for any employee, manager or director to exclusively do without a further checking. While the internal audit of most organizations is reactive in nature of their work, risk management seems to be proactive. Risk management principles should be inculcated into every process of the entire business cycle. Nobody should be above monitoring, and borrowing again from Professor Stephen Adei of my MBA School (GIMPA) – In God we trust, all others we monitor!