By: Mark Afraud prevention. Anderson, Director of Training
Anderson Investigative Associates
It has been a common occurrence in recent years when audit firms have certified organizations as healthy, only to have major problems exposed shortly thereafter with those companies. These acts have resulted in liability settlements for millions of dollars. As a result of concerns in the audit community, several audit task forces studied the current approach to detecting fraud, and the standards surrounding the issue. Whenever issues such as these are examined, change occurs, but it is often ancillary to the true issue, and the inextricable connection, to greed, inside interests, lack of courage, and any other internal pressures felt.
Any change in strategy to address these issues must be based and connected to three inescapable facts regarding fraud:
1. Fraud is much easier and more cost-effective to deter than to detect;
2. The deterrence of fraud necessitates a much broader approach than simply internal control evaluation; and
3. The collective cost of all forms of fraud is, indeed, material.
There does not exist any immaterial frauds, they all have a distinctive and diverse effect on any organization. Hence, we must establish a consistent, unified approach to deter all organizational fraud not just that committed at the highest levels. The approach cannot ignore any strata or area within an organization.
The likelihood of detection of fraud is low, because it always involves deception and concealment. The more obvious the fraud, the greater the chance of detection. Likewise, the more insidious the fraud the more likely it is to propagate. Deterrence is another matter. Some organizations are more susceptible to fraud than others, and certain people are more prone to committing fraud than others. Finally, and the most clearly established, the perception of detection – rather than control itself – deters fraud.
What will likely need to occur is a shift from evaluating detection risk to measuring deterrence effectiveness. The major focus should, as a result, be on prevention, not detection. This prevention effort should have three realistic and measurable goals:
1. To reduce losses resulting from fraud;
2. To deter fraud through proactive policies; and
3. To increase the likelihood of early fraud detection.
These goals require that we change the paradigm of how we think and the form these programs have historically taken. Reducing losses to fraud means taking a more focused approach. An organization that only makes threats such as, “violators will be prosecuted” as their best proactive attempt, will likely have little success. In contrast, an organization that concentrates on improving its hiring procedures, practices, and reporting programs will see improvements.
There are an extensive number of ways to deter organizational fraud. We will examine six general elements to accomplish this: personnel selection; organizational matters; education; reinforcement; increased audit and investigation visibility; and reasonable control procedures.
Although often ignored, personnel selection is the first step in preventing fraud – from the top to the bottom. As reported in various literature, the “tone at the top” becomes the most controlling influence within the corporate structure. Many organizations will go to great lengths to check out lower-level employees, while assuming that the people at the top are more honest. Based on many studies, we know quantitatively that management is no more honest than the rank and file. Personnel selection needs to be addressed in a holistic fashion which will require the investment of a different thought process, time, and fiscal resources. This investment will give a significant return based on the quality of individuals selected for positions in your organization.
With respect to internal organizational matters, entities with dedicated units to address fraud are less at risk than those without. These units require all fraud prevention and detection responsibilities to be in one place, and their efforts need to be unified. Well qualified and selected personnel will provide a significant return on investment.
Education is the cornerstone of fraud deterrence. No organization can have a serious commitment to prevention and ethical improvement without corporate participation. This should start with what is expected of the employees and include what types of fraud can occur within the organization; how these frauds affect them; and what these individuals can do to help. This program cannot be filled with blind repetition to be able to say we did it, but must be viable and well-presented.
The next measure is emphasis on the last; reinforcement of the education process on a continuing basis. It is not enough to simply inform – that information must be reinforced through continued effective retraining. This effort must focus on the positive side of fraud prevention. Fraud costs jobs and resources, interrupts lives, and makes otherwise “ordinary” people into criminals. Companies that have a higher level of honesty and ethical compliance are invariably more successful than those which are not.
Increased audit and investigation visibility comes from the organization’s full acceptance of what these functions are in place to do: detect, deter, and investigate fraud. Employees of an organization must know that auditors and investigators are looking for fraud. The increased visibility of these individuals – a higher fraud profile – is bound to have a measured deterrent effect. The greater the perception of full partnership of the organization with the unit, the greater the deterrence. Using personnel of these units to complete fraud briefings and interact with other units of the organization can be incredibly valuable.
Finally, an organization must have procedures to control fraud that are not only effective and visible, but also reasonable. Controls must be probing and thorough without being perceived as invasive and encumbering. Controls have many purposes, and we must look anew at those procedures which have the greatest return on investment. In these days of downsizing, empowerment, and other management trends, fraud prevention must be, bottom line, cost-effective.
These steps will help in addressing the first two goals of the program: to reduce losses associated with fraud, and to deter fraud through proactive policies. The next step is to examine how to increase the likelihood of early fraud detection.
There are several givens with regard to fraud. Occupational fraud that goes undetected will continue to grow until it threatens the health of the organization. This is because fraud is continuous. Someone committing it will continue to do so again and again, until caught. This comes from the historical premise that greed has no limits. So, it is not a question of the fraud being detected, but rather when. As with the steps to deter organizational fraud, we must examine five concepts to increase early detection.
The first technique is actually an old method and probably the least effective. It applies to program personnel, investigators and auditors, and involves the necessity to pay closer attention to and scrutinize source documents. In almost all cases of organizational or occupational fraud, missing or altered documents are a part. Unfortunately, with increases in technology, fakes and forgeries are nearly undetectable.
Program personnel, managers and auditors need to increase the use of various analytical techniques. When used on a matter involving a fraud, the numbers do not make sense and cannot be resolved. These techniques are most useful in large frauds, and usually by the time they are employed, it’s late in the game.
A third and more novel possibility is the use, or increased use of executive financial disclosure. This approach may not be welcomed, but the simple fact exists that virtually all fraud perpetrators spend more money than they make. Close scrutiny of these documents can not only increase the likelihood of early detection, but can be a significant deterrent as well.
A fourth method to detect fraud, earlier, involves surprise, unannounced audits. Again, the deterrent value of leaving this as a viable possibility cannot be over-stressed. It is realized that these audits characteristically cost more money and require more planning and better execution. However, case after case has shown that announced audits have given fraud perpetrators opportunity to create documentation to advance their fraud.
Finally, it is essential to note that historically, more allegations of fraud have come from tips, anonymous or otherwise, than from all other sources combined. As set forth in the federal Corporate Sentencing Guidelines, organizations must have an effective reporting mechanism. This mechanism needs to take on several forms, although in today’s society the most effective one is the telephone hotline.
We are rapidly approaching the limits of technology to detect fraud through traditional techniques. Beyond this, as we become more technologically advanced, so do the frauds with which we are faced. We also are becoming more comfortable with attempting technological and data-based solutions to each of these dilemmas. The one factor that never changes in an organization and with frauds is the involvement of people. Consequently, our employment of effective, proficient interviewing and communication skills can have a major impact on the multitude of soft/human issues in every area addressed previously. It is through those communications and interviews that we learn of the fraud, identify internal control issues, find the origins of the problem, identify the perpetrator, and obtain an admission to the wrongdoing. We know from a multitude of research that employment of training in the area of interviewing and communication hones skills that result in these successes. When was that last time your people were afforded training that could better equip them for this most important task?
Early detection and effective deterrence requires different and unique approaches, accompanied by a willingness to explore new alternatives. What have been laid out are several methods to implement new and different attacks on the problem. Interviewing and communication skill refreshment and training should be on that list to fine tune. If I can help you with that in any way, please call or email me, and let’s talk about a customized approach to increase your return on investment. (