2. Educate employees. The ACFE also maintains that employee education is the foundation for preventing and detecting occupational fraud (defined as “the use of one’s occupation for personal enrichment through the deliberate misuse or application of the employing organization’s resources or assets”), because employees are a company’s top fraud-detection resource. They must be trained in what constitutes fraud, how it hurts everyone in the company, and how to effectively report any questionable activity.
3. Change the culture ASAP. After it was hit by a $550 million fine by the Securities and Exchange Commission last July for its role in the collateralized-debt-obligation debacle, Goldman Sachs, which has a reputation of functioning as a “black-box” organization, recently announced plans to change its culture. The investment-banking firm claims it will become more transparent and ensure its business processes put customer interests first. That’s easier said than done, however. “It’s difficult to bring about a far-reaching cultural change in well-established companies,” says Quilty of BD Consulting and Investigations. “That’s not true, however, for first-generation or even second-generation companies, where the employees have a stake in the company and are more motivated to protect it from fraud.” More-established companies face a larger hurdle. “Current employees didn’t build the company,” Quilty says, “so they’re less interested in protecting it against fraudsters.”
4. Surprise! We’re having an audit. Another effective, yet underutilized, tool in the fight against fraud — at least according to the ACFE — is surprise audits. Fewer than 30% of victim organizations in the ACFE’s recent studies conduct surprise audits. Those that do, however, tend to have lower fraud losses and detect fraud more quickly. While surprise audits can be useful in detecting fraud, their most important benefit is in preventing fraud by creating a perception that it will be detected. Generally speaking, occupational-fraud perpetrators commit fraud only if they believe they will not get caught.
5. Check (and double-check) employee backgrounds. Due diligence is essential in evaluating the credentials and competence of new hires and becoming aware of any issues regarding personal integrity. That means, at a minimum, that companies should confirm an applicant’s work history and education as detailed on his or her résumé and follow up thoroughly with all references provided. Any embellished or false information or undisclosed history may be a red flag. The same scrutiny should be applied to new and existing suppliers, customers, and business partners, Deloitte’s Bishop says. (A number of outside security and risk-management firms, such as Kroll, will perform extensive background checks on a company’s behalf.) Finally, the ACFE recommends that after someone joins your staff, an evaluation of the new employee’s compliance with company ethics and antifraud programs should be incorporated into his or her regular performance reviews.
6. Prepare a data-breach response plan. With information loss and data breaches now the most common form of fraud, according to Kroll, it’s essential to establish a comprehensive response plan that will enable decisive action and prevent operational paralysis when a data breach occurs. Disseminate this plan throughout the company to ensure that everyone knows what to do in the event of a breach. In preparation, consider the following: Who will have a role in reviewing the policies and procedures on a predictable timetable? What are the physical security elements? When and how will they be tested? As additional motivation, consider that new regulations now impose severe penalties on firms that don’t have this aspect of security nailed down.