In today’s blog, we focus on 10 Steps To Mitigate Fraud Risk And Increase Profitability. These recommendations came about as a direct result of the questions we’re often asked by companies on how they can prevent fraudulent activity.
Unfortunately, there isn’t one step that reduces all incidences of fraud. This requires companies to take many diverse and comprehensive steps to mitigate risk and prevent fraudulent activity across their enterprise.
Very simply put, when companies decrease fraud – they increase profitability.
Ten Steps to Mitigate Fraud Risk and Increase Profitability
Clearly, there are more fraud prevention steps that companies can take to mitigate fraud risk and increase profitability but these very high level steps will help ensure your company is headed in the right direction.
1) Foster an ethical, “Tone At The Top” atmosphere in the workplace that starts in the boardroom and “trickles down “ through middle management to all employees.
When senior executives establish a positive business culture, based on ethics and integrity, employees will follow their lead.
The classic corporate greed scandals from early 2000 demonstrate the need for an ethical business culture.
2) Properly screen all new employees using industry best practices.
Estimates are that 50% of all resumes submitted contain false or misleading information. It’s absolutely imperative that employers conduct thorough due diligence & background checks to properly screen potential candidates and verify their backgrounds.
As one company found out, failing to do so may mean that you just hired someone else’s embezzler to be your new CFO.
3) Routinely evaluate and update your definition of fraud.
The only constant about fraud is change. Fraud is incredibly fluid and dynamic. Processes, procedures and practices, which are based on a static definition of fraud are largely ineffective in fraud risk management programs and contribute to increasing losses and decreasing your ROI.
A company experiencing lackluster fraud unit performance recently evaluated their definition of fraud. Then, armed with a new fraud definition, they updated their processes, practices and procedures to reflect current trends. They immediately noticed a significant performance increase in their anti-fraud and loss mitigation efforts.
4) Identify fraud risks and prioritize them, creating an evolving fraud risk mitigation strategy with robust anti-fraud processes and procedures.
Fraud risk management strategies should always target the biggest risks first. It is imperative that companies understand their risks and the potential impact of failing to take action to mitigate them.
Mitigating the first risk doesn’t end the risk mitigation effort, as it’s a cyclical process. Failure to pay attention to risk mitigation could mean loss of a company’s proprietary information, trade secrets, consumer’s PII and also result in brand damage.
5) Institute strong internal controls and test them regularly in accordance with customer demographics, products and services you provide.
See #3 – fraud is fluid. A percentage of a company’s internal controls, like the definition of fraud, must adapt and change according to: the type of business you’re in, your customer base, your risk tolerance, regulatory requirements and the products and services you provide.
A failure to implement robust internal controls and test them regularly invites dishonest employees to circumvent the controls and embezzle millions of dollars.
As many companies have learned the hard way, getting your money back from a casino, where the employee lost most of it, isn’t that easy.
6) Implement effective anti-fraud technology.
Technology isn’t the “end all” anti-fraud solution but it’s definitely a key component of any effective anti-fraud strategy. Given the significant financial investment, time commitment and computing resources required to install the technology platform, it’s imperative that companies fully vet the technology before purchase.
Getting it right can pay big dividends. Recently, a company installed a new anti-fraud technology platform and received an 8:1 return on their investment. In this economy, that’s significant.
7) Thoroughly evaluate your Business Code of Conduct (Ethics) Hotline and the processes, procedures and personnel used to administer it.
Installation of an ethics hotline in accordance with SOX requirements doesn’t absolve companies of further management interaction in the process.
Choosing an outside vendor, or utilizing an in house program, is a solid first step. Internal management, evaluation and updates of the process on a regular basis is critical to ensure you’re system is working properly and employees avail themselves of the resource.
Completed investigations, and the investigation process, should be reviewed regularly to ensure they are conducted in a thorough, timely and impartial manner.
A poorly administered ethics program is synonymous with not having one at all.
8) Provide “regular” and “relevant” anti-fraud/ethics training for your employees.
Having well-trained and educated employees is an imperative part of any effective risk management strategy. There’s no better way to increase employee awareness than to provide annual training on current trends and company policies, practices and procedures associated with fraud and internal controls.
Employees, who receive little to no anti-fraud, or risk management training, are more unaware than those who do and pose a significant liability in the attempt to mitigate fraud losses.
9) Break down silos – think holistically about fraud risk and ensure transparency.
Siloed work units tend to act autonomously and as an “independent business.” This “compartmentalized” business approach prevents uniform corporate compliance and fraud risk management strategies from being effective.
Ensuring that fraud risk management strategies transcend all business units, irrespective of location, ensures transparency and a holistic risk management approach.
The failure to implement holistic anti-fraud strategies results in singularly focused, disjointed and largely ineffective fraud risk management efforts which directly contribute to increased corporate losses and decreased ROI.
10) “Think like a criminal,” proactively identifying business weaknesses and patching holes before they’re exploited!
The value to this approach is that you get out in front of problems before they occur. A proactive fraud prevention program is an effective fraud prevention program.
Ask any company that’s been victimized by a large scale breach. The millions of dollars spent remediating the breach and the millions of revenue dollars lost could have been prevented with a more proactive approach to fraud vulnerability.
The last estimates from the Heartland breach in 2009 were that it cost them them approximately $140,000,000. If that’s what was reported, the “actual” loss numbers are probably higher.
Final Words – The Risk Management Cycle
The risk management cycle isn’t a “one time” effort, but a cyclical, constantly evolving process that changes over time as businesses mitigate fraud risk factors and new fraud risks appear on the global radar screen.
The implementation of these ten steps are key to mitigating fraud risk and improving profitability. While certainly an excellent step in the right direction, they are by no means a representation of the complete enterprise wide fraud risk management program companies need to have in place to mitigate fraud being committed against their enterprises.
To identify other corporate fraud risks and vulnerabilities, the first step involves a complete enterprise fraud risk assessment.