“Today is about survival. If you get blasted, you’re dead. Quick! What’s the first thing you’re going to need? The most important piece of equipment is your shield! If you must make a choice between a sword and a shield, take the shield!” Gobber – Viking Elder/Dragon SlayerTrainer – How to Train your Dragon
Protecting one’s assets is crucial to every organisation (or castle). When it comes to fraud and the management thereof, you need to have the right ‘shields’ in place to ensure that the perpetrators of fraud look elsewhere, provided that your defences are:
2. Aware to all (within the organisation)
3. Capable of achieving its objective, that is, to deter fraudsters / defend from fraud attacks
To achieve this level of defence requires laying the appropriate foundational building blocks that will make your shield strong and resilient to the risks that are prevalent within your business environment. Without this foundation, your shield will not last the battle against the (Fraud) Dragon!
Based on fraud prevention best practices and the ACFE Fraud Prevention Check-Up*, your ‘fraud shield’ (see opposite graphic) should comprise of the following layers, namely:
Shield Level 1
Fraud Risk Oversight and Ownership
Shield Level 2
Fraud Risk Assessment and Tolerance
Shield Level 3
Anti-Fraud Controls at both a Process and Environment Level
Shield Level 4
Proactive Fraud Detection
Each of these Shield Levels works on an interwoven and interdependent ‘fraud preparedness’ principle whereby the ‘fraud shield’ will become more effective when all the parts are working in unison.
So let’s help you get your ‘fraud shield’ ready for battle!
Without Oversight and Ownership, the risk of fraud occurring will materialise and the focus will be reactive in nature. Some things to consider are:
· Establish a process for oversight of fraud by those charged with governance
· Create a fraud risks ‘owner’ within senior management that is responsible for managing all fraud risks within the organization
· Communicate to business unit managers that they are responsible for managing fraud risks within their area
Without Assessment and Tolerance, the identification of and treatment of those fraud risks goes undetected and unresolved. Some things to consider are:
· Implement an ongoing process for regular
Identification of the significant fraud risks to which the organisation is exposed
· Determine your organisations fraud risk tolerance levels, that is, what fraud risks are you prepared to live with
· Develop a policy on how to manage your organisations fraud risks
Without Environment and Process-Level Anti-Fraud Controls, the business environment remains in a state of flux whereby no ‘key touch points’ of control can be relied upon to detect anomalies arising within the business. Some things to consider are:
· Implement appropriate cost-effective measures to eliminate or reduce through process re-engineering each of the significant fraud risks identified in the risk assessment
· Implement measures at the process level that are designed to prevent, deter and detect each of the significant fraud risks identified in its risk assessment
· Create a workplace environment that promotes ethical behavior, deters wrongdoing and encourages all employees to communicate any known or suspected wrongdoing to the appropriate person.
· Develop a code of conduct/ethics and ensure all staff are made aware of it
· Conduct regular fraud awareness and training sessions
· Create appropriate communication mechanisms where staff can report potential wrongdoing
Without a Proactive Fraud Detection and a good reactive / investigative response, the ability to learn from the modus operandi and apply these learnings back into the organisation is lost. Some things to consider are:
· Implement an appropriate process to detect, investigate and resolve potentially significant fraud
· Develop proactive fraud detection tests that are specifically designed to detect the potentially significant frauds identified in the organization’s fraud risk assessment
Now that the shield is taking shape, you need to put it all together. This is where everything rises and falls on people, but more on that in the next instalment.
* The ACFE Fraud Prevention Check-Up is a freely available resource offered by the Association of Certified Fraud Examiners can be downloaded from their website – http://www.acfe.com/resources/publications.asp?copy=fraudprevention