We’ll be at Compliance Week National 2024 in Washington, D.C., April 2-4. Learn more or schedule a time to meet with us at the show here.

#Article

3 Keys to Addressing Fraud in your Organization


3 Keys to Addressing Fraud in your Organization

You can prevent it, you can detect what you didn’t prevent, and then insure against it when it happens anyway.

If you think workplace fraud won't occur in your company, you need to think again. If there’s one thing Stephen Pedneault, fraud expert, author and founder of Forensic Accounting Services, LLC., wants his clients to understand, it’s that just because you haven’t seen thousands of fraud cases in the news it doesn’t mean they aren’t occurring. Only one in nine fraud cases ever makes it into the media. The other eight are generally resolved quietly and without fanfare. In other words, it’s going on a whole lot more than most people are aware of.

And for the nine cases that are detected, there are thousands of others proceeding undetected for years, with company owners losing millions. According to the ACFE 2010 Report to the Nations, the typical organization loses 5 per cent of its annual revenue to fraud, translating to a potential global fraud loss of more than $2.9 trillion and, according to the study, frauds lasted a median of 18 months before being detected.

“There are only three things you can do to address fraud,” says Pedneault, “You can prevent it, you can detect whatever you didn’t prevent, and then you can insure against it when it happens anyway.”

1. Prevention

Small organizations are disproportionately victimized by occupational fraud, according to the ACFE Report. These organizations are typically lacking in anti-fraud controls compared to their larger counterparts, which makes them particularly vulnerable to fraud.

Many small business owners say they don’t have the resources to segregate tasks, for example, which is one of the most important methods of fraud prevention. “I entirely disagree,” says Pedneault. “I can take a company that consists of an owner and an employee and I could segregate the internal controls so long as the owner will be involved in the process and will take on some responsibilities. For example, whoever has access to accounts payable and has access to the cheque stock shouldn’t be the person who signs cheques, shouldn’t be the person who gets the signed checks back and shouldn’t be the person who mails the signed cheques out.”

“I’m a big fan of re-engineering the process. When you’re getting the cheques ready to sign, have them mail ready, so that when the signor signs the cheques … they keep going out the door. The only things that come back to accounts payable are the cancelled invoices to be filed. That eliminates a lot of opportunity.”

Preventative internal controls could include a policy in which only the owners are the approved signors and also the recipient of the returned cheques, says Pedneault. The writer of a cheque is the best person to know if the signature is forged.

The easiest way to detect forgery is look at the cancelled cheque images. Unfortunately, points out Pedneault, banks are becoming less willing to send back cheque images. Automated banking is effectively making fraud prevention more difficult.

2. Detection

One consistent result found in the ACFE report each year since 2002 is that the number one source of fraud detection is the anonymous tip. Based on this knowledge, Pedneault says an employer’s first priority should be to educate employees on their fiduciary duty to report fraud and give them the means to do it anonymously.

“Everyone is going to be afraid of retribution,” he says. “And so unless it’s an anonymous means that goes through an 800 number or a third party where their voice isn’t going to be traced back,” you won’t get results.

Outsourcing your anonymous tip line can mitigate some of the worry for whistleblowers. The company never hears the person’s voice; they just get a transcript of the information.

Put in place a process to review the transcripts from the tip line, as not all the information is going to be valid, says Pedneault. “If somebody who had an agenda put an allegation that wasn’t true and somebody was to have a knee-jerk reaction, the liability can be worse than the loss.”

3. Insurance

Pedneault is also an advocate of employee dishonesty coverage, which, he says, is almost always too low. You should carry at least $100,000 as your starting point, he advises. The policy coverage is “per-instance”, so if an employee is stealing for many years, committing hundreds of acts of embezzlement, it’s still one claim.

“If you lose 1.7 million and have a $10,000 policy, it’s safe to say I’ll get you 10,000 back without a challenge, but that’s it,” says Pedneault. So it’s important to assess your needs carefully. It’s unlikely a company will ever get money back from the employee who committed the fraud, so make sure your insurance coverage is adequate.