In early 2022, Elizabeth Holmes, founder and former CEO of Theranos, was found guilty on federal charges of wire fraud and conspiracy to defraud investors. Her false claims about her company’s blood testing services negatively affected patients, investors, employees, and, eventually, led to the downfall of her company.
According to the ACFE’s 2020 Report to the Nations, organizations lose an average of five per cent of their annual revenue to fraud each year. Fraud affects victim organizations indirectly, too, in the form of non-compliance fines, legal costs, and reputation damage. For smaller companies, fraud can be fatal.
Overall, corporate fraud prevention is easier and less expensive than trying to repair your finances and reputation after the fact. With the proper plans in place, you can effectively reduce the chances of fraud and theft and minimize the losses from schemes that have already occurred.
Want to recover more funds lost to fraud and prevent future incidents?
Download our free eBook to learn how case management software can help you track, manage, and prevent workplace fraud and theft more effectively.Get My eBook
All corporate fraud falls into one of three categories: asset misappropriation, financial statement fraud, and corruption.
This is the most common type of fraud, making up 86 per cent of all fraudulent activity. Asset misappropriation is essentially theft, when an employee steals or otherwise exploits the company’s resources.
Common examples include:
- Stealing cash
- Submitting false or exaggerated reimbursement claims
- Stealing non-cash assets (e.g. products, supplies)
- Drafting checks to themselves or another account they control
- Using company inventory, services, electronics, vehicles, or other resources for unapproved personal use
- Submitting false or exaggerated worker’s compensation or healthcare claims
Corruption is the second-most-common type of fraud, with 43 per cent of cases (ACFE). Corruption occurs when an employee uses their position or authority to influence business transactions for their benefit while violating their responsibility to the employer.
Examples of corruption include:
- Shell companies
- Conflicts of interest
Financial Statement Fraud
Financial statement fraud (also called financial statement reporting fraud) occurred in ten per cent of cases the ACFE studied but causes the highest median loss at $954,000.
This type of fraud involves purposefully omitting or misstating data in financial reports in order to mislead others about the company’s financial position and performance.
Fraudsters may create a rosy picture of the company’s success by falsifying balance sheets, inflating assets, creating fictitious revenues, or hiding liabilities.
External Fraud & Online Fraud
Business fraud doesn’t always originate inside your organization by disgruntled employees. Corporations should also be wary of outsider fraud.
For example, a call or email from what appears to be a trusted source (like your CEO) can trick employees to inadvertently share private information, such as bank account numbers.
As business transactions continue to move online, corporations are more susceptible than ever to cyber fraud. A scam or other malicious attack can put company equipment and files in danger. Without security software and thorough training, cybercriminals can steal your banking details and other confidential, and valuable, information.
Could your employees be stealing from you?
Download this free cheat sheet to learn the six things you need to do when you have reasonable grounds to suspect employee theft.Get the Cheat Sheet
Your organization might have thousands of employees, vendors, and partnerships. It’s important to observe and listen to anyone who has any involvement in your corporation, as a person’s behavior could indicate their intent to commit fraud.
An employee’s change in attitude can reveal risks or issues that need to be addressed. For instance, an employee who recently began criticizing the company or who has expressed that they are facing financial challenges may pose a risk of fraud or other misconduct.
Monitoring employee attitude and responding appropriately may minimize loss from fraud and improve workplace culture. An unhappy employee may be inefficient and can breed resentment.
In addition to monitoring attitudes, also monitor employee behaviors. An employee who hasn’t missed a day of work might be an over-the-top dedicated employee, but they might also have something to hide.
An employee who never takes time off, calls in sick, or goes for lunch or who often works early mornings and late nights may worry that someone will detect their fraud while away from the office.
Monitoring vacation balances, mandating days off, and even rotating employees to other jobs in the department can help prevent (or expose) corporate fraud.
A formal hiring routine is a must-have for large corporations to prevent fraud. A formal process consisting of background checks and scrutiny of past jobs will reduce the chances of bringing a former fraudster into the company.
Patricia Vercillo, VP of Operations at the Smith Investigation Agency and Smith Training Centre, says that, as a business owner, “you want to learn more about the person you’re bringing on board before it’s too late”. Truly getting to know prospective employees can prevent corporate fraud and other potential issues down the line.
Know Your Vendors and Partners
Just like you should know your employees, you should know your vendors and partners. Conduct regular audits of new vendors, as billing-scheme embezzlers set up and make payments to fictitious vendors.
Before getting into any relationship requiring trust (such as sending them payment after receiving a product or service) ensure you have collateral or some form of defense. This can be as simple as having a person’s or company’s physical address or trustworthy references.
Don't become a victim of vendor fraud.
Download this free cheat sheet to learn 16 ways to identify fictitious vendors before they can scam your company.Get the Cheat Sheet
Set up methods for reporting suspicions of fraud (e.g. hotline, webform, dedicated email address) to catch schemes faster and reduce losses.
Whistleblower tips are responsible for uncovering 43 per cent of corporate fraud schemes.
Internally, inform employees about your reporting mechanisms via email, posters in common areas, or even a company-wide meeting.
For honest employees, raising awareness about a fraud reporting hotline will improve the likelihood that they use it. For dishonest employees who are considering committing fraud, ongoing reminders about reporting suspicions will act as a deterrent.
Frequent sources of whistleblower reports include employees, vendors, competitors, customers, the general public, and acquaintances of the fraudster, so don’t forget to raise awareness for all parties. An internal poster for employees won’t be helpful or informative for the fraudster’s spouse.
A potential reporter might be hesitant to get involved, especially if they fear retaliation or punishment (if they’re part of the scheme). If possible, allow anonymous reports. This might encourage reluctant reporters to speak up, allowing you to catch fraud more often and faster.
Look into Every Report
It’s important to not only offer a whistleblowing hotline for tips, but to follow up on and check into every report. If you’ve implemented various reporting procedures but fail to follow up when whistleblowers do report their suspicions, it’ll all be for nothing.
For public companies, failure to investigate a tip could also result in fines from regulators.
If whistleblowers are doing their part by reporting fraud, do yours by following up.
One of the easiest ways to prevent fraud is to implement internal controls that make fraud harder to commit and easier to detect. This is an easy step considering many organizations do not have a formal program in place.
The term “internal controls” generally refers to plans, programs or processes that are used to track, control and safeguard assets, financial integrity, and fraud detection. Internal controls work to prevent corporate fraud, but their visibility also acts as one of the best deterrents to fraudulent behavior.
Some examples of internal controls you could implement include:
- Separation of financial duties
- Two-factor authentication to access company resources/data
- Mandatory leave requirements
- Surprise audits conducted by a third party
If you already have several controls in place but they aren’t effective, they might be out of date. When were they last evaluated or updated to reflect industry changes? Continuously monitor and update your strategies to ensure they’re working.
Segregating accounting duties is a great method of internal control. The general best practice is to ensure no one person has control over all parts of a financial transaction.
Instead, assign two workers to carry out financial tasks interchangeably. Have Worker 1 count cash, Worker 2 check the receipts and then Worker 1 can bring the deposit to the bank.
According to New York State’s Office of Mental Health’s Bureau of Audit, you should also:
- Separate handling functions from recordkeeping functions
- Separate purchasing functions from payables functions
- Ensure that the same person isn’t authorized to write and sign a check
- Require manager approval of time sheets
- Require two signatures above certain amounts
Transparency is critical but giving employees unlimited access to financial information and physical assets is asking for trouble.
For the majority of employees, restrict access to financial account data, inventory, assets, and checks. Lock away cash, check collections, credit cards, and financial account data. Restrict the number of business credit cards and the number of users. Finally, set account limits just in case.
For Vercillo, limiting access is a key ingredient to corporate fraud prevention. She suggests making “sure to keep physical assets and access to data secure, with limited personnel having access”.
Don’t over-replenish petty cash; limit the replenishment amount to a total that will last a couple of weeks maximum. Always reconcile the petty cash funds, too, before replenishing them to ensure there is no asset misappropriation taking place.
To reduce your risk of check fraud:
- Avoid writing checks payable to cash
- Don’t issue blank checks
- Only sign checks when they are filled out completely
- Deface and retain voided checks
Vercillo warns about the potential dangers of signing blank checks:
“This is a huge mistake and quick lesson learned if they get into the wrongs hands. Moreover, never give up signing authority, as this can make for a sticky mess if this authority is abused”.
Require and Review Documentation
Keeping, storing, and reviewing documentation is a great method of corporate fraud prevention. Not only are strict documentation rules a deterrent, but they also help stop a fraud scheme in its tracks.
With thorough documentation, you can verify that numbers line up monthly, weekly, or even daily. Thorough documentation might include maintaining and reviewing expense reports, phone bills, vehicle logs and odometers, company equipment logs, and receipts.
Scrutinize business bank accounts and credit card charges often. Online banking makes it easy to view credit card statements and account activity. Plus, online banking is more reliable since it cannot be manipulated as easily as a paper-based statement.
Remind employees that documentation is reviewed often as it is a critical part of your company’s anti-fraud strategy.
Implement Anti-fraud Policies
Follow best practices by solidifying them as policy. Often, corporations issue one large anti-fraud policy and in it include a code of ethics, a conflict of interest policy (use our Conflict of Interest Policy Template), an open-door policy, and other business procedures.
Topics to cover in your policy include:
- Guidelines for bidding for major contracts
- Disclosure of related party transactions
- Expenses and travel reimbursements
- Prohibition of signature stamps
- Appropriate use of company assets (e.g. electronics, vehicles, services)
- Purchasing guidelines
In the policy, also discuss common types of fraud and the consequences associated with them. Require that employees read and sign the corporate fraud policy to ensure they understand your company’s commitment to corporate fraud prevention.
Develop the policy, implement it, and then live by it. Lead by example by following all the rules meticulously, no matter your role or level of authority in the company. Embrace an open-door policy for open communication.
Train Employees on Fraud Red Flags
Employees who are familiar with fraud warning signs can help with corporate fraud prevention.
First, employees are less likely to fall victim to fraud themselves. External threats, such as a suspicious email or a fraudulent phone call, are less dangerous when the responding employee is familiar with these types of scams and knows how to respond.
Teach employees to “think before they click” and be cautious and attentive to who they are communicating with. This will help you avoid inadvertent leaks of proprietary or financial information.
This training can be beneficial for uncovering internal fraud as well. Employees in every area of the company should know fraud warning signs and how to report suspicions. Employees more likely than HR or upper management to notice their coworkers’ frauds firsthand and are your first line of defense.
Establishing a culture of ethics in your organization is the easiest way to prevent internal fraud.
Download this free checklist to learn eight steps you can take toward better corporate fraud prevention through ethics.Get the Checklist
In addition to documentation reviews, have an independent, impartial person conduct a comprehensive audit of the books regularly. Require this person to routinely audit areas that deal in cash, refunds, product returns, inventory management, and accounting functions.
Schedule occasional undisclosed audits in high-risk, critical business areas to help prevent fraud. Routine audits are great, but it gives fraudsters time and ability to better cover up their tracks.
Hire Experts for Help
Vercillo says that in addition to an in-house team, every corporation should have a third-party, such as an accountant, to review their books. “This is a great way to see exactly what is going on, and sometimes a second pair of eyes is all you need to notice suspicious activity,” she says.
Every once in a while, even if you don’t have suspicions or an incident, it’s good to hire a fraud expert. An experienced CFE, CPA, or someone with a CFF designation can help you establish anti-fraud policies, conduct an extensive audit, or just provide general financial guidance.
Despite having strong anti-fraud processes, organizations continue to experience fraud every day. For this reason, it’s important to develop a thorough fraud response plan before you become a victim.
Your plan should outline what to do if you discover fraud or at work. Break down employee responsibilities by department and level (e.g. worker, manager, etc.). Include instructions on how to:
- Report the scheme to law enforcement
- Inform creditors
- Retain files
- Conduct a fraud investigation
- Disclose to regulators and/or affected customers/clients/patients (for data theft)
Before you accuse an employee of stealing, make sure you have well-documented, indisputable proof.
Being prepared can make fraud less disastrous if it happens.
Use our free fraud response plan template to get started.Get the Template
Corporate fraud prevention is all about vigilance. With strong policies and employee training, well-maintained reporting mechanisms, and a plan for when fraud does happen, you’ll protect your company from financial hardship and reputation damage.