Q: I would welcome any suggestions about getting fraud prevention techniques into play with line-of-business employees. Is it more a question of training or accountability? What works?
A: The best practice is definitely training. Employees involved in accounts payable functions or purchasing functions and any employee who submits expense reports are the most susceptible to fraud. Training these individuals, as well as all employees, on company policies, procedures and code of conduct is imperative.
More financial fraud prevention tactics
- How fraud investigators work to combat data theft
- ACFE profile: Going broad on fraud
- The ERP security challenge
- Separation of duties and IT security
Accountability plays a large role in deterrence. When employees realize the company will take a hard stance on fraudsters, they will think twice about committing a felonious act. I have seen companies publish a quarterly newsletter containing articles about dishonest acts perpetrated against the company, travel security advice and safety measures. The important item within these stories regarding fraud was the disposition of the case so the readers would know the company's stance on these issues.
Other processes can also assist in the fraud detection and prevention realm. According to data from other companies, the most successful is a fraud hotline. This type of medium allows for employees to anonymously report violations of company policies that might otherwise go undetected.
Q: When I detect or suspect fraud, how should I manage a case if I am not the main investigator? What kind of progress reports should I provide to the CEO and to HR, and how do I document that the investigation has been handled correctly if there is a lawsuit afterwards with an employee involved?
A: If you suspect or detect fraud, the best practice is to inform a fraud professional immediately so any action by someone else will not compromise the investigation. Fraud professionals within my organization initiate an investigation. Any activity regarding the case is documented in our case management system, which allows anyone in the security organization to check the progress on a case. The VP of legal is updated on security-related investigations and events through monthly status reports. Human resources should be involved only in fraud investigations that involve an employee. The role of HR is not an investigative one, but to provide advice and guidance regarding personnel decisions after an investigation has been completed. In cases involving an employee, my security managers notify an HR consultant early in the investigation. All investigative activity is documented in a report of investigation, which is then provided to legal, HR and the employee's department. The report is used to decide discipline and as a factual representation of the case for possible litigation. These reports should not be contained in the employee's personnel file.
Q: Are software and technology providers making any advances in fraud detection?
A: Numerous software companies have designed products that perform fraud tests on real-time, daily transactions. They can also conduct tests on historical data. This software attaches to a company's systems for accounts payable, accounts receivable, expense reporting or any system that conducts financial transactions. Tools can examine every transaction (both financial and administrative) and run each transaction against a series of tests. The more common indicators of fraud include a vendor address that is the same as an employee address, duplicate invoice numbers and multiple changes in vendor identity fields. Most of the software currently available runs approximately 100 tests per transaction. These automated daily reviews provide exception reports when a transaction is flagged. The software not only detects potential fraudulent activity but can also recognize legitimate mistakes. Companies with this type of software in place have saved tremendous amounts of money by identifying fraud early and by locating legitimate mistakes before payments are made.
Q: What's the interplay of financial fraud prevention and other security measures?
A: Proactive fraud detection programs, along with the other measures mentioned above, are part of a total security program aimed at protecting a company's assets. Security measures implemented by a company rely on each other to be successful. For example, a good fraud prevention program could not be successful without a computer security program in place or a focus on protection of intellectual property.