How to stop fraud before it happens
Stopping fraud before it happens is the ultimate goal of a successful fraud prevention and awareness programme. Whilst it is important that fraud prevention controls are robust and are methodically implemented, too often companies fail to recognize that it is the perception of the likelihood of detection and sanction which discourages a person from perpetrating fraud, rather than the actual effectiveness of the internal controls and anti-fraud measures.
Stopping fraud before it happens is the ultimate goal of a successful fraud prevention and awareness programme.Whilst it is important that fraud prevention controls are robust and are methodically implemented, too often companies fail to recognize that it is the perception of the likelihood of detection and sanction which discourages a person from perpetrating fraud, rather than the actual effectiveness of the internal controls and anti-fraud measures.
It is a notion best illustrated by way of an example.After leaving school, James was employed as a parking attendant in the parking lot of a shopping centre. With little training, James began work sitting in a booth at the parking exit collecting the parking fees from motorists. After two weeks of sitting alone in his small booth, it occurred to him that no one was watching. Since he needed money that day for lunch, he took R30 from the till. The next day he took another R30 and so it went on.After several weeks, a manager from the parking company arrived at James's parking booth unannounced. By reconciling the parking tickets with the money collected, the manager quickly established that James had stolen more than R1 000. When he was confronted by his manager, James admitted that he had "borrowed" the money without authorisation. He was summarily dismissed.
In this example, although the parking company may have had sufficient internal controls in place to detect fraud, those internal controls and anti-fraud measures were not clearly communicated to their employees, which allowed a perception to develop that there was an opportunity to commit fraud. The ultimate result was a loss to the company and the dismissal of an employee.
Although in our example James had no opportunity to commit and conceal his thefts, he believed that he did. This process also works in reverse - people who do in fact have the opportunity to perpetrate fraud, but perceive that they do not, are far less likely to commit fraud. The perception - not the actual likelihood - of detection determines whether or not a person will be tempted to commit fraud.
I do not, of course, suggest that a company could or should neglect the implementation of appropriate internal controls and anti-fraud measures but, rather, that companies need to recognise that, in addition to those internal controls and anti-fraud measures, steps need to be taken to address perceptions about the company's attitude to, and capacity for, dealing with fraud.
Setting the right "tone at the top" is one focus area for addressing employees' perceptions. An entity's senior management team sets the moral and ethical compass for others to follow. Surveys conducted by the Ethics Resource Centre have found that organisational culture is far more influential in preventing fraud than formal ethics and compliance programmes. Management must clearly communicate a zero-tolerance for fraud and reinforce that message often. Recommendations for establishing an appropriate tone within the organisation include obliging managers and leadership to themselves comply with the letter and spirit of the rules, and making integrity, ethics and compliance part of the promotion, compensation and evaluation processes.
It is also critical to develop an appropriate code of conduct that informs employees of the entity's expectations and requirements. A code of conduct should advise employees what they can and cannot do and should reinforce compliance with government laws, rules and regulations. At the very least, a code of conduct should include:
- A clear definition of fraud;
- A statement concerning conflicts of interest;
- The company's attitude towards client entertaining/gifts;
- A distinction between the seriousness of different offences; and
- That which constitutes fraud and dishonesty
The code of conduct must be communicated to all stakeholders and there should be a confirmation process in terms of which employees and stakeholders are required to sign a statement confirming that they have read and understood the code's requirements and will comply with them.Companies should also implement periodic training. New employee orientation is not sufficient. Periodic training throughout an employee's career reinforces fraud awareness and reduces the cost of fraud to an entity. Periodic employee training should include scenarios and discussions on ethical challenges relating to fraud, abuse, kick backs and other relevant issues. Training in general fraud awareness can be achieved through formal training, general discussions and case studies, the use of the company intranet, and through other company publications.
There should be fair, balanced and effective discipline. Actions speak louder than words. Employees must know that the company adopts a zero-tolerance approach for improper business conduct or fraudulent behaviour. It is vital that discipline is fair, appropriate and consistent for all employees, including very senior employees and directors.
The measures I have outlined are not exhaustive and should be implemented as part of a more comprehensive fraud and economic crime prevention strategy. The measures identified do, however, play an important role in shaping employees' perceptions. They constitute effective and cost-effective measures to prevent fraud.
Matthew Purchase is a senior associate at commercial law firm Bowman Gilfillan.
For more information please visit www.bowman.co.za
