The negative impact of fraud on businesses is well documented and I have commented on the statistics in past blog posts. However, many business leaders still seem unaware of the risk. In a recent fraud seminar I conducted, there was almost an audible gasp in the room when I mentioned the Association of Certified Fraud Examiners estimate that companies lose, on average, 5% of revenues to fraud.[i] So, if you are feeling overwhelmed and uncertain regarding fraud as a business risk and how you as a manager or business leader need to respond, here is a simple first tip: establish a fraud policy for your organization.
An adequate fraud policy should contain certain elements that just won’t be found in the standard employee handbook. These elements include the following:
- A definition of fraud for the organization. Defining the term allows employees and other stakeholders to know what constitutes fraud and provides a foundation for the firm to take action when incidents occur in the organization.
- Assignment of responsibility. A fraud policy should specify that management is responsible for preventing and detecting fraud within the organization and that all employees have a responsibility to report suspicious or detected fraud incidents. In addition, general responsibilities with regard to processing and investigating reported incidents or suspicious transactions should be a part of the fraud policy.
- Reporting procedures. The fraud policy should provide guideline for communications relating to the investigation and resolution of incidents. This would include guidelines for how an employee is to report an incident, how communications will be handled during an investigation, and the necessity of confidentiality.
- Whistleblower protection. The organization must make it clear that retaliation against employees who report incidents will not be tolerated. There should also be a process for employees to use to file a complaint if they feel they have been a target of retaliation in any way.
- A fraud policy should summarize the potential consequences of committing fraudulent acts.
The fraud policy is not the end of the road but putting the policy in place and communicating throughout the organization will provide a solid foundation for putting into place an effective fraud prevention program for the organization.
[i] Association of Certified Fraud Examiners, Report to the Nation on Occupational Fraud and Abuse (2014): 4.