In 2010, losses due to fraud were estimated at 5% of the world's gross domestic product.*

One of the lessons to be learnt from the recession is that few, if any, companies can ignore the threat of employee fraud. This is not only because the incidence of fraud is increasing, but also when it does occur shareholders, bankers and other investors want to know what precautions the company directors had taken to prevent or limit the damage. Ignorance of fraud is no defence. The ostrich mentality of 'it won't happen to me' is no longer acceptable. Fraud is now recognised as a business risk to be managed in the same way as any other business or financial risk.

So what practical steps can be taken to reduce the threat of employee fraud? When fraud happens, how can we mitigate the loss and bolster the confidence of the investors that the directors are still in control?

The guiding principals for an effective fraud risk strategy are prevention, detection and investigation. The strategy must address all three principals in equal measure. In an ideal business world, prevention controls would be strong enough to stop all fraud, but this would also grind the company into the ground under the bureaucratic burden. Also, past experience has taught us that if a fraudster is sufficiently motivated and can justify his action, fraud will happen despite the tightest controls. We therefore need the other principles – to be able to detect fraud as it is happening and then investigate it once detected – or as is more likely, for someone to blow the whistle.

These three principles should be linked in a virtual circle where lessons learnt from investigations are used to improve controls, where weaknesses in controls identified during prevention activities lead to selected detection procedures, which in turn instigate investigations.

Don't think fraud won't happen to you; rather than waiting for the inevitable review your anti-fraud procedures now. Here are a few elements every business can easily incorporate into their control environment.

  • Fraud risk assessment – understand the fraud risks that you face.
  • Pre-employment screening – ensure that all staff are appropriately screened before you employ them or before you promote them into a more sensitive role.
  • Whistleblowing procedure – ensure employees know how to report suspicions of fraud.
  • Senior management accountability – make sure responsibilities for fraud prevention are understood.
  • Audit of employee compliance with policies and procedures – test controls, don't just assume they are effective.
  • Tone at the top – consider senior management's attitude to employee fraud and how they communicate this attitude to their employees.
  • Corporate culture – encourage the corporate culture to support the business' attitude to fraud.
  • Fraud awareness training – train staff to understand what fraud looks like and the damage it can do to the business.
  • Code of conduct – clearly communicate codes of conduct with employees.
  • Disciplinary procedure – explain clearly to staff the consequences of committing fraud.
  • Reporting fraud to the authorities – make your company's attitude to reporting fraud clear.
  • Career counselling – consider how you manage the careers of your staff.
  • Employee complaints – develop a communication system for employee complaints, this is by far the most likely avenue of discovering fraud.
  • Employee participation in own performance goals – allow staff to feel they have some control over how their performance is appraised.
  • Avoid excessive rewards and punishments – discourage excessive rewards and punishments for performance within your business – especially difficult in the finance sector – as these can be strong drivers for fraudulent behaviour.

*Per the Association of Certified Fraud Examiners.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.