EthicsPoint published this webinar focusing on proper and efficient investigations.
Meric predicted more fraud coming into the workplace as part of this down economy. Managers are focused on making their numbers and it is harder to do.
Profile of a fraudster:
- Likely acts alone
- Likely a male over 40
- Has worked at the company for a number of years
- Some college (and probably more) education
- no criminal record
- no history of job discipline
It is obvious from this that fraud risk is less on the person and more on the internal situation and pressures. The fraud triangle is a combination of:
- opportunity – compliance programs are in place to remove opportunities
- rationalization – when dissonance happens and gets justified as not stealing (for instance – entitlement, revenge, minimal damage, everyone else is doing it)
- pressure – how and when fraud happens when the pressure to commit fraud is greater than the pressure to not
In this down economy the pressure is increased. So we need to remove the opportunities.
What is the ideal opportunity for a fraudster:
- weak internal controls or ability to override
- Pressure to be dishonest
- perceived reward is relatively high
- perception of detection is low
- potential penalty is low
What is the best way to respond
- good internal controls
- raise the perception of detection
- manage pressures and incentives (this includes treated employees during layoffs and not setting difficult targets)
- focus on identified risks
- zero tolerance for fraud
Meric calls for doing a fraud risk assessment. Learn about the potential fraud risks inside your company and the impact on the external view of your company. You need to determine your own tolerance for fraud risk. You need assess both the likelihood and impact of the fraud. Then you can evaluate your internal controls to see if they are designed effectively and are they operating effectively. Then you need to address the residual risks that are not mitigated by existing controls or anti-fraud programs.
Meric points out that you need to take steps to detect fraud. One tool is a whistleblower hotline. But hotlines are passive. You need someone sufficiently motivated to pickup the phone and make the call. You should make fraud reporting a mandatory requirement.
Fraud generally continues until detected. Half of fraud schemes are discovered by accident.
Fraud allegations can come from many sources, so you should have a consistent protocol for investigating fraud. Your organization should have a best practice for investigations. You need to make sure the investigations are run consistently and are well-documented.
The investigator is not the police. As the investigator you need to think about the business needs. Your investigation should lead to process improvements and better internal controls.
One of the questions was how to prove ROI. Of course, compliance is all about preventing fraud and loss. So it is hard to show savings for events that did not happen.