After a company has experienced internal fraud and has investigated the situation, how do they address the issue of fraud prevention?
Moving forward after an internal fraud requires that management actually make good on promises to prevent future frauds. It is sometimes difficult to get management to make changes, because they view changes as another cost on top of the cost of the fraud and the investigation. But shoring up internal controls is necessary if the company really wants to improve after a fraud.
The wise members of company management are interested in remediation after an internal fraud is discovered, and often they look to the fraud investigator for guidance in this area. It makes sense to have someone well versed in fraud schemes help management make improvements for the future.
Naturally, the vulnerabilities in the company’s system revealed after the theft should be addressed first, and any holes in the system should be closed. Job duties should be analyzed, and some tasks may need to be reassigned to prevent any single employee from having too much control over a function. Segregating duties is one of the most basic fraud prevention controls that all companies should implement, and in reality this is a very cheap method of fraud prevention if it is done correctly.
Management should strongly consider establishing a fraud hotline. It is an inexpensive way to offer employees an anonymous, confidential method to report suspected fraud. Statistics show that an employee tip is one of the most common ways internal fraud is discovered, and a hotline helps facilitate the reporting of fraud.
More extensive fraud prevention measures include creating stronger internal controls and completing regular audits of vulnerable areas of the company. If done correctly and thoroughly, this process can be time-consuming, but it is typically a worthwhile investment, because bad internal controls are nearly useless.
Managing the fraud risk when there has been an executive-directed fraud is often more difficult. It involves the employees who have the most control over everyone and everything at the company. If the CEO wants something done, most times it is going to get done whether out of employees’ fear or obedience. Upper management fraud can often be stopped only through stronger corporate governance. This deals more with independent oversight of management and operations, rather than managing detailed transactions and interactions.
Improved corporate governance means better oversight of management via a board of directors with independent members who have no employment or other material relationship with the company. If these board members are truly independent, they are more likely to take action when suspicions of fraud or unethical behavior are raised. The board must be committed to ethical behavior from all employees at all times. They must exhibit the type of behavior they expect, thereby setting the tone at the top. The board must be willing to investigate allegations of fraud or inappropriate behavior. They must not be thwarted by management, exercising their own judgment in determining what must be investigated.
In addition to independent directors, good corporate governance requires an audit committee with financially literate members and at least one financial expert. The audit committee must also have the authority to initiate investigations and seek legal counsel and advice as it deems necessary.
The nominating and compensation committees of the board of directors also must be comprised of independent directors who have no vested interest in their decisions. When compensation is tied to the company’s financial performance, there may be an incentive of sorts for management to cheat on the financial statements. The compensation committee must balance that risk with the benefit of giving management incentives to grow the company. Boards of directors and committees must meet regularly, and must do so without management being present. This ensures that management does not exert undue influence over the board or the committees.
It is easy to see why management may shy away from the process of fraud prevention, even after being taken advantage of by a dishonest employee. It can become a huge project, and it can cost a lot, depending on how thorough management wants to be with its fraud prevention efforts. But common sense should tell management that they must make an effort to create stronger controls to prevent internal fraud. The next fraud could put the company out of business. It should only take one major fraud for management to have a vested interest in improving fraud prevention within the company.
