The first hurdle in developing an anti-fraud program is simply understanding you need one. The next is overcoming that overwhelming feeling that comes from not knowing exactly what one looks like. You know you need it, but how do you design it? Where in the world do you start? What does it even look like? How do you know it is thorough? How do you know when you’re finished?
So much of my job is investigating and interrogating to determine the scope of a fraud. I much prefer conducting consultations with businesses to help prevent fraud.
When performing a consultation, I look through procedures and policies within the company to determine where vulnerabilities exist:
One time, an employee walked into our interview, and before he was even fully sitting, he was explaining the amount of responsibility he alone had with cash coming into the company. He alone was responsible for taking cash from customers, posting in accounts receivable, depositing the cash, and reconciling bank statements. He was overwhelmed with the pressure he knew rested on him. Fortunately, this wise man wanted internal controls. He wanted the company to create job responsibilities that removed the pressure of accountability for all cash handling. Can you imagine the cash loss if he chose to steal? This company worked hard to perform a thorough risk assessment, and then provided new control activities with their employees.
Another consultation revealed a company who had good intentions with controls but lacked any follow through. Within their multiple stores, they only had one cash box at each location. 2-3 employees had keys and access to the cash at any given time. Only one location kept the cash box in an office with a detailed “sign in/sign out” reporting sheet. The other locations simply floated the boxes around as needed, with employees putting cash in and taking cash out with no reporting throughout the day. Not only a huge vulnerability to theft, this is just bad business practice. This company worked to improve their training and monitoring of controls that had been ignored and neglected.
Vulnerabilities and weaknesses will arise as your business grows and changes. With a well-designed anti-fraud program, you can catch these new challenges and face them with confidence. As part of our consultations, we help businesses through the process of developing an anti-fraud program to protect against fraud according to their unique needs.
COSO, the Committee of Sponsoring Organizations of the Treadway Commission, has an excellent structure for designing an anti-fraud program within your company. I love this structure and have worked for decades developing specifics and tweaks. COSO outlines 5 elements of internal control, and I have modified my approach to include 6.
6 elements of an Effective Anti-Fraud Program
1. The Control Environment
Demonstrate to employees and those you work with closely that you value integrity. Build an environment of accountability from the very beginning. The “perception of detection” deters an incredible amount of fraud before it even begins.
2. Risk Assessment
I believe this is the most neglected area of internal control. It is not necessarily intuitive. It is such a personal piece of the process because your business and its people are unique. You must evaluate your specific business dealings and interactions to determine where you are most at risk for fraud.
3. Control Activities
These are your actual checks and balances. These activities are specific to you and your business; they represent the response to risks identified in the risk assessment process. Develop practical procedures to be sure you and your employees are holding to the standards you have set.
4. Information: Program Documentation
This is where you commit your internal control design to written form. There is no way any one person can memorize all aspects of an anti-fraud program. Everyone in your company should have access to this information, not just those performing the activities or maintenance.
5. Communication: Fraud Training Program
Once written, your program must be communicated to staff. How is this done? Memos? Periodic trainings? Binders for all? An effective program is designed well, documented well, and taught well. You can also get feedback on how your control activities are working.
Don’t design a fantastic program and then never touch it again. Effectiveness comes from allowing your program to grow and change with your company. Check to see if staff is complying with your controls. If not, why? Is it a problem with the employee not following through, or a problem with how the control is designed? Either way, people and procedures need adjustment and assistance as businesses mature.
This framework can seem daunting at first. My desire is to help every business find the confidence to develop and maintain an effective anti-fraud program that not only protects their assets and goals but allows them to grow and excel.
If you would like more guidance on building or revamping your anti-fraud program, begin with the following posts:
Explore all the resources we have to offer as you adjust and improve your anti-fraud program. Contact us for an Internal Controls Consultation for a personalized, custom approach.
Empowering small businesses to develop strong Anti-Fraud Programs is our mission. We provide consultations to design, evaluate, and improve your anti-fraud program. You can also get a step-by-step guide to design a program that can be tailored for your specific needs by purchasing Steve Dawson’s book, Internal Control/Anti-Fraud Program Design for the Small Business.
If you think there may already be fraudulent activity in your company, contact us today through our website.