Identifying risks, assigning responsibility for mitigation, designing controls and evaluating effectiveness can’t be done overnight; and in every functional area likely can’t be done simultaneously. For some early, easy wins on the road to fraud prevention, consider the following:
1. Create & Communicate a Path for Reporting Anonymous Tips
43% of the frauds reported by the ACFE last year came to light because of tips, mostly from employees, but not insignificantly, vendors and customers as well. You could wait for a piece of paper to be tucked into your car windshield with an anonymous allegation of improper dealings by an employee, as one of our clients found, or you could take the proactive approach and provide a third-party phone hotline service, create a dedicated email address (fraud@yourorganization.com), or publish an easy-to-use web form right on your website. The key is to make sure the method allows for protection of the identity of the reporter – an employee or other stakeholder won’t report if they feel they could be retaliated against.
2. Establish an Internal Audit Function
The second most common method of detecting fraud is through internal audits. Internal audit could be the responsibility of one person, a whole department, or outsourced to an external provider. An internal audit function is responsible for strengthening governance, managing risk, and establishing and monitoring controls. Just make sure that the individual leading the charge is up to date on the new Global Internal Audit Standards, effective January 9, 2025, and that they stay independent of management. Reporting to the Board or Audit Committee Chair instead of the CFO, when able, is advised.
3. Examine Procedures Around Documentation & Reconciliation
When was the last time your policies and procedures around accounting functions were reviewed or updated? If your organization has been around a long time, don’t be surprised to see effective dates from the 90’s when you finally dig them out– our fraud investigators see lapses like this all the time. When bringing your documents current, make sure that you have adequate segregation of duties, and clear responsibilities outlined within them. Once issued, create a system for keeping them updated and accessible. That’s as easy as putting a reminder in your calendar to review the documentation and send a reminder email to employees about where to locate them at the same time next year.
4. Document & Enforce Regular Management Review
Deserving of its own place is this list is regular management review. As the old saying goes, “trust but verify.” In every instance within your policies and procedures documents that call for management review, make sure that specific steps for that review are outlined. When no steps exist – what to review, how to review, and how to sign off – an employee’s default is simply to “rubber stamp” what they’re looking at and move on. Take payroll registers for example – do you know how your managers review those from week to week? Hopefully they’re checking items like reasonableness of hours worked, accuracy of wage rates and benefits deductions, and total payroll against budget. Make sure your policies and procedures hold managers accountable for completing each step of their review responsibilities.
5. Develop & Communicate an Anti-Fraud Policy Through Anti-Fraud Training
An anti-fraud policy is exactly what it sounds like – a document that identifies the stakeholders in your organization, their responsibilities to prevent, detect, and report fraud, and describes the controls in place that uphold the security of information and safe custody of resources. A critical component of every anti-fraud policy should be a zero-tolerance policy, meaning any instance of fraud, waste, or abuse detected and verified will result in termination and reporting to authorities. The perception of being watched and the knowledge that jobs are at risk when fraud is found out are two strong deterrents for would-be perpetrators. Once published, an anti-fraud policy should be communicated to and acknowledged by employees at least annually and can be done via live or recorded anti-fraud training. Annual training is an excellent opportunity for leadership to demonstrate their commitment to ethical behavior and fraud prevention. Even better, the ACFE found that organizations that provided anti-fraud training to their employees and executives cut fraud losses in half. That’s an investment worth making!
6. Leverage your Human Resources Function to Identify & Reduce Risk Factors
More than 80% of the time, fraudsters exhibit behavioral red flags that are risk factors for fraud. The most common of these are living beyond means, personal financial difficulties, and close relationships with vendors, especially for personnel in operations, sales, and accounting. In his book, “Other People’s Money”, crime researcher Donald Cressey found that perpetrators of fraud face pressure from what he called “non-shareable personal problems”; examples include debt, divorce, addiction, often taboo topics that individuals are afraid to discuss publicly. Fraudsters perceive it easier to steal to cover up their issues than to ask for help. Does your organization offer an Employee Assistance Program (EAP)? This employee benefit doubles as fraud control, giving would-be perpetrators an avenue to pursue confidential help for their problems before they help themselves to your company resources.
7. Review these Components Annually at the Board/Executive Level
Appropriate governance includes the consideration of risk to the organization. If your Board of Directors or finance committee has never had a comprehensive discussion about fraud risk, now is the time. Consider including it as an agenda item at your next meeting. No Board? No problem. Next time your leadership team meets, put fraud risk on the agenda. Schedule a reminder in your calendar a year from now to include that item again. Governance and leadership have the duty to regularly review organization policies for adequacy. Ask yourself – are my controls working? Could they be stronger? If we have no internal audit function to perform this task, should we bring in an outside evaluator?
While this list is far from comprehensive, preventive actions like these send a very strong message throughout your organization that fraud, waste, and abuse is not tolerated, and leadership is committed to rooting it out.
How Bonadio Can Help
The Bonadio Group is led by proactive problem solvers who bring a unique passion and approach to our work—as a top-ranked national accounting and advisory firm, we are committed to actively listening to our clients and collaborating with you to develop tailored solutions for all your financial and business needs. For our Fraud & Forensic team, that means expertly tailored preventive and investigative solutions. Our suite of fraud prevention services includes:
| Service | Description | When to Consider | Approximate Cost |
| Fraud Hotline | Telephone number for personnel to anonymously report suspicious behavior to an expert within our Fraud & Forensic team. Annual prices based on employee count. | Client wants most cost-effective way to detect fraud. | $500 (<25) $1,000 (<100) $2,000 (<500) Custom (>500) |
| Anti-Fraud Policy | Set the tone for zero tolerance of fraud through the creation of critical anti-fraud policy documents for personnel to read and acknowledge. | Client wants to hold employees accountable to preventing, detecting, and reporting fraud. | $4,250 |
| Anti-Fraud Training | Develop and deliver custom training for personnel that explains the organization’s anti-fraud policies and controls to deter fraud. | Only available for clients with current anti-fraud policy. | $2,250 |
| Fraud Checkup | Evaluate critical business functions and risk of fraud through personnel interviews and policy/procedure document reviews. Written report of findings and recommendations delivered to leadership. | Client wants to benchmark their current controls (limited to cash, accounts receivable, and accounts payable) and hear recommendations for improvement. | $7,500 |
| Risk Assessment | Full evaluation of operational controls through personnel interviews and policy/procedure document reviews. Written report of findings and recommendations delivered to leadership, as well as optional Board presentation. | Client is aware of weaknesses and wants to overhaul their control environment using existing personnel. | $35,000 |
| Outsourced Internal Audit Function | TBG professionals act as internal audit department, evaluating and testing control areas designated by client | Client is aware of weaknesses and wants to overhaul their control environment using TBG personnel. | Custom |
In Case You Missed It!
This is article is a part of our “Leader’s Guide to Fraud Prevention” series, designed to provide ongoing guidance on simple, effective actions leadership can take to prevent fraud, waste, and abuse. Previous articles have explored everything from emerging fraud trends to critical risk areas like cybersecurity, as well as entity-wide recommendations for strengthening controls. By making a few strategic improvements to your fraud prevention environment, your organization can build a stronger foundation for long-term financial success.
Missed the other articles of the series? Check them out here:
- Risk Mitigation Starts with You | The Bonadio Group
- Fraud Facts & Misconceptions | The Bonadio Group
- How to Protect Your Business from Cash Fraud | The Bonadio Group
- Payroll Fraud: Understanding the Schemes Involved | The Bonadio Group
- Cash Disbursement Fraud Schemes and How to Prevent | The Bonadio Group
- Expense Reimbursement Fraud: Understanding the Risks | The Bonadio Group
- Understanding & Preventing Inventory Fraud | The Bonadio Group
- Preventing Financial Reporting Fraud: Key Strategies | The Bonadio Group
This material has been prepared for general, informational purposes only and is not intended to provide, and should not be relied on for, tax, legal or accounting advice. Should you require any such advice, please contact us directly. The information contained herein does not create, and your review or use of the information does not constitute, an accountant-client relationship.
