Kelly Todd, CFE
Managing member & member in charge of forensic investigations
Forensic Strategic Solutions, LLC
The growing abundance of internal and external threats can make it difficult to stay ahead of fraudsters. While fraud itself hasn’t changed all that much in recent years, the risks continue to grow in both size and complexity as technology changes and the ability to move, share and expose corporate assets becomes easier.
In today’s technology-crazed age, the scope of risk is growing, and businesses that do not keep up with evolving threats will be vulnerable. Here are some tips on how to keep up:
- Monitor your data. In the past, this meant monitoring transactional data to proactively identify anomalies indicative of fraud. Now, however, fraud can be committed in a variety of ways, including uploading sensitive data to the “cloud,” emailing company information, and saving sensitive information on a smartphone or sharing via social media. It’s essential to safeguard your company’s information to ensure it is not shared outside of your business in a malicious manner. Monitoring technology that promptly notifies you when company data is leaving the office, or when shared online, is readily available. Talk with your data security professional for the appropriate solution to monitor and secure your sensitive data.
- Establish proactive communication with employees around fraud. Educate your employees on what is and is not appropriate regarding the use of company technology and handling of company information. Establish policies that define the expectation of privacy and your company’s right to monitor network activity. Hold regular training on fraud and ethical behavior in the workplace and establish a chain of command in dealing with suspected fraudulent activity so that your employees are well-equipped to deal with any ethical dilemmas.
- Implement company policies on confidentiality and nondisclosure. Upon hiring, employees should be given information on confidentiality policies they must sign and agree to. If your current employees were not subjected to these agreements upon their hiring, implement the policies and require each of your employees to consent. If an employee violates the company policy, they should know that there will be consequences. If an employee leaves the organization, enforce agreed-upon nondisclosure terms.
- Set up a whistleblower hotline. Most frauds are discovered by tip or by accident, according to the 2016 ACFE Report to the Nations. It is important that employees work in an environment where they feel they can speak up if they see wrongdoing. Whistleblower hotlines often generate a wide range of reports – implement a few guiding principles around the type of matters that get reported to the audit committee, including significant deficiencies in internal control, senior management malfeasance, accounting irregularities, theft and financial losses, and broad deviations from the organizations anti-fraud policies.
- Hire the right people. Mitigate fraud risks by preventing nefarious actors from gaining access to your data in the first place. A thorough vetting of new hires remains critical. All too often, the unfounded belief a former employer won’t share anything of value keeps references from being checked – but if you don’t ask, you will never know. Pick up the phone and check those references.
Internal controls have been the standard to prevent fraud in the workplace, but as the landscape becomes more multifaceted, new measures like the ones above are necessary.
Despite efforts to prevent fraud, the unfortunate reality is that it still happens. Stay tuned tomorrow for my five tips on what to do once fraud has been detected.