5 Ways to Mitigate Fraud Risk

RISK gauge.jpg

GUEST BLOGGER

Kelly Todd, CFE
Managing member & member in charge of forensic investigations
Forensic Strategic Solutions, LLC

The growing abundance of internal and external threats can make it difficult to stay ahead of fraudsters. While fraud itself hasn’t changed all that much in recent years, the risks continue to grow in both size and complexity as technology changes and the ability to move, share and expose corporate assets becomes easier.

In today’s technology-crazed age, the scope of risk is growing, and businesses that do not keep up with evolving threats will be vulnerable. Here are some tips on how to keep up:

  1. Monitor your data. In the past, this meant monitoring transactional data to proactively identify anomalies indicative of fraud. Now, however, fraud can be committed in a variety of ways, including uploading sensitive data to the “cloud,” emailing company information, and saving sensitive information on a smartphone or sharing via social media. It’s essential to safeguard your company’s information to ensure it is not shared outside of your business in a malicious manner. Monitoring technology that promptly notifies you when company data is leaving the office, or when shared online, is readily available. Talk with your data security professional for the appropriate solution to monitor and secure your sensitive data.
  2. Establish proactive communication with employees around fraud. Educate your employees on what is and is not appropriate regarding the use of company technology and handling of company information. Establish policies that define the expectation of privacy and your company’s right to monitor network activity. Hold regular training on fraud and ethical behavior in the workplace and establish a chain of command in dealing with suspected fraudulent activity so that your employees are well-equipped to deal with any ethical dilemmas.
  3. Implement company policies on confidentiality and nondisclosure. Upon hiring, employees should be given information on confidentiality policies they must sign and agree to. If your current employees were not subjected to these agreements upon their hiring, implement the policies and require each of your employees to consent. If an employee violates the company policy, they should know that there will be consequences. If an employee leaves the organization, enforce agreed-upon nondisclosure terms.
  4. Set up a whistleblower hotline. Most frauds are discovered by tip or by accident, according to the 2016 ACFE Report to the Nations. It is important that employees work in an environment where they feel they can speak up if they see wrongdoing. Whistleblower hotlines often generate a wide range of reports – implement a few guiding principles around the type of matters that get reported to the audit committee, including significant deficiencies in internal control, senior management malfeasance, accounting irregularities, theft and financial losses, and broad deviations from the organizations anti-fraud policies.
  5. Hire the right people. Mitigate fraud risks by preventing nefarious actors from gaining access to your data in the first place. A thorough vetting of new hires remains critical. All too often, the unfounded belief a former employer won’t share anything of value keeps references from being checked – but if you don’t ask, you will never know.  Pick up the phone and check those references.

Internal controls have been the standard to prevent fraud in the workplace, but as the landscape becomes more multifaceted, new measures like the ones above are necessary.

Despite efforts to prevent fraud, the unfortunate reality is that it still happens. Stay tuned tomorrow for my five tips on what to do once fraud has been detected. 

4 Ways to Protect Your Company’s Pot of Gold

AUTHOR'S POST

Mandy Moody, CFE
ACFE Content Manager

Don’t worry; I’m not going to go all Lucky Charms on you this St. Patrick’s Day and toss out a bunch of thinly veiled Irish puns. You would only be so lucky…sorry, I couldn’t resist.

But, I did want to take this opportunity to remind you about the cost of fraud to your organization and how to add four easy best practices that will help protect your company’s hard-earned pot of gold. Organizations worldwide lose an estimated 5 percent of their annual revenues to fraud, according to the ACFE’s 2016 Report to the Nations on Occupational Fraud and Abuse. A single instance of fraud can be devastating: the median loss per fraud case was $145,000, and more than a fifth of the cases involved losses of at least $1 million.

The good news? There are some basic steps your organization can take to lessen your vulnerability to fraud:

1. Adopt a Code of Ethics.
Be proactive in setting a tone for management and employees. Evaluate your internal controls for effectiveness and identify areas of the business that are vulnerable to fraud.

2. Establish Hiring Procedures.
When hiring staff, conduct thorough background investigations. Check educational, credit and employment history (as permitted by law), as well as references.

3. Implement a Fraud Hotline.
Fraud is still most likely to be detected by a tip. Providing an anonymous reporting system for your employees, contractors and clients will help uncover more fraud.

4. Increase the Perception of Detection.
Communicate regularly to staff about anti-fraud policies, ways to report suspicions of misconduct, and the potential consequences (including termination and prosecution) of fraudulent behavior.

Implementing these tips could help prevent your organization from becoming a statistic, and help keep your pot of gold safe and secure. I leave you with this Irish blessing: “Here’s to you and yours, And to mine and ours, And if mine and ours ever come across you and yours, I hope you and yours will do as much for mine and ours as mine and ours have done for you and yours!” Cheers, everyone!

5 Background Check Red Flags You’re Probably Missing

GUEST BLOGGER

Dennis Lawrence, CFE

Lawrence is a former U.S. Army Counterintelligence Special Agent and Investigations Manager at a publicly traded software company. He is a graduate of The Johns Hopkins University.

Whether vetting a new employee or an expert witness, we’re all familiar with the basic components of a background check. The industry standard includes a comprehensive criminal records search along with verification of educational credentials, employment history and professional licenses. Perhaps civil litigation searches and a credit report are thrown in as well. But are your background checks exploring the issues below that aren’t as easy to discover and could do the most damage?

  1. Secret companies and conflicts of interest
    Side businesses are becoming increasingly common as it is simpler today than it has ever been to set up your own website and LLC. However, these entrepreneurial projects aimed at earning extra income can potentially lead to conflicts of interest or outright fraud. How valuable would it be to learn that the new head of your IT department is purchasing marked up equipment and services from a company he quietly owns but is managed by a seemingly unrelated party? If you’re serious about boosting your capabilities in this arena, try testing out an investigative database offered by one of the big name legal research providers.
  2. Shell companies used to backstop employment history
    Individuals who have been let go from an employer may sometimes conceal a subsequent period of unemployment by representing on their résumé that they started their own business. Curiously, however, the business was only in operation until they found a new job six months later. I once observed a particularly clever Wall Street professional who had recently been released from prison create an LLC to backstop his employment history during his one-year jail sentence and used a co-conspirator as a professional reference. The bottom line is that all self-employment should be verified using state business records to prove the company’s legitimacy (when available), and copies of 1099s should be collected to verify that the company was actually earning money.
  3. Unverified military career with extraordinary claims
    As a federal employee who served in Afghanistan, I have a healthy respect for our veterans. Since joining Corporate America, however, I have been astounded at the number of background checks I have run on people falsely claiming to be decorated war heroes. In all cases, the purported military experience on their résumés fell outside the seven year scope which they knew was automatically subject to verification. It seemed as if they were hoping no one would bother to go further back and check their military service record. When in doubt about a particularly spectacular representation, request a copy of the individual’s DD-214 (Certificate of Release or Discharge from Active Duty) and follow up with an employment verification. You could learn a lot about someone’s credibility and state of mind.
  4. Recently issued social security number
    Social security number (SSN) validations tend to be overlooked even when they are included in a background check report. But what if your senior consultant purportedly born and raised in Ohio was only issued an SSN five years ago? A change in SSN, which is often accompanied by a name change, is a great way to start over in life, especially if your intent is to evade public records searches. A licensed attorney once vetted by our team went to extraordinary lengths to cover up his former life by using precisely this formula, albeit without success. The Social Security Administration offers a free SSN validator for registered users, so there is no excuse to refrain from conducting this basic due diligence and taking a moment to review the results.
  5. Inappropriate behavior on internet message boards and social media sites
    With the amount of time and resources spent verifying an individual’s résumé and searching online databases, it is ironic how often we forego using free sources of intelligence online. Facebook and LinkedIn searches are common sense, but what about slightly less obvious internet footprints? Reverse tracing a phone number on Google can lead to a scandalous internet message board posting, and searching for an email address can reveal a blog with loyalties to causes that may be of value in a litigation or investigative context. 

Use your creativity when examining someone else’s life – you never know when they could be using their creativity to undermine your job as an investigator.

Author’s Note: This article is for informational purposes only. It is the reader’s responsibility to ensure compliance with all applicable laws when conducting investigative activities.

EEOC Updates Guidance for Employers Using Arrest and Conviction Records

GUEST BLOGGER

Lester Rosen, J.D.
CEO, Employment Screening Resources

On April 25, 2012, the Equal Employment Opportunity Commission (EEOC), the agency that enforces federal laws prohibiting employment discrimination in the U.S., issued updated Enforcement Guidance on the Consideration of Arrest and Conviction Records in Employment Decisions Under Title VII of the Civil Rights Act of 1964.

On a Q & A page, the question on how the EEOC’s updated Enforcement Guidance differs from earlier policy statements is answered:

  • It discusses disparate treatment analysis and gives examples of applicants with the same qualifications and criminal records being treated differently because of race or national origin in violation of Title VII.
  • It explains the legal origin of disparate impact analysis.
  • It explains two circumstances where employers may consistently meet the “job related and consistent with business necessity” defense: 1) The employer validates the criminal conduct exclusion for the position in question in light of the Uniform Guidelines on Employee Selection Procedures; or 2) The employer develops a targeted screen considering the nature of the crime, the time elapsed, and the nature of the job, then provides an individualized assessment to determine if the policy is job related and consistent with business necessity.
  • It states that federal laws and regulations that restrict or prohibit employing individuals with certain criminal records provide a defense to a Title VII claim.
  • It says state and local laws or regulations are preempted by Title VII if they “require or permit the doing of any act which would be an unlawful employment practice” under Title VII.

The Enforcement Guidance also recommends “best practices” for employers using criminal records:

  • Eliminate policies or practices excluding people from employment based on any criminal record.
  • Train managers, hiring officials and decision makers about Title VII and its prohibitions on employment discrimination.
  • Develop narrowly tailored written policy and procedures for screening criminal records.
  • Determine specific offenses that may demonstrate unfitness for performing such jobs.
  • Determine the duration of exclusions for criminal conduct based on all available evidence and include an individualized assessment.
  • Record the justification for the policy and procedures.
  • Note and keep a record of consultants and decision makers on how to implement the policy and procedures consistent with Title VII.
  • Limit inquiries about criminal records to records for which exclusion would be job related for the position in question and consistent with business necessity.
  • Keep information about criminal records confidential and only use for the intended purpose.

Mr. Rosen will share best practices on using background checks as part of your anti-fraud program at the 23rd Annual ACFE Fraud Conference at his session, Employment Background Checks: Stopping Employee Fraud at the Point of Entry.

Putting A Price On A Background Check

AUTHOR’S POST

Mandy Moody
ACFE Social Media Specialist

How much could a background check save your company? One million dollars, according to the Roman Catholic Archdiocese of New York. That is how much money a 67 year-old woman embezzled over a seven-year period while working as a volunteer bookkeeper at St. Patrick’s Cathedral in Manhattan. When the bookkeeper was hired in 2003, the archdiocese did not conduct criminal background checks and, subsequently, didn’t catch the documentation of the woman’s former grand larceny conviction.

While the archdiocese does conduct background checks now, this story is a fair warning to those still hesitant about whether they are worth the cost and time. Also, companies wonder if it is enough to solely conduct a criminal background check. A frequent misconception is that there exists a massive, centralized data repository that stores every piece of information the government has ever collected on every person. In truth, information is often incomplete, and fragmented between different agencies and non-governmental organizations.

Given that the level of depth and scope will vary based on the purpose of the search there is not a universal way to perform a background check. The background check for a construction worker will not be the same as that for a high level manager and a check on an individual will differ greatly from one performed on an organization.

It is because of these questions, concerns and costly embezzlements like the one described in the story above that we recently released a new self-study course, Conducting Effective Background Checks. This course breaks down the fundamentals of performing background checks and details how to develop a background check policy.

It also covers major laws that govern background checks including the Fair Credit Reporting Act, various anti-discrimination laws, financial and health privacy laws, considerations for state-specific laws and anti-corruption statutes.

Insight: watch this short preview of the course to find out more.