Most fraudulent activity can be caught by putting effective internal processes and procedures in place to minimize the chances for illegal behavior. But don't forget one of the best sources of fraud prevention: your employees.
In order to detect and prevent fraud, employees must first know what to look for, and then what to do about it. (Keep in mind this article will focus on preventing fraud, not on preventing theft.)
Employee fraud can take place in many ways, but by far the most common involves accounting, accounts payable, and payroll functions. In order to commit fraud, it helps to have access to money and accounts. Employees who submit expenses reports are also prime sources of fraud, especially if your internal controls are weak.
So let's start with the basics. Train your employees so they understand company policies and procedures. Make sure they know and follow all rules and guidelines. And make sure they understand the repercussions of committing a fraud – up to and including criminal prosecution.
After an internal company review, put the following processes in place and train employees to follow these processes. Internal training should include:
- Create separate duties with checks and balances built in. Require multiple approvals for expenditures. Have multiple employees keep the books, handle payroll, make deposits, and reconcile bank statements.
- Cross-train employees to perform basic financial functions. Relying on one person to handle a financial process makes it easier for that person to commit fraud.
- Train employees to perform basic internal audits – outside of their normal work area. Oversight is a great deterrent.
Then focus on training employees to identify external sources of fraud, including identity theft. (Not only is doing so a good practice to help protect your business and your customers, but creating procedures to stop identity theft is the law. Visit the Federal Trade Commission’s website and view their article Fighting Identity Theft with the Red Flags Rule: A How-To Guide for Business for information on complying with the law.
Teach employees to watch for:
- New account fraud – setting up accounts based on stolen identity or personal information
- Credit card fraud – using credit cards without authorization
- Check fraud – using checks without authorization, or using fake checks
- Phishing – fraudulent attempts to get personal or company information that can be used to perpetrate identity theft
- Identity theft – using another individual's personal or financial information without his or her consent
- Invoicing for products or services that were never provided
- Invoicing for over-utilization of services (i.e. billing for unneeded services; the services were performed but were not needed or requested)
The key to providing effective training is to first determine what policies and procedures you wish to put in place. If you run a retail operation and you wish to prevent identity theft, for example, you may decide employees should verify two forms of identification before accepting checks or credit cards. If that is your policy, train your employees and monitor that they, in fact, consistently follow the policy. The same is true for internal controls; if you decide one employee should verify the accuracy of incoming shipments at the receiving dock, and another employee should double-check the accuracy of items received before placing them into inventory, train employees appropriately and then check periodically to make sure your policies are being followed.
Then establish set procedures for what employees should do if they suspect internal or external fraud. Your procedures for handling external fraud can be straightforward and should not require significant judgment on the part of the employee. For example, if a cashier suspects that a customer is attempting to use a stolen credit card, they should immediately notify a member of management before proceeding further.
With internal fraud, the actions taken may not be so clear-cut. Many employees will hesitate to accuse others of illegal or unethical behavior; create a climate of trust by establishing a confidential way for employees to share their concerns. Confidentiality protects the whistle-blower and the alleged perpetrator; if the accusations are unfounded, no one needs to know there were ever suspicions in the first place.
To prevent fraud, thoroughly train your employees, and then follow up to make sure that training is consistently put into practice.