Fraud is an increasing enterprise risk but many organizations don’t notice the early warning signs that a problem exists. All organizations are susceptible to this risk. We can safely assume that be it any industry, the warning signs are often the same. Awareness of the signs and a sound approach to countering them can often deter many opportunistic incidents of fraud.
1. VOLATILE REPORTING:
This sign is just as applicable to suppliers and contractors as it is to internal departments and functions within the organization. Erratic, incomplete, late or excuse-laden management reporting is often a classic sign that something is wrong.
Solution : Insist on up-to-date reporting, within a set timetable and then build this into the internal GRC (governance risk and compliance) systems. VComply helps a company to solve the problem. Adapting to new technology will help the company prevent such risks.
2. PROCESS LOOPHOLES:
A weak security system is a result of ignorance over time. It is a common occurrence, especially when things get busy. Where precautions and risk-avoidance measures get by-passed or ignored, there is a high risk of non-compliance. With right processes in place, top level management are often lulled into a false sense of security that they are actually being used, whilst the fraudster is busy at work getting around them.
Solution: Make sure you implement the suggestions of your internal compliance managers and organize appropriate training to reinforce attitudes and practice. Ensure that the control processes, especially in tendering, purchasing, invoicing and customer controls and identifications are ALWAYS kept strong.
3. DATA DUMPING:
A major indicator can be the act of deletion or pressure on staff to delete, remove or otherwise dump past records following a restructure, a new division launch, a JV or acquisition. It will be an even bigger problem where international operations are involved as it’s far harder to find or recreate evidence in a foreign territory.
Solution: Take care to establish and log where paper documents are and when they should and should not be stored. Identify who is in control of the system processes and who is responsible for and has ownership of the records. They are not always the same person of course. Ensure that scanning, and indexing works properly and that no-one can intercept/edit documents. Also ensure that storage capacity is enough and controlled properly.
4. INCONSISTENT DATA:
Whether it is archive data or cross reference checks that are missing or wrong; factual inconsistencies will also occur naturally. The cheats who seek to defraud an organization will use the possibility to explain such inconsistencies and hide their fraud.
Solution : Ensure that no-one has the access to any files. Internal or external auditors should sample check key files from time to time as a part of the audit programme.
5. DELAY IN AUDITS:
Excuses, confusion or wild goose chases when disclosing to auditors, be they internal or external, can be a telltale sign too. We need to remember though that the audit team is not there to find fraud, rather to ensure that the correct processes are in place that will deliver appropriate protection.
Solution: Ensure that everyone treats audits as important and make sure that they are completed on time and properly, and with appropriate audit skills. Where there have been delays or difficulties investigate why this was the case by drilling down into the detail. Make sure that the business critical and financial exposure areas take a priority and act upon all failings both quickly and completely; with follow-up audits if necessary.
6. ABNORMAL BEHAVIOUR
These can range from acute defensiveness and resistance to attending review meetings, through to blaming strategies or even aggression when specific questions are asked about processes or figures.
Solution: Train the HR department to spot fraud employees. Then if you still have concerns about such people upon closer inspection, all the relevant files need to be pulled and checked, or you might even consider a private investigator to look deeper into the processes used by such high risk people.
7. GRAPE VINES:
Staff whispers and rumors should always be taken seriously. These are, however, so often overlooked by senior management.
ACTION: Listen, take all such rumors seriously and investigate the reality.
8. FISHY INDEPENDENT PERSONNEL:
Good non-execs provide a considered, independent and external perspective. Often they bring in specific expertise from outside the board’s immediate experience and their skills can vary from financial knowledge through to IT.
Solution: It is always good for the business to maintain a fresh supply of new thinking, new approaches and new concerns. Thus if non-execs have concerns about particular issues, one should fund their thinking by allowing them to bring in the appropriate specialist experts that can investigate matters more deeply.
9. HAPHAZARD IT PROCESSES:
Technical staff working around the enterprise conducting unsupervised IT activity, often outside normal hours can also be a worrying sign. Not every company is large enough to have a full IT department.
Solution: Do the IT security staff look and think further than just password expiry issues? Make sure that someone is on the look-out for data-theft, IPR theft, time theft etc. Also, make sure you have a proper asset register and IT audit system in place.
10. BLAME GAME:
Where people are given a title but without actual responsibility, it can effectively cover up many things. What is going on with those who do have responsibility or power in a situation?
ACTION: Make sure that you have strong and cascaded accountability. Ensure that people know what they should be doing, and that they are doing what is required of them. VComply works on the E.V.A.S. framework. It helps you to entrust and monitor responsibilities efficiently Make sure that everyone is contributing to the business objectives. Make sure HR creates or reviews job specifications.Add to favorites