When it comes to protecting your business against fraud, internal controls are often the best line of defense.
For many business leaders, fraud prevention is front-of-mind. With business email compromise and other types of payment fraud on the rise, it’s more important than ever for companies to take proactive measures to prevent and detect fraud. Fortunately, taking steps to safeguard your business against fraud need not be expensive or burdensome.
For many companies, the process of implementing internal controls will be a reverse engineering process. Begin by asking yourself the following questions:
- What assets (money, data, etc.) are at risk?
- How might internal and external fraud occur?
- What are some potential access points?
- Who handles the assets at risk?
- Why do they handle it?
- What checkpoints can we establish to better protect these assets?
While each company is unique and will require different internal controls to prevent fraud, you may consider implementing:
- Authorization: In which a manager signs off on a transaction before an employee enacts it
- Dual Controls: In which authorization, recording, and custody are handled by different people
- Increased Oversight: Which might include independent account reconciliation and periodic audits
Once you’ve established internal controls, you must also ensure those controls are actually effective. Testing a control process can be as simple as creating a test transaction to see if it goes through, such as an expense report that falls outside the parameters you’ve set or a wire transfer request that bears all of the markings of a business email compromise scam. If it does, where did the failure occur? Was the control simply ignored or actively overridden? Did the technology you have in place fail to raise a red flag? Did it notify the wrong person?
Trustworthiness as a Corporate Value
Business leaders often underestimate the likelihood that internal fraud might impact their business. However, not only is it relatively common, but it can often be the most damaging kind. A study by the Association of Certified Fraud Examiners (ACFE) finds that employees who had been with the victim organization for at least ten years stole four times the median amount compared to employees with less than one year of tenure.
While it would be imprudent to place complete trust in any member of your organization — even those with significant tenure — treating employees like potential criminals is bound to harm morale and reduce incentive to embrace proper controls. Instead, communicate the importance of trustworthiness as a corporate value while conducting anti-fraud training for employees on a periodic basis. In doing so, you will earn employee buy-in, which can increase adherence to security processes.
If fraud is detected, taking a collaborative rather than punitive approach can yield better results. Unless it involves malfeasance, use the incident as an occasion to uncover and repair weaknesses in your processes. An example might be a control that was overridden in order to resolve a customer service issue. Is there a way to avoid such a conflict in the first place?
Remember, above all, to keep it simple. Internal controls don’t have to be complex to function well. Instead, take common sense steps to prevent and detect fraud while providing your employees with the resources they need to act as a first line of defense.
For more resources to help you protect your business from unnecessary loss, visit regions.com/fraudprevention.
