Fraud policies – Why you need one and what it should look like
Forensic Focus - September 2010
As fraud becomes more prevalent in today’s business, having a fraud policy is a critical tool in communicating your organisation’s stance and processes in respect to fraud and how it will be dealt with.
The tone from the top is a key part of any fraud prevention and detection strategy. Your people have to know that you take the threat of fraud seriously, and that you as the CEO and/or Board of Directors will take the strongest possible action against staff and third parties who commit fraud. A simple, focused and easily understood fraud policy is a cost effective way of demonstrating your organisation's commitment to combating fraud and corruption wherever it is found. The development of an anti fraud culture is a crucial part of your fight against fraud.
The immediate aftermath of the discovery or allegation of fraud can be a difficult time. A document that sets out responsibilities and procedures to be followed can be invaluable in ensuring the right decisions are made. This is particularly important in relation to the preservation of evidence and on how to deal with the individuals involved.
A fraud policy raises awareness amongst staff that response plans have been devised, to deal with and minimise the damage caused by any fraudulent attack. By explicitly defining actions that constitute fraud you ensure that all employees and third parties are aware of what is and is not acceptable.
A fraud policy should include these key elements:
- An explicit definition of actions that are deemed to be fraudulent
- Allocation of responsibilities for the overall management of fraud
- A statement that all appropriate measures to deter fraud will be taken
- The formal procedures which employees should follow if a fraud is suspected
- Notification that all instances of suspected fraud will be investigated and reported to the appropriate authorities
- An unequivocal statement that all fraud offenders will be prosecuted and that the police will be assisted in any investigation that is required
- A statement that all efforts will be made to recover wrongfully obtained assets from fraudsters
- Encouragement to employees to report any suspicion of fraud
- The steps to be taken in the event a fraud is discovered and who is responsible for taking action including:
- procedures staff should follow
- assigning responsibility for an instant response to the occurrence
- recovering funds
- dealing with the media
- preserving evidence and reporting to the police
The plan, once communicated to all staff and fully implemented, should be subject to a regular review at the board level. All employees, including part-time and contract, should be aware of the organisation’s policy in respect of fraud and the need for vigilance to prevent fraud.
Whilst detailed transaction analysis and robust systems and controls are also effective tools in the fight against fraud, these can be time consuming and expensive. However latest statistics continue to show that a majority of frauds are committed by employees who manage to circumvent or override systems and controls put in place to prevent fraud.
A well drafted fraud policy that is communicated to all employees, contractors and suppliers is an economical way of indicating that the fight against fraud is endorsed and supported at the most senior level, and may lessen the risk of your business becoming a victim.