By Matthew Purchase
Stopping fraud before it happens is the ultimate goal of a successful fraud prevention and awareness program. Whilst it is important that fraud prevention controls are robust and are methodically implemented, too often companies fail to recognize that it is the perception of the likelihood of detection and sanction which discourages a person from perpetrating fraud, rather than the actual effectiveness of the internal controls and anti-fraud measures.
This notion is best illustrated by way of an example :-
After leaving school, James was employed as a parking attendant in the parking lot of a shopping centre. With little training, James began work sitting in a booth at the parking exit collecting the parking fees from motorists. After 2 weeks of sitting alone in his small booth, it occurred to James that no one was watching. Since he needed money that day for lunch, he took R 30.00 from the till. The next day he took another R 30.00, and so it went on.
After several weeks, a manager from the parking company arrived at James’s parking booth unannounced. By reconciling the parking tickets with the money collected, the manager quickly established that James had stolen more than R 1 000.00. When he was confronted by his manager, James admitted that he had “borrowed” the money without authorization. He was summarily dismissed.
In this example, although the parking company may have had sufficient internal controls in place to detect fraud, those internal controls and anti-fraud measures were not clearly communicated to their employees, which allowed a perception to develop that there was an opportunity to commit fraud, which ultimately led to a loss to the company and the dismissal of an employee.
Although in our example, James had no opportunity to commit and conceal his thefts, he believed that he did. This process also works in reverse – people who do in fact have the opportunity to perpetrate fraud, but perceive that they do not, are far less likely to commit fraud.
The perception – not the actual likelihood – of detection determines whether or not a person will be tempted to commit fraud.
We are of course not suggesting that a company could or should neglect the implementation of appropriate internal controls and anti-fraud measures, but rather that companies need to recognize that, in addition to those internal controls and anti-fraud measures, steps need to be taken to address perceptions about the company’s attitude to, and capacity for, dealing with fraud. Some of the important focus areas for addressing employees’ perceptions are highlighted hereunder.
Setting the right “tone at the top”. An entity’s senior management team sets the moral and ethical compass for others to follow, and surveys conducted by the Ethics Resource Centre have found that organizational culture is far more influential in preventing fraud than formal ethics and compliance programs. Management must clearly communicate a zero-tolerance for fraud and reinforce that message often. Recommendations for establishing an appropriate tone within your organization include obliging managers and leadership to themselves comply with the letter and spirit of the rules, and making integrity, ethics and compliance part of the promotion, compensation and evaluation processes.
It is also very important to develop an appropriate code of conduct that informs employees of the entity’s expectations and requirements. A code of conduct should advise employees what they can and cannot do and should reinforce compliance with government laws, rules and regulations. At the very least, a code of conduct should include a clear definition of fraud, a statement concerning conflicts of interest, the company’s attitude towards client entertaining/gifts and should distinguish between the seriousness of different offences. It should set out what constitutes fraud and dishonesty. The code of conduct must be communicated to all stake holders and there should be a confirmation process in terms of which employees and stake holders are required to sign a statement confirming that they have read and understood the code’s requirements and will comply with them.
Companies should also implement periodic training. New employee orientation is not sufficient and periodic training throughout an employee’s career reinforces fraud awareness and reduces the cost of fraud to an entity. Periodic employee training should include scenarios and discussions on ethical challenges relating to fraud, abuse, kick backs and other relevant issues. Training in general fraud awareness can be achieved through formal training, general discussions and case studies, the use of the company intranet and through other company publications.
There should be fair, balanced and effective discipline. Actions speak louder than words, and employees must know that the company adopts a zero-tolerance approach for improper business conduct or fraudulent behaviour. It is vital that discipline is fair, appropriate and consistent for all employees, including very senior employees and directors.
The measures outlined in these paragraphs above are of course not exhaustive and should be implemented as part of a more comprehensive fraud and economic crime prevention strategy. Those items identified do however play an important role in shaping employees’ perceptions, and can be both effective and cost effective measures to prevent fraud within your organization.