Strategies for Fraud Prevention in Business & Corporates

Strategies For Defeating The Cheats Within an Organization or Business

How Companies of All Sizes Can Prevent Fraud

Tips to Prevent Employee Theft and Fraud

Ways to Protect Your Business Against Employee Fraud

Strategies for Fraud Prevention in Your Business

Tips to Prevent Employee Theft and Fraud

How to Prevent Employee Fraud

How to Prevent Corporate Fraud

By Bill Trueman, Fraud & Risk Management Specialist.

With the recent high profile cases of senior fraud and online security managers being caught perpetrating fraudulent activity, there has been a degree of shock across the corporate world, combined with an initial feeling of helplessness. This is the worst thing that can happen in financial and banking organisations where one would expect the very tightest security to prevail. After a ll, if you can’t trust those executives in the most credible organisations who were specifically recruited to identify and counter fraudulent financial behaviour, then what can you do to ensure that your own organisation does not become a victim. The word victim is used advisedly, as internal fraud is not a victimless crime; rather it impacts in varying degrees on management, staff, shareholders and customers.

fraud and risk management specialist

Any crime committed by those in a position of trust is far more serious, so the penalties should surely be far higher than normal. This is particularly true with fraud prevention mangers that cheat. However, it does seem that once an internal fraudster is caught, that any offer to ‘return funds in return for a leverage for legal plea bargaining should be disallowed. The ideal must be for companies to find ways to decipher and identify such practices and to eradicate them at ground level.

Still reeling from the shock of the media coverage of the latest betrayals, UKFraud asked its independent corporate fraud prevention SIG (Special Interest Group) to draw up a new set of benchmarks which will help organisations identify the signs that something is awry from ground level up. The SIG also defined and deciphered the most effective strategies for countering these risks. The Corporate Fraud Prevention SIG consists of leading fraud prevention consultants from across a range of industries, coupled with a wide range of fraud industry skill sets. The aim of the SIG is to analyse approaches taken to fraud in the corporate sector and to make recommendations for change at local, national and global levels.

According to the SIG’s research, the most likely signs of wayward behaviour by fraud and security management are relatively easy to spot and yet often overlooked. They include:

  • Fraud Systems that are below par. The fraud systems chosen by an organisation can be unfit for purpose and may not deliver what is required. There is also often an unwillingness, due to the influence of the internal fraudster, to consider competitive fraud technology products that do deliver or that can deliver more quickly. Often, the SIG says, it is easy enough with hindsight to see that a change to effective systems had been deliberately avoided, and typically, career minded employees are reluctant to blow whistles.
  • Erratic,  incomplete, late or excuse laden management and system reporting is a classic sign that line managers are covering something up and says the SIG, this is just as likely to be the case with those fraudulently managing the security and anti-fraud systems of a company. Normally, further investigation will reveal that ‘lip service’ and increasingly tenuous explanations are given assertively to thwart follow up activity. When though one is dealing with an errant fraud manager, these explanations are more difficult to see through and more than likely to pass the plausibility test. Often the blame for the cause of any suspicion will be thrown onto inadequate IT systems or on the political gaps between corporate silos.
  • Frequent excuses are often based around IT related issues, such as technology compatibility problems between different company systems or even between international systems.
  • Unexplained wealth of managers outside of work. There will be plenty of evidence of the rewards of wrong-doing with fraudsters purchasing luxury housing, wardrobes, holidays, cars and home computing equipment together with other rewards for family and friends which can even extend to private school fees for children.
  • Work place rumours, jokes and tip-offs. These are often dismissed as political jibes but often this is a tell tale sign that something is wrong and that staff are too afraid to ‘blow the whistle’ formally.
  • Frequent use of the ‘privileged rank’ of Security or Anti-Fraud Manager to divert questions or to avoid enquiries from those who might raise suspicion, such as the internal or financial auditors. This also includes the robust use of the ‘we don’t want to compromise security by answering your questions’ excuse.
  • Where fraud specialists know the latest trick, for example how on-line fraud works, the unique symptoms of that particular scam will show up in the company where the internal fraudster is using it themselves.

UKFraud’s Corporate Fraud Prevention SIG believes that ‘maintaining an independent review perspective managed by those with the greatest experience’ is the most effective solution for combating inside jobs by fraud and security management. Amongst the strategies the SIG would recommend are:

  1. A greater emphasis on the use of Non-Executive Directors. This is crucial, says the SIG, as usually Non-Execs are appointed for their experience of skills and operations in other organisations and sectors. They have that ‘other worldly’ eye that is able to cast a different perspective. They should have the ability to review all aspects of a company’s anti-fraud strategy and to ask awkward questions ‘from the top’ as this carries more weight.
  2. Up-to-date reporting must be a core mantra of good company management, with the details of repeated exceptions thoroughly investigated. Organizations should also ensure that reports are not only timely but that they are also complete, real and updated as required. These processes should also then be built into the internal audit schedule for checking. This in turn should feed into the main GRC (Governance Risk and Compliance) systems. In addition, wherever appropriate, organisations should adopt an enterprise-wide approach to technology as this will help with systems issues. Thus, if the technology works well in all other parts of an enterprise, it is highly noticeable if it fails in the management of the fraud department or the control of online and financial systems.
  3. From the ground up, organizations need to establish records both electronically and on paper. This should include specifying where documents are and when they should and should not be stored. One should identify who is in control of these systems, processes and procedures and who has ownership of specific records. Organizations also need to decide who is responsible for checking that these measures are followed. The scanning, and indexing of work needs to be carried out to professional standards and there must be rules to ensure that no-one can intercept/edit documents at an inappropriate stage or in a fraudulent way. It is also important, the SIG believes, to ensure that your storage capacity is controlled properly.
  4. Where acquisitions and mergers are concerned, organizations need to ensure that all documents are available and stored appropriately and securely, especially those that relate to IP protection, IP development records, audit trails and staff contracts. In particular, when acquiring a business, companies must make sure that they have indemnities and penalty clauses built into the acquisition agreements which relate to the availability of data, logs, audit trails and so forth.
  5. An extra fraud prevention ‘task-set’ should be drawn up for auditors and IT auditors whether they are internal or external. This can have a real impact, although sadly most auditors are simply there to either report on financial results or check asset lists and software licence compliance. There are though many specialists that can undertake ‘special’ tailored checks to find frauds within all manner of business systems including: payroll, invoicing or payments. By turning them towards checking the efficacy of the security and fraud systems in place, says the SIG, it is not only a greater deterrent but also a far more certain way of catching wrong doing whilst in flight.
  6. Getting HR more involved. This allows organisations to define responsibilities and handle warnings for non-compliance and to do so at all ranks from the ground level upwards.
  7. Organisations should actively consider the use of external risk consultants who can offer solutions which benefit from an independent viewpoint that resides outside of a company or   its politics.
  8. Where doubts exist, organisations should contemplate the use of private investigators to look deeper into the processes used by those who are deemed to be high risk people. These need to be the breed of computer literate investigators with corporate fraud experience.

A leading member of the SIF is Malcolm Gardner. He believes that the situation may be worse than many fear. In his view, “Typically, when fraud or security managers are caught, it is either because they went too far, having become complacent, or where there has been a tip off. This tends to suggest that those who are caught might simply be the tip of the iceberg. With sectors such as the online market, now so very tempting to fraudster, it can also be tempting for internal cheats too. Corporations need to be sure of their staff and need to put the right systems in place to help the loyal staff who are the ones still working for the good of the company.”

So to conclude it is especially negative situation whenever any fraudster is identified within a business as they are the person who has the responsibility for fraud prevention themselves. IT is a complete betrayal.  The first step in planning the fight back is finding these people and then managing the problem. The trouble is that many of them are exceptionally well hidden. Whether one can ever be 100% certain that there is no problem internally is probably too much to expect. However my belief,  is that if you start to introduce the kind of checks and measures the Corporate Fraud Prevention SIG has outlined, there is every chance that the risk will be minimised or driven away.

Bill Trueman (an independent fraud and risk specialist) is director of RiskSkill and UKFraud.

This article originally published here.

Other Useful Posts You Would also Like:

What is Risk Management? Definition & Importance

11 FAQs on EMV Chip & Pin Credit Card Technology

Is EMV Chip and Pin Really the ‘Money Pit’ for Retailers?

Riskskill Appointed by Visa Inc. as an Approved GARS Reviewer

Is EMV ‘A Colossal Waste of Time’ for Retailers?

Top Technology Trends in Payments, Risk and Fraud in 2014

25 FAQs on Risk Review and Risk Management

Business Loss Prevention Techniques by RiskSkill

10 Things to Avoid on Your Management Plans to Prevent Loss in Your Business

If you’re on a mission to turn away your investors then by all means explain to them how you want them to sign a non-disclosure agreement or that you don’t have any competitors. But if you’re serious about attracting competitors then you’d do best to steer well clear of these 10 classic business plan mistakes. Make an attractive business plan and a powerful power point presentation to convey all the information about your business so that they get right information about the business and can turn into real investors. Below I am going to explain some such important aspects one by one which can really help you:

1. Asking Investors to Sign an NDA

NDAs (Non-Disclosure Agreements) are not usually signed by investors, angel investors or venture capitalist , because the strategy or concept of a business is not normally confidential. Although an important partnership may be confidential, it is the execution of the concept and strategy that make the company successful. When the concept or strategy has to stay confidential this indicates that there are no blocks to competitive entry, and if it can be copied by a competitor then it probably won’t be sustainable.

Proprietary technology, however, is confidential. Although the business plan does not want to mention aspects of the technology that are confidential, it should include details of what the benefits are and how they fulfill the need of customers. During the due diligence process, serious investors will review the technology itself, and this is when the NDA should be discussed.

business management tips

2. Excluding Thriving Firms from the Competitive Analysis

Although you may be tempted to show how unique you are in your business plan by saying you have very few competitors, this doesn’t normally look too good from the investor’s point of view. If there are not many companies in the market space then this suggests that there may not be a large enough customer base for the company’s products or services. Including successful firms can often be positive because it suggests a large market size, as well as assuring investors that the company has a large potential for profit and liquidity:

3. Focusing on First Mover Advantage

It is not a good argument to focus on first mover advantage alone. Rather, it is imperative that a business plan includes the strategies that show how the company will develop long lasting barriers around the customers.

The business plan should discuss how the company will retain customers, which could include building network externalities, value-added services over time and the implementation of customer relationship management tools.

4. Presenting Generic Market Sizes

If you define the size of the market too broadly, the value to the investor will be very low. Far more meaningful is the relevant market size, which is equal to the sales of the company if it managed to capture a large % of its niche in the market.

5. Giving too Much Attention to Proprietary Technology

Proprietary technology is important when it comes to investment decisions, but what is more important is to display how this technology satisfies a large and as-yet-unfulfilled customer need. Unsuccessful companies often fail to truly understand the needs of their customers. Identifying the target markets that show these needs and detailing a plan to penetrate the markets is key to the success of funding and execution.

6. Exaggerating Partnerships with Known Companies

Even though forming partnerships is common practice, more important than who a partnership is with are the terms of the partnership. The equitable terms of the partnership must be explained in the business plan, along with the partnership structure and how the partners will both improve operations and sales for you.

7. Too Much Focus on the Future

Rather than just focus on projections of future performance, it is far more important to study the previous track record of a company. Demonstrating the past success of a company is a good practice for providing investors with confidence for the future, and it is therefore important for a business plan to show the company’s previous accomplishments.

8. Failing to Change the CVs of the Management Team to the Ventures Development Cycle

CVs of the key members of the management team should be included in the business plan, along with their responsibilities. These need to be tailored specifically to the growth stage of the company because different skills are required for launching, growing and maintaining a company. Whereas a start-up company would do better to focus on the success of the management in launching other companies, a mature company would get more from showing how members of the team operated successfully within larger enterprise frameworks.

9. Aggressive Financial Projections

The projections in the financial section of the business plan have to be realistic because many investors will go straight to this section. If a plan shows unrealistic or inconsistent operating margin and penetration then this will damage the credibility of the whole plan. Instead, accurate and credible projections and assumptions will translate into increased credibility and maturity. Companies can prove that their projections and assumptions are attainable by basing these projections on the performance of public companies in their marketplace.

10. Ignoring Fraud Prevention System

Whether you are 100% confident about the loyalty of your employees still you need to put a proper and effective fraud prevention and fraud detection system to curb any fraud losses. One can see in history that most of the time loyal employees and relatives have been found indulged in the frauds and scams which results in a huge loss to the enterprises. Even some CEOs, loyal employees and close persons have committed such financial crimes in many companies and organizations. By putting a proper fraud detection and fraud prevention system enterprises can save millions and billions.

If you are following these steps then definitely it is going to help you in raising capital for your business, but just remember these facts which i have mentioned above, as many entrepreneurs know everything but do not stick to the plan.

Bill Trueman is payments, fraud & risk specialist and director of the UKFraud and RiskSkill based in UK which provide valuable consultancy services for fraud prevention, fraud detection, risk review, risk management, due diligence, compliance solutions to corporates, banks, business, banks, insurance companies, telecom companies, enterprises and government organizations worldwide. Bill Trueman is also an active member of AIRFA a global fraud & risk management organization. One can also visit him at Google+

Other Posts Which You Would Also Find Useful:

What is Risk Management? A Detailed Guide

25 FAQs on Risk Review, Risk Management, Compliance, Due Diligence

Is EMV ‘A Colossal Waste of Time’ for Retailers?

Riskskill Appointed by Visa Inc. as an Approved GARS Reviewer

11 FAQs on EMV Chip & Pin Card Technology

Top Technology Trends in Payments, Risk and Fraud