As a senior risk vendor analyst, I’ve primarily worked with companies that bring in annual revenues of $5 billion or more, and I’ve seen the full range of attempts to address fraud within the purchasing-to-accounts-payable cycle. Often, the company doesn’t put a robust process in place until it’s in the news with a violation, an FCPA incident or an internal case of undetected embezzlement that might have gone on for years. But why? As money walks out the door, why wouldn’t companies adopt a more proactive stance for early detection?
The answer is fear. Fear can prevent a mom-and-pop shop or a Fortune 500 industry leader from becoming serious about fighting fraud. Business analytics and portal systems certainly enable companies to more quickly mine through volumes of data and identify red flags, yet they’re not a requirement for fraud prevention. Depending on the size of the company, it can data mine and detect fraud early with such basic tools as Microsoft Access and Excel. And while companies pay lip service to efforts to fight fraud, they’re often slow to take advantage of even these most elementary methods. Let’s consider how the fear factor plays into the decision — or indecision — to fight fraud.
Fear No. 1: Cost. Like health or car insurance, fraud prevention software is a cost for which you don’t always recognize an immediate return. Management wants money brought back to the bottom line, and it’s easy to assign a dollar figure to payment errors using platforms like duplicate invoice analysis. But when it comes to identifying and preventing risk and potential fraud, returns can be harder to quantify.
I often hear concerns about spending money on a system that might or might not identify fraud. And if the system does identify fraudulent activity, companies are now obligated to spend more for the additional investigation and possible litigation. Larger companies might see money lost to fraud as “pennies,” but pennies add up. That’s money that could have been reinvested toward a company’s bottom line.
Fear No. 2: Technology. Companies are concerned that implementing new software technology might increase their exposure to fraud via data breaches. They’re also concerned that technology will replace internal auditors. While data encryption and similar tools can combat the risk of data breaches, addressing personnel concerns are trickier.
When I work with companies, I point out that technology in any form is a means to assist — not replace — people. Computers alone don’t “discover” fraud; they simply detect red flags that can point you in the right direction. The red flag could be a simple data-entry error or an anomaly within the data. Technology helps identify red flags, but human input and investigation are required to determine if fraud is indeed occurring. From there, companies must ask questions.
Fear No. 3: Loss of reputation. Companies might fear their reputations will take a hit if they uncover ongoing fraud schemes. Social media has evolved to become an incredibly popular form of information sharing, so all it takes is the hint of a rumour and the damage is done. Employees might post the information — or alleged information — that makes it appear as though a company is attempting to hide something. For that reason, it’s to a company’s advantage to be open with their employees in their effort to fight fraud. Employees are less likely to whistleblow in public when there are safe, internal options for them to report discrepancies to management. For example, use proactive social risk-management strategies, such as toll-free hotlines, to help employees feel comfortable reporting potential or suspected frauds without the fear of retaliation.
Passive detection methods aren’t enough anymore. It’s been proven time and again that instilling proactive efforts to discover or reduce fraud will increase the bottom line and enhance a company’s reputation.
Author: Tasha Bailey, CFE