Practical Fraud Prevention Strategies – Part four in a series By Glen Moulton, Sole Proprietor of The Fraud Triangle Forensic Services
“Most South Africans believe dishonesty is the route to business success”…
Believe it or not, the above quote was a core finding in the Financial Mail’s Financial Business Ethics Survey – 14 July 2000.
I am no expert on organisational culture but I have recently had two totally unrelated discussions with people that have reinforced the reality and importance of organisational culture. The first was a CEO who is a turn around specialist. He told me that his greatest challenge, when merging organisations, is fusing the two cultures. The second conversation was with an employee of a large company that had merged with another large company. During the discussion, I got the clear impression that both groups of employees regarded each another as aliens. These conversations reinforced my view that if an organisation is serious about combating fraud, it disregards organisational culture at its peril.
If it were possible to create a culture within your organisation where all staff believed that stealing from the organisation is unacceptable, you would not need controls to protect your assets from staff. The reality, however, is that creating such a culture is not possible but, we can significantly reduce the risk of fraud by sending a clear message to staff about what an organisation’s attitude and response to proven incidents of fraud will be. The main vehicle to achieve this is the Fraud Policy.
So, what is a fraud Policy? It is a document:
- …Agreed to by the Board or Executive Management, which reflects the organisation’s values
- …That demonstrates organisational intent and lets staff know that management are aware of the risk of fraud and are serious about combating it.
- …That codifies unacceptable behaviour and guides staff in areas of uncertainty. It is a good counter to the “I did not know” defense.
- …That reminds staff of their obligation to report suspicious circumstances.
- …That sets out the consequences of non-compliance and reminds staff of the consequences of unacceptable conduct
- …That is attested to in writing by employees and is well publicised on a regular basis
- …That is lived by management – if the staff get the perception that the ethical guidelines are not applicable to management they will be totally ineffective.