Prevent Fraud Before It Happens: How to Train Employees to Be Fraud Detectors
By Guest Blogger Nov 16, 2020
By Guest Blogger Nov 16, 2020
As anti-fraud professionals, we are trained to find and fix the opportunities for fraudulent activity within our organizations. But there are usually only a few of us and many employees. How is a small team, or single fraud professional, supposed to deter and detect all fraud?
By: Michele L. Creek-Tatom, CFE, CIA
“That could never happen here! Why would someone ever steal from our company? The internal audit people will catch it if someone tries anything. My co-workers are like family! I just can’t imagine someone doing that!”
Does this sound familiar? As anti-fraud professionals, we are trained to find and fix the opportunities for fraudulent activity within our organizations. But there are usually only a few of us and many employees. How is a small team, or single fraud professional, supposed to deter and detect all fraud? The answer is we can’t. We rely, in part, on the honesty of the average employee. For dishonest employees, we rely on controls and consequences to deter bad behavior. But what if there were a way to enlist and educate the honest, frontline employee to be the eyes and ears of everyday fraud detection? What if fraud awareness became every employee’s responsibility — not just the fraud professionals’?
The ACFE’s 2020 Report to the Nations found that 43% of fraud cases are identified through tips, and just 50% of those tips come from employees. These employees work in the business, follow processes, and possibly work side-by-side with potential fraudsters, so why is this number so low? Fellow employees should recognize anomalies and irregularities first, but how do they know what to look for? What if they don’t understand the risk of fraud in a process so they can’t watch for wrongdoings? There is a tremendous opportunity to harness the collective power of the workforce by increasing fraud awareness and training each employee to be a fraud detector.
Several years ago, I was talking with an employee who worked in our cash application department (I’ll call her Sally). At the time, customers liked to come into a location and pay their invoice in person. The location would mail the checks to the cash application department at headquarters for posting and depositing. Sally was a longtime employee who valued the in-person nature of our business and was happy to take the checks received in her department to the bank for deposit. What Sally didn’t understand was the risk of check fraud involved in that scenario, and because she didn’t understand that she didn’t know where the process had vulnerabilities.
Through our conversation, I outlined all the different hands the check traveled through — a minimum of six pairs — before the check was safely deposited into the bank account and the funds received. I described the various points at which the check could be lost, or stolen, and deposited into someone else’s account. Sally refuted my description, saying the check was safe because it was written to the company. That is when the discussion turned to all the ways checks are altered and deposited into accounts that don’t belong to the intended recipient.
Sally was floored! She had no idea that checks written to specific companies could be deposited or presented for payment elsewhere. Because this was not a possibility to her, she had no way to ensure appropriate controls were in place and had no perspective about the risk involved in her current process. While all checks now go directly to a lock box, the conversation highlighted something important — fraudulent activity can be right in front of us, and if we are untrained, we can’t see it for what it is. Additionally, those who understand fraud might not know where the risks lie or what controls should be in place. If they don’t know what they don’t know, how can we rely on our employees for tips?
This is where we, as fraud professionals, come in. We must teach our fellow employees where the company is vulnerable, and help them understand what activities, behaviors and transactions might be questionable. We must provide safe, confidential methods for employees to report fraud or questionable activity. We must ensure employees know how and where to report these activities. But where do we start?
A comprehensive fraud awareness training should include basic information to help your employees identify when something isn’t right. That basic information is the what/how, the who, and the why people commit fraud. Also consider relevant case studies, graphics that tell the story, and the effect fraud has on the employee directly and the organization. Include details on when, how and who to report to if an employee sees something questionable.
Provide enough detail about the kinds of frauds employees could see at the company, including examples that tie directly back to the employee’s work. Rather than stating they might be vulnerable to vendor fraud, help employees understand exactly what vendor fraud looks like. Make sure they know what they can do in their daily job to prevent it. We help employees see that checking inventory deliveries against a packing slip or bill-of-lading, as well as against the purchase order, helps prevent a vendor from sending subpar or a shortage of inventory, and/or at a price different than agreed upon. This discussion helps employees see that what they thought might be mundane tasks have a purpose that protects the company, and ultimately their livelihoods.
As you describe the what and how, don’t rely too heavily on “fraud speak.” The goal is to help employees understand categories of fraud and provide examples of what those categories can mean. It’s important to use relatable language that connects with employees in a way that is engaging and encourages participation. Specific examples help employees connect the theoretical idea of fraud, to the realization, “Wow, this can actually happen (or has happened) at my workplace.”
Create the profile of a common fraudster and use statistics and any relevant information to bring your profile to life. Effective types of information include gender (global and regional counts), average age, position in the company, the department in which the employee worked, median dollar loss, and education level. Using data from the ACFE’s Report to the Nations, highlight the “never charged or convicted” and “never punished or terminated” numbers to illustrate that most fraudsters don’t start out as hardened criminals. We hear from employees that they cannot believe the person in the cube next to them could possibly commit fraud because, “They don’t look or act like a criminal.” In order to break these biases, provide data-supported information in your training to speak to the fact that it really can be, and often is, the person you least expect.
Understanding why a person would resort to committing fraud is critical in opening employees’ minds to the possibility of it occurring. Without acceptance of a fraudster’s reasonings, recognition of the activity as fraudulent is nearly impossible. Why would a normally good, honest, hardworking person do such a thing? What could cause them to change their behavior? Enter the Fraud Triangle. Fraud professionals are aware of the Fraud Triangle, but are your employees? And even if they are, would they understand what is meant by “opportunity, pressure and rationalization?”
To demonstrate why, we created a graphic that breaks down the three legs of the Fraud Triangle. When people hear opportunity, they might not think about lack of monitoring, weak controls or lack of discipline for offenders. They might not realize that rationalization can start out as innocently as, “I am just borrowing it for a brief period and plan to pay it back right away.” They also might not understand that sales targets or a newly developed gambling addiction can send someone right over the edge with pressure. Displaying these items in the training has helped our employees grasp the theory and start to develop awareness.