How To

How to Prevent and Detect Fraud

Stopping financial fraud requires a layered security approach and good detection tools. A Q&A with Mike Osborne, senior security manager at Kimberly-Clark.

By Derek Slater, Mike Osborne

December 01, 2005 — CSO —

Q: I would welcome any suggestions about getting fraud prevention techniques into play with line-of-business employees. Is it more a question of training or accountability? What works?

A: The best practice is definitely training. Employees involved in accounts payable functions or purchasing functions and any employee who submits expense reports are the most susceptible to fraud. Training these individuals, as well as all employees, on company policies, procedures and code of conduct is imperative. Accountability plays a large role in deterrence. When employees realize the company will take a hard stance on fraudsters, they will think twice about committing a felonious act. I have seen companies publish a quarterly newsletter containing articles about dishonest acts perpetrated against the company, travel security advice and safety measures. The important item within these stories regarding fraud was the disposition of the case so the readers would know the company's stance on these issues.

Other processes can also assist in the fraud detection and prevention realm. According to data from other companies, the most successful is a fraud hotline. This type of medium allows for employees to anonymously report violations of company policies that might otherwise go undetected.

Q: When I detect or suspect fraud, how should I manage a case if I am not the main investigator? What kind of progress reports should I provide to the CEO and to HR, and how do I document that the investigation has been handled correctly if there is a lawsuit afterwards with an employee involved?

A: If you suspect or detect fraud, the best practice is to inform a fraud professional immediately so any action by someone else will not compromise the investigation. Fraud professionals within my organization initiate an investigation. Any activity regarding the case is documented in our case management system, which allows anyone in the security organization to check the progress on a case. The VP of legal is updated on security-related investigations and events through monthly status reports. Human resources should be involved only in fraud investigations that involve an employee. The role of HR is not an investigative one, but to provide advice and guidance regarding personnel decisions after an investigation has been completed. In cases involving an employee, my security managers notify an HR consultant early in the investigation. All investigative activity is documented in a report of investigation, which is then provided to legal, HR and the employee's department. The report is used to decide discipline and as a factual representation of the case for possible litigation. These reports should not be contained in the employee's personnel file.