1 Provide leadership from the top
"Setting an anti-fraud policy and leading by example improves attitudes towards fraudulent activities and sends out a message that it will not be tolerated," says Kellie Edwards, head of forensic practice at Salamanca Risk Management, a security and operational risk firm.
"Board members need to be encouraged to speak to all related parties, including staff, customers and suppliers at all levels," she says. "Board members need to come down from their ivory tower and feel the earth beneath their toes--even if it is just to check that it's not quicksand."
2 Identify the key risks
Many organisations don't even consider fraud to be a key risk, argues Alex Plavsic, head of KPMG Forensic UK. "This is often a combination of the poor capture of fraud within an organisation--hidden in losses such as stock write-offs, claimant errors or budget over-runs, and a lack of awareness of the organisation's fraud risks and how they would manifest themselves. Properly capturing and reporting fraud often pushes it up the agenda at organisations. One practical way of identifying whether it's underreported is to benchmark reported fraud against the experiences of comparable organisations."
3 Promote an anti-fraud culture
"A strong tone from the top lets employees know that the executives, the board and management have faith in, and rely on, the compliance programme for ferreting out fraud and abuse," says Tracey Stretton, legal consultant and e-disclosure expert at Kroll Ontrack Legal Technologies.
"A company must also invest time and resources in its staff," adds Mike Wright, partner at BTG Global Risk Partners. "Initiatives, such as employee share schemes and team performance rewards, can help to support a greater sense of shared responsibility that will not only discourage internal fraud, but also encourage employees to identify external fraud."
4 Develop effective anti-fraud controls
"When organisations fall victim to supplier fraud it's often because when processes fail, there is insufficient awareness of the fraud among staff to make them query the payments," says Plavsic.
"For example, the second signature needed to change the bank account details from the genuine supplier to the fraudster is just a tick-box exercise that doesn't include any scrutiny. Or the telephone confirmation is carried out using the phone number supplied by the fraudster, rather than the one held on file for the supplier. A...