Reputational Risks in Your Organization - Part 5

Copyright (c) 2010 Peg Jackson

Portals to Fraudulent Behavior

People who engage in fraudulent behavior look to find the easiest targets within an organization. Some examples of portals to fraud include:

Travel claims.

Travel claims not processed in a consistent manner.

Reimbursements subject to arbitrary measures.

Senior management not required to provide the same level of documentation for a reimbursement claim as would a member of the rank and file.

Unauthorized use of debit/credit cards.

Many organizations permit senior executives to use debit/credit cards issued to the organization.

Unauthorized use of organization accounts with specific vendors.

Organizations need to have a means by which charges must always be linked to a verified project number.

Invoices.

Invoices from consultants and/or other vendors can be modified to cover for fraudulent activities.

Check disbursements.

Check disbursements and reconciling bank statements should be segregated duties.

Loans, gifts, bonuses and perks to executives.

Organizations often agree to loans and gifts to executives as incentives or as rewards for performance. Businesses, particularly if there is a corporate board, are under much more scrutiny in terms of the way in which executive compensation packages are approved. Family-owned businesses could have additional problems in the blending of their business and personal relationships.

Expense accounts and travel claims.

Financial misappropriation often is hidden in transactions involving expense accounts and travel claims.

Lack of an enforceable Conflict of Interest Policy.

The organization should require everyone in the organization to sign and adhere to a Conflict of Interest Policy - especially anyone who handles money or has procurement authority.

Minimal internal controls and no segregation of duties.

The organization does not have policies and procedures in place to establish controls on revenue and expenses. If an organization does not have adequate segregation of duties, an individual who prepares checks can cover his/her actions because the person also has access to the bank reconciliation statements.

The organization's IT systems need upgrading.

The organization's databases and other software are not integrated or subject to adequate security measures. This scenario creates additional opportunities to manipulate data and records.

The bottom line is that fraud needs to be discussed openly in the organization. At the very minimum, the above issues should be addressed in the organization's Human Resources policies. If change is needed, then it must begin at the top. Do not expect the rest of the organization's employees to change their behavior unless they see that the board and senior management have adopted these measures as part of daily operations.

Talking points in the discussion about fraud.

The organization's senior management needs to lead the way in talking about fraud - and needs to be the visible source of policy-making in this area. When s/he talks about fraud, the discussion needs to be candid about the factors that support fraud and best practices that will be put into place to help the organization reduce the potential for fraud within its operations. It is equally important to emphasize that the Board and Chief Executive are committed to whistleblower protection and have instituted procedures to ensure that any type of retaliation is reported directly to senior management.

Do not be sidetracked by the long-time manager, or employee whose feelings will be hurt if protocols and expectations are changed. The well-being of your organization comes first. These individuals will just have to get over their hurt if they want to remain on the staff of the organization. If they do not get over their hurt, you have an obligation to the organization to move them out of the way so that genuine change can take hold.

Establishing a safe and effective system for reporting waste, fraud and abuse.

Ongoing communication between management and employees is essential in ensuring that everyone understands why reporting waste, fraud and abuse is vital in keeping the organization safe and how investigations are conducted and findings presented. The organization's policies and procedures on whistleblower protection should contain the following features: A confidential means for reporting suspected waste, fraud and abuse.

Employees need to know how to go about filing the report and what types of evidence they should provide to substantiate their claims.

A process to thoroughly investigate any reports.

Employees should also know how investigations are conducted and what will be expected of them in terms of providing a statement or answering questions.

A process for disseminating the findings from the investigation.

The whistleblower should also know how the findings of the report will be disseminated.

No retribution for reports. The employee filing the complaint will not be subjected to termination, firing, harassment, or miss out on promotion.

This is the most important part of the policy. All employees should know what their rights are under the Whistleblower Protection Policy.

Even if the findings do not support the essence of the complaint, the employee who made the complaint will not face any repercussions.

Employees also need to understand that if they file a report in good faith and the findings don't support their claim, there will not be any repercussions.