By Lawrie Holmes Run your businessThe steps businesses should take to prevent fraud11 Jan 2018 Almost every organisation is vulnerable to fraud. In this post we consider the many approaches for combating theft in the corporate environment.Accounting professionals are on the front line when it comes to fighting fraud because the finance function may be best able to detect and respond when a theft has taken place in the company. Gavin Williamson, forensic accounting partner at BDO, says that the vast majority of thefts result from simple security breaches, often the loss or theft of employees’ login and password details.The most damaging form of fraud is still employee or internal fraud, says Williamson. However severe the financial loss, it is often the breach of trust and the resulting suspicion and blame associated with employee fraud and its aftermath that are most destructive to an organisation.Understanding your weaknessesPaul Smethurst Partner, Forensic and Investigations at accountants Carter Backer Winter, says for the SME a key exposure rests in the inability to segregate duties such as ordering services, approving invoices for payment and authorising actual payments.Most SME owners who do not implement payment processes themselves will almost certainly have in place an authorisation limit structure and will likely review bank account statements and transaction listings on a regular basis. This is so they can check what monies are coming into and going out of the business and that there are no suspicious or unusual transactions, says Smethurst. “But it should be noted that no accounting control system can combat collusion between a number of employees, even if there were scope to implement segregation of duties,” he warns.Building a fraud strategySmethurst says finance needs to play a key role in reviewing all business activities – to identify where the business is at risk by considering all products and business sectors it is involved with, where it does business, and who it does business with and whether it deals with any governments or officials. This review should form the basis of an internal assessment of risk and the determination of a proportionate response.Developing effective anti-fraud controls is vital says Alex Plavsic, Head of Fraud Investigations at KPMG UK LLP. When organisations fall victim to supplier fraud it’s often because when processes fail there is not sufficient awareness of the fraud amongst staff to make them query the payments.The second signature needed to change the bank account details from the genuine supplier’s to the fraudster’s is just a tick-box exercise which requires no scrutiny. Or the telephone confirmation is done using the phone number supplied by the fraudster rather than the one held on file for the supplier. A targeted awareness campaign by the organisation about this type of fraud and what to watch out for can be more effective than the addition of yet another process, says Plavsic.Creating an anti-fraud cultureThe best advice for any business is to focus on building an ethical and empowered team, says BDO’s Williamson. “The real ability of any organisation to resist fraud lies in its people – their ability to spot fraud ‘red flags’ and report and challenge inappropriate behaviour whenever they see it. The challenge for management is to foster this fraud resistant culture through education and empowerment of their people,” he saysWilliamson adds that a key component to building a fraud resistant culture is adopting a zero tolerance approach to incidents of fraud. “The only thing worse than facing up to a fraud is ignoring it or dealing weakly with it. When businesses seem to condone or avoid dealing with fraud or other misconduct, staff morale plummets and other potential fraudsters are encouraged,” he adds.Alongside this should run a policy of encouraging and nurturing whistleblowers, says Professor Middlesex University, convenor of the International Whistleblowing Research Network. He says the key aim of whistleblowing is to create an open reporting culture where disclosers feel confident that their concerns will be taken seriously and do not fear retaliation.He says concerns should be raised through the line management structure, but alternative mechanisms should be made available. As far as possible, people who ask for it should have their identity kept confidential and staff should have access to free confidential advice, says Prof Lewis.Tech is key to addressing challengesTechnology is critical in the fight against fraud. As fraudsters grow in sophistication, it is imperative that financial organisations adopt better fraud mitigation solutions to deter and defend against attacks. Technology empowers organisations to detect the early precursors of fraud from user transactional data, to erect defences in time and help ensure their customers are insulated from financial loss, says Sundeep Tengur, Banking Fraud Solutions Manager at fraud consultants SAS UK & Ireland. “Without technology, financial institutions would simply not be able to cope as the growing volume of data linked to electronic transactions would introduce a huge operational challenge linked to manual investigations,” he adds.“To keep pace with the fraudsters, organisations need to derive actionable intelligence from the information at their disposal – from customer information to transactional data. Spotting the tell-tale signs of improper payments and transactions means they can be stopped before any financial or personal assets are compromised. Many organisations are therefore embracing data analytics as a first layer of defence within their anti-fraud strategy. Real-time detection platforms are also critical as post-event detection where the fraud loss has already occurred is of little value as these funds are often virtually impossible to recover. Overall, businesses need to embrace a holistic approach to tackle the issue which caters for the central pillars of effective fraud detection: data, technology and operational processes.Fraud detection should not be a silo but rather a spectrum of tools and techniques that can be deployed horizontally across all operations and vertically to detect various modus operandi, says Tengur. The challenge that many SMEs face is the inability to derive insight from fragmented data sitting in silos which significantly impedes the efficacy and speed of fraud detection. With the immense volume of relevant data assets available, data management tools have become a critical starting point for small organisations in their fight against fraud, he adds.“Recent developments in cutting-edge technologies and revamped processes are also helping organisations fight back. For instance, the use of network analytics and AI-based (Artificial Intelligence) solutions has significant added-value. AI can mine data and detect potentially fraudulent behaviour faster than any human as part of an automated chain. Where necessary, the information is relayed to a team of fraud specialists through an investigation interface for review or to seek an expert decision. Through proactive interrogation of data and multi-layered defences, organisations can ensure pre-emptive action to curb fraudulent activity. On top of these obvious operational benefits, these measures allow businesses to adopt a holistic approach to fraud detection, enabling them to truly see the bigger picture of the financial crime landscape.”Top tips to deterring fraudIdentify the key risks. Understanding how and where fraud might take place is the most important starting point, something many organisations don’t even attemptPut controls in place: For example, aim to have all invoices linked to purchase orders and fight expenses fiddles by adopting automated processesCreating an ethical team: By promoting shared responsibility across staff an anti-fraud culture can be established across the organisation.Encourage and nurture whistleblowers: Establishing a hotline will create an open reporting culture where disclosers feel confident that their concerns will be taken seriouslyDevelop a response plan: The way you respond to fraud is within your control- including early steps to secure evidence, reporting lines and PR strategyInvest in good tech to fight fraud: High performance analytics can analyse vast quantities of data to give insight into customer or employee behaviours that may indicate fraud Lawrie Holmes is a leading business journalist who has worked on newspapers including the Financial Times and Sunday Telegraph as well as a number of specialist titles.