Five useful tips for creating a fraud risk management strategy

12 October 2015 Karan Vidal

The F-word spells dread for most businesses. We’re talking about fraud. You can tackle the would-be rogues and protect your company with a strong fraud risk management strategy.

At a basic level, fraud involves obtaining personal gain by dishonest or deceptive means, which results in loss for someone else. In other words, plain old thievery. Businesses need to be prepared for the eventuality that they may be the victims of internal or external fraud. A fraud risk management strategy will go a long way in reducing the instances of scams. The strategy should also outline what will happen if a fraud is uncovered.

The list of different types of fraud against a business can go on and on. Some of the most common ones include:

  • Using lost or stolen business credit cards.
  • Stealing cash or cheques.
  • Selling counterfeit goods.
  • Making false overtime claims.

Fraud risks should ‘sit’ within the overall risk management plan. The fraud risk management strategy needs to take both pre-emptive and defensive strikes. As fraudsters are becoming increasingly sophisticated, it’s important that this document is reviewed and updated to keep one step ahead.

The items below should be included in the risk management strategy to handle fraud.

The ‘fraud busters’ – roles and responsibilities

The structure to oversee the fraud risk management strategy will be different for each organisation. The following roles are seen as good practice to effectively create, enforce and monitor the strategy:

  • The board of directors – They have overall control of the strategy and will set the pace of how fraud risks will be tackled in the organisation.
  • The management team – Managers and supervisors are the eyes and ears ‘on the ground’. They are responsible for practically applying the strategy and being vigilant to any potential fraud within their teams.
  • Finance director – This is the person that has the overall accountability for the fraud risk management strategy. They will organise responses to allegations of fraud and update the investigation log. A fraud officer may take over the majority of tasks performed by the finance director in large organisations.
  • Human resources – Where there are any disciplinary procedures as a result of fraud, HR will step-in. They will provide advice on issues surrounding the potential fraudster, such as employment history.
  • Auditors – It’s recommended that organisations have both internal and external auditors to make fraud risk monitoring as fail-safe as possible.
  • Audit committee – The audit committee is responsible for reviewing an organisation’s fraud risk management strategy. They report their findings and recommendations to the board.
  • The legal team – Whether in-house or external, the first port of call when fraud is reported should be to seek legal advice. This is to make sure that your company follows both the civil and criminal law.
  • I.T staff – If the company’s systems have been used to commit fraud, the I.T department will be needed to retrieve any suspicious activity and lock the perpetrator out of the system, if necessary.

Ultimately, your business also has to have eyes on people who are paid to detect fraud. Take the case of Jessica Harper who committed a £2.4m fraud at Lloyds bank. Her job was to keep the fraudsters at bay. She breached her employer’s trust by using her position and knowledge for personal gain.

Fraud prevention

‘Prevention is better than cure’ should be the mantra when it comes to managing fraud risks. A large chunk of the fraud risk management strategy should be geared towards stopping fraudsters in their tracks.

Unfortunately, some deceitful activity will ‘slip through the cracks’, but putting in place some of the prevention strategies below should reduce these occurrences:

  • Always ‘beat the fraud risk management drum’ message into the organisation. If opportunist know that detecting fraud is at the top of your company’s agenda, they’re more likely to refrain from their course of action.
  • Promote ethics. An ethical culture should be entrenched into your business as a matter of course. Integrity should be promoted in how you deal with customers, suppliers and staff. The expectation is that your employees will follow your lead.
  • Water-tight control systems. People can spot loopholes in systems that are ‘ripe’ for exploitation. Hire people to try to ‘break’ the systems that are most susceptible to fraud or will cause the most loss. Then plug any gaps.
  • Clear reporting processes. Your company should make it as easy and safe as possible for fraud to be reported.
  • Whistle-blower protection. No one wants to be penalised for drawing attention to unscrupulous practices. You need to encourage people to come forward about fraud by providing confidential methods of reporting. Get the whistle-blowing protection right and your employees will continue to report any suspicious activity. However, you can kiss goodbye to your staff alerting you to untoward goings-on, if they feel like previous whistle-blowers have been ‘hung out to dry’.

Who can forget the fate of one of the most famous whistle-blowers ever – Edward Snowden.


  • Anti-fraud training. New recruits and current staff should be required to take part in ant-fraud training. Records of attendees should be kept, in the event that a perpetrator pleads ignorance that what they were doing was wrong.
  • Performance and compensation schemes. Evaluating performance and providing recognition helps to reduce resentment. This in-turn will lesson the likelihood of an employee feeling entitled to take what they believe is rightfully theirs, because of unrewarded hard work.
  • Screen potential employees. Stopping the fraudster from setting foot in your company would be great. This is where pre-employment screening comes in. Checks like criminal history and employment background help to weed out the ‘wrong-uns’ before they get access to your valuable business. Both agency and permanent staff should be screened.

Weeding out the fraud

Realising that your fraud prevention techniques aren’t 100% foolproof will help you to concentrate on detection methods. Fraud detection techniques use analytics to spot irregularities.

The following should be included in your plan to detect fraud:

  • Data mining.
  • Trend analysis.
  • Exception reporting.

Be on the on the lookout for suspicious activity that could indicate that something fishy’s going on.

Keep your eyes peeled for any of these:

  • Emails sent at weird times to recipients not recognised by your business.
  • Lifestyle way exceeds earnings.
  • Signature or handwriting inconsistencies.
  • Transactions carried out without the required authorisation.
  • Adjustments to inventory.
  • Audit and controls logs being ‘turned-off’.

The response

A fraud response plan should be in place to have a standard procedure of dealing with any allegations or an actual swindle.

The provisions below should be included in the response plan:

  • How the allegation will be investigated.
  • How the perpetrator will be disciplined.
  • Recovery of stolen goods or money.
  • How the investigation will be document.
  • Measures that will be put in place to prevent something similar happening.

The organisation’s options

After an allegation has been investigated and there’s evidence of wrong-doing, the organisation can go down the different roads of:

  • Internal penalties.
  • Civil action.
  • Criminal prosecution.

The fraud risk management plan needs to change with the needs of the business. Regular updates should be made to keep up with new systems and procedures. Nothing will ever stop some people from doing the wrong thing when it comes to your business. It’s your job to put a fraud risk management strategy in place to create as many obstacles to wrong-doing as possible.