7 things you can do to prevent fraud

(Second of three parts)

Establish a fraud hotline and make sure it is accessible and secure.

Often times, your people would like to do the right thing; unfortunately, there isn’t any mechanism for them to do it. Most companies may make statements about fraud and fraud prevention but if they do not have a mechanism to report possible incidents, people might just keep quiet. Remember, it isn’t easy to come forward. Management should realize that they need to put in place, a system that would allow people to feel more comfortable in reporting fraud. A fraud hotline is the most typical way this can be ensured.

Given the many advances in technology, it is easy enough to set-up your fraud hotline. Make sure you have several means for fraud reporting. Examples would include: a telephone hotline, an email, and even a conventional drop box. A few tips to keep in mind when developing your fraud hotline:

• It may be good to keep the email outside your network system. Keeping it within the network may make people feel less secure in using the address.

• An outsource group might be useful in manning your hotline. This adds another layer of security for people to feel more comfortable in reporting possible fraud issues.

• Make sure people know about it. Posters and sending periodic email is a good way to jump start your program.

The mechanisms for reporting fraud should also include your chain of command. Making people aware that they can talk to anyone in management will make them feel more at ease and will help in establishing confidence amongst your people resources.

Develop a Whistleblower Policy and perhaps a reward scheme

The increased focus on accountability has compelled companies to establish sound policies and procedures in place to ensure good governance. One recommended best practice is to develop a Whistleblower Policy.

A Whistleblower Policy establishes procedures for receipt, retention and treatment of complaints received from employees or from third parties regarding fraud risk, allegations of fraud and other financial misconduct.

To encourage your employees to work with you in identifying and preventing unethical behavior, those who act in good faith to report their concerns about any incidents of fraud, bribery or corruption should be, at a minimum, protected for their loyalty.

There is no “one-size fits all” approach for whistle-blowing programs and procedures. Details can vary depending on the size of your company. The essential components you need to take into consideration are the following:

• Whistleblower protection – Since employees fear retaliation from their superiors or peers if they “blow the whistle”, you should consider a formal corporate and legal protection for the whistleblowers and promote confidential reporting through easily accessible and well-publicized channels. As an added level of confidentiality, some larger organizations contract third parties to operate a hotline that people can use to report issues and concerns about possible illegal activities or unethical behavior. Your policy should also assure the whistleblower that any employee, who reports in good faith possible violations, will not as a result, experience threats, harassment or untoward employment consequences.

• How to report complaints – Your policy should (a) describe a clear communication channel through which you employees or third parties can report any illegal activity or suspected misconduct [provide examples of reportable activities in your policy]; (b) indicate who they can contact to submit their complaints and/or concerns; and (c) the required format for submitting the complaints. Ordinarily, employees will contact their supervisors or managers for their concerns; however, some employees may not be comfortable speaking to their manager for fear that their concerns will not be acted upon. In this instance, you may consider establishing a different reporting channel (i.e. in-house legal counsel or the HR Officer).

• Investigation and resolution of complaints received – You will need to identify who will be responsible for leading the investigation and resolving all complaints received – it could be the CEO, the Chairman of the Audit Committee, the Internal Audit or Compliance Officer or the company’s legal counsel. You will need to describe how the alleged violations will be documented, investigated and resolved and set a turnaround time to act upon the reported misconduct. Remember, the investigation should be conducted in a fair manner – a fact-finding process without presumption of guilt. Avoid turning your investigation into a witch hunt.

Another real cause to pause for thought are employees who intentionally report unfounded allegations so as to damage a person’s or the company’s reputation (malicious whistleblowers). Some use this argument against introducing whistle-blowing policies. An effective defence against malicious whistle-blowing is a clear process for appropriate reporting through well publicized channels and the education of your employees about integrity.

You need to emphasize that the real aim of whistle-blowing is not personal revenge but rather to raise awareness on the risks to the company so that these risks can be mitigated, if not completely eliminated. The communication of your company’s values and behavioral standards through policy statements and code of conduct is crucial.

Discourage spiteful accusations by stressing out that while proactive vigilance on any wrongdoing against the company is highly encouraged, those who report false and malicious accusations will be subjected to disciplinary actions.

(To be concluded)

(Imelda Horario Corros is a Director for Advisory of Manabat Sanagustin & Co., CPAs, a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity.

The views and opinions expressed herein are those of the author and do not necessarily represent the views and opinions of KPMG in the Philippines. For comments or inquiries, please email [email protected] or [email protected])