Any organization should set out its approach to dealing with fraud in its fraud policy and fraud response plan. Organizations should ensure that this includes provision for learning lessons from fraud incidents and appropriate, prompt follow-up action.
Purpose of the fraud response plan
The fraud response plan is a formal means of setting down clearly the arrangements which are in place for dealing with detected or suspected cases of fraud. This plan should provide procedures for evidence gathering and collation in a manner which will facilitate informed decision-making, while ensuring that evidence gathered will be admissible in the event of any legal action.
Your fraud response plan should reiterate your organization’s commitment to high legal, ethical and moral standards in all its activities and its approach to dealing with those who fail to meet those standards.
Definition of fraud
A fraud response plan should provide a clear explanation of activities which would or could be considered fraudulent.
Roles and responsibilities
The division of responsibilities for fraud risk management will vary between organizations. Depending on size, industry, culture and other factors, this division might include:
a. Managers and supervisors
b. Finance Director/Chief Financial Officer
c. Fraud Officer
d. Human resources
e. Audit committee
f. Internal auditors
g. External auditors
h. Legal advisers
j. Public relations
l. External consultants
Reasonable steps for responding to detected or suspected instances of fraud include:
a. Reporting suspicions
b. Establish an investigation team
– The objectives of the investigation should be clearly identified along with resources required, the scope of the investigation and the timescale.
– The objectives will be driven by the organization’s attitude to fraud and the preferred outcome for dealing with fraud.
– An action plan should be prepared and roles and responsibilities should be delegated in accordance with the skills and experience of the individuals involved.
– The individual in overall control of the investigation should be clearly identified, as should the powers available to team members.
– Reporting procedures as well as protocols for handling and recording evidence should be clearly understood by everybody
c. Formulate a response
– In accordance with corporate policy.
An Investigation involves:
a. Preservation of evidence
b. Physical evidence
c. Electronic evidence
d. Interviews (general)
e. Statements from witnesses
f. Statements from suspects
Organization’s objectives with respect to fraud
The thoroughness of an investigation may depend on the course of action that the organization plans to take with regard to a case of fraud. An organization’s policy may include any or all of the following preferred outcomes:
a. Internal report
i. No further action
ii. Disciplinary action
b. Civil response
i. Legal advisers’ control
ii. Legal submissions
iii. Case file
c. Criminal response
i. Police controlled
ii. Case file
d. Parallel response
i. Civil recovery
ii. Criminal prosecution.
Follow up action
– There are lessons to be learned from every identified incident of fraud.
– Your organization’s willingness to learn from experience is as important as any other response.
– Large organization: Your organization may consider establishing a special review to examine the fraud with a view to recommending improvements to systems and procedures.
– Smaller organization: Your organization may consider discussing the issues with some of its more experienced people, with the same objectives in mind.
– It is important that recommended changes are implemented promptly.