According to a survey by the Association of Certified Fraud Examiners (ACFE) and Grant Thornton LLP, 71% of enterprises expect the level of fraud within their organization to increase over the next year. As the tactics of bad actors are constantly evolving, risk managers need a full toolbox of antifraud resources. Communication is one of the most important—and potentially overlooked—tools you have to fight fraud. Effective communication involves a wide range of activities that organizations can implement to raise awareness about fraud. The following steps can help enhance your fraud risk management program:
Identify a champion. To ensure consistent, clear messaging across your organization it is imperative to have a dedicated person or group overseeing your fraud risk management program. Fraud risk management programs can be owned by compliance, operational risk, internal audit or other similar functions. Consider any relevant regulatory requirements, industry best practices and what works best for your organization. Once identified, this champion or group can serve as the lead for all fraud risk management communications across the enterprise.
Institute annual fraud risk management training. The fraud team should develop and deploy mandatory annual antifraud training for all employees. This training should: define what constitutes fraud, provide examples of both internal and external fraud, describe how fraud harms the organization, offer resources for reporting fraud, describe the role that everyone plays in fraud risk management and outline whistleblower protections. The content should be reviewed at least annually to incorporate changes to the fraud risk landscape, changes to the operating environment and lessons learned. This training should also be required during onboarding for any new hires, including temporary employees.
To make it more engaging and combat overall training fatigue, make your antifraud training interactive and practical. For example, you can integrate examples of past cases and schemes, and showcase how they were identified, handled or mitigated. You can also include interactive examples to help trainees apply the knowledge they are gaining. After, ask for feedback on ways to improve the training, and test employees’ knowledge to ensure it achieved its stated objectives.
Deploy a fraud awareness and training strategy. Organizations should also develop a strategy for targeted awareness and training efforts to ensure the antifraud tone permeates throughout the organization. This includes deploying targeted, role-based training that complements the general annual training and focuses on diving deeper into fraud issues specific to the employee’s business unit or individual role. These programs should include recurring sessions that address nuanced fraud concerns and provide employees with practical knowledge they can use in their daily work, such as job aids or red flag lists. Target specific areas of the organization with higher incidence of fraud or greater levels of risk as determined through fraud risk assessment.
As with the annual training, the content should be reviewed periodically to incorporate changes to the fraud risk landscape, changes to the operating environment and lessons learned to keep the information fresh and engaging.
Organizations should also implement broader awareness efforts, such as providing regular fraud updates at town hall meetings, producing periodic fraud risk management newsletters for stakeholders across the enterprise, or requiring leaders to incorporate fraud topics in their team meetings.
It is important to ensure the awareness efforts are relevant and meaningful for your organization’s unique operating structure and culture. Further, awareness efforts should be tailored for various stakeholder groups to ensure relevance and impact. For example, leadership may require a different type of information and cadence of updates than frontline employees. As you implement awareness measures, evaluate their effectiveness and adjust them as your strategy matures.
Develop a “one-stop shop” for all things fraud risk management. Your fraud risk management program encompasses a range of policies and resources. Many organizations spread this information across different locations—antifraud policies may be housed in one place while education resources are stored in another. It is useful to have one central spot for employees to find all the fraud risk management information they may need, including links to relevant documents and resources. This should include contacts for fraud reporting questions and links to reporting mechanisms.
Remember external parties. External parties are often forgotten when it comes to fraud risk management communication. Whether vendors or customers, external parties can play a key role in your fraud risk management program, but you must make sure to provide the tools necessary for them to do so effectively. For example, you can include contractors and vendors in annual anti-fraud training, and develop and deploy targeted fraud awareness initiatives for customers to help them protect themselves and stay updated about emerging threats.
External resources are one of the primary ways organizations discover fraud. The ACFE 2020 Report to the Nations found that 43% of fraud schemes were detected through tips, of which half came from employees and more than 30% came from customers and vendors. Your organization may miss out on this insight without effective external fraud risk management communication and awareness initiatives.