Top 10 tips for building an anti-fraud culture
CIPFA Counter Fraud Centre offers its top 10 tips to protecting your organisation from the evolving risks of fraud.
In today’s changing environment, keeping one step ahead of the fraudsters is a real challenge. To effectively protect your organisation from fraud and other harmful, high-risk behaviours including corruption, money laundering, asset misappropriation and cyber-crime, creating the right culture is vital. The CIPFA Counter Fraud Centre has compiled a list of top 10 tips, with an emphasis on making sure that counter fraud staff have the right skills.
1. Set the tone at the top
Creating an anti-fraud culture is part of good governance and should start with a clear commitment to tackling fraud and corruption led by the executive board. Ideally, zero tolerance to fraud forms part of your organisation’s ‘ethical mission statement’ or strategy document, reinforcing expected standards in public service. Having qualified counter fraud specialists in place can help to achieve this, as they have the credibility, standing and expertise to raise the profile of the anti-fraud agenda internally.
2. Know and prioritise your fraud risks
Knowing what the fraud and corruption risks are determines the type of framework you need to put in place and how your staff work within it. For example, if your risks include procurement fraud, those responsible for procuring contracts and services need to recognise fraud, bribery and corruption indicators when they see them. Qualified counter fraud specialists ease this process as they can assess risk and train support staff in appropriate action.
3. Scan the horizon
Fraud is constantly changing and scams often target frontline staff. What seems low risk today may turn into high risk in the future. From impersonation to phishing, cyber fraud to mandate fraud, it is vital that your organisation is up-to-date on the latest threats and risks and how to tackle them. Qualified counter fraud specialists can ensure that staff know where to go if they suspect something but are also plugged into networks of other specialists, which are vital sources of information and alerts.
4. Build fraud awareness
Creating an anti-fraud culture and beating fraud should be everyone’s priority within an organisation, from the dedicated counter fraud specialists through to the procurement team, HR, facilities staff and beyond. A qualified counter fraud specialist will be fully trained in how to help mobilise the entire organisation in the fight against fraud. Whether using e-learning, staff briefings, posters or internal alerts – or a combination of all these – they will be best placed to define and execute awareness programmes that best suit your organisation.
5. Ensure policies and procedures are in order
Counter fraud specialists are expert at both finding the gaps in existing policies and procedures and in defining what counter fraud policies are needed based on the size and nature of your organisation. For example, a general fraud policy should include guidelines on what to do when suspicions of fraud arise, a response plan, details of gift/hospitality registers and, where appropriate, mandatory declarations of interest. A visible and well-articulated whistleblowing policy is also essential for creating an anti-fraud culture.
6. Create a dedicated anti-fraud team
Your counter fraud specialists would ideally function independently from other teams. This is to ensure their objectivity and unfettered access to the information and resources they need. This includes access to specialist services, including forensic support and confidential and secure resources for keeping evidence.
7. Take action
Recovering money lost to fraud so it can be spent on key services is obviously vital. Qualified counter fraud specialists are fully trained in how to conduct investigations, how to pursue a case to court and how to prepare a case for passing to the CPS, solicitors or police. In addition, they have the ability to give evidence in court and also to undertake proceedings using the Proceeds of Crime Act.
8. Measure success
Today’s counter fraud specialists not only understand how to detect, prevent and recover fraud losses, they are also trained to measure and report on the effectiveness of the preventive measures they put in place. This forms a key part of an organisation’s anti-fraud culture as it highlights to senior management the success of counter fraud work, the money saved and where vulnerable areas exist in the organisation.
9. Publicise your success
Sharing the outcome of a successful investigation or how an anti-fraud measure has worked is a great way to send a message that fraud doesn’t pay. Qualified counter fraud specialists understand this and will want to publicise their success both internally and externally. As well as being a deterrent, this can also lead to an increase in referrals and whistleblowing, which are indicators that your anti-fraud culture is working.
10. Never take your eye off the ball
Fraud is an evolving threat and as fraud risk doesn’t stand still nor should your organisation’s strategy to combat it. Qualified counter fraud specialists are trained to implement and manage programmes to regularly monitor the measurement and control strategies in place, making any necessary adjustments as they go. They will also be able to recognise circumstances when refresher training may be needed and when a new threat demands action.
Click here to find out more about the training offered by the Counter Fraud Centre.
BT explains how IP address management can unlock further benefits from the multi-cloud infrastructure
BT explores how to manage the risks and rewards of the cloud in their infographic guide, offering advice for ensuring that the challenges don't hold you back
A global cloud infrastructure offers many potential benefits, but also many challenges, and every organisation’s hybrid cloud strategy is unique. BT presents practical advice on getting the most...
BT presents a complimentary copy of Gartner's report, which highlights how, through 2022, at least 95% of cloud security failures will be the customer's fault