The conclusive episode in my CRIME-based “Fraudcast” series examined information systems, monitoring and environment. I reunited with Stephen King to educate others on protecting their assets through preparation. CRIME is a business assessment framework created by the Committee of Sponsoring Organizations of the Treadway Commission, COSO. Our most consistent resource, The CEO’s Guide to Reducing Fraud, references their strategies.
Steve explained that information systems are mainly about making sure every person in the organization understands what is acceptable. Establish definitive roles, and not only keep a record of them, but also communicate them with employees.
This can sometimes be as simple as typing company standards into a Word document. Distribute rules and conduct training periodically. Amazing policies mean nothing if your staff isn’t included in the execution. That said, there’s no shame in turning to outside specialists if you need help with communication or structure. Steve noted the importance of staying on top of checklists in either scenario.
When it comes to computer processing specifically, implement separate login information and, if you’re in a hosting environment, know their data recovery procedure. Each hosting solution is supposed to have one, so become familiar with who holds your files. A firm believer in hosting solutions, even I was out of business for four days recently due to a host issue. We were unable to access data. Anything that could be done through an online system could be done with a computer, but our tax records and our desktop QuickBooks products became tied up.
The lack of control was huge lesson for us. I still say hosting solutions are a solid option, but, whoever is utilized, you must secure a timely backup on your end. Steve shared a story of a backup service he paid for. Having never tested it, when he went to use the program, he discovered a key credential was missing. To listeners, he pushed for running a data recovery process before requiring one. Learn to correctly pull figures from the resource, that way you can confirm all is in working order.
The “M” in CRIME, monitoring, is how you assess the quality of internal controls. This component of the COSO framework suggests looking at the systems over time to verify that they function as designed. It might be a good idea to enlist a different perspective, a professional not involved with the day-to-day or somebody orchestrating an audit. Ask them to double-check what you think is happening versus what is really happening. Unfortunately, designing an institution and expecting it to be there forever with zero oversight is not a durable plan.
In the Association of Certified Fraud Examiners (ACFE) Report to the Nations, they consider warning signs in employee behavior. Similarly, chapter four in The CEO’s Guide mentions red flags in detecting fraud. The “human factor” is a big deal. Meaning, the urge to commit fraud is frequently triggered by external forces, such as personal debt or sudden financial pressure.
Steve provided an example in which a man lost his job, racking up credit card bills during Christmas and getting charged for excessive data usage on electronic devices after the fact. Given the circumstances, the family paid their expenses with company checks. More personal elements that may hinder an employee’s better choices are a history of reckless spending, gambling and drug or alcohol abuse. If you have a gut instinct, monitor concerning behaviors.
Environment, the piece Steve dubbed most significant of our talk, focuses on the tone at the top. Essentially, if you act with strong core values, people will follow your lead. The COSO report confronts the notion of environments that promote unethical practices. Does management encourage compliance? “Do as I say, not as I do?” Is there a written code of conduct?
The ACFE Report to the Nations supports an environment that allows employees to communicate openly. Fraud is commonly caught within a workplace, Steve pointed out, through an anonymous hotline. If everyone is aware of where they can report fraud or suspicious activity, repercussion-free, a company reduces risk.
Additionally, evaluate the space you foster as an executive. Is it realistic? Don’t set too many goals that won’t feasibly be met. Striving toward success shouldn’t be unhealthy for you or them. Let people complete anonymous evaluation surveys, rotate job responsibilities and impose mandatory vacations. Make employee morale a priority.
Dawn is a Certified Public Accountant, Certified Fraud Examiner, and CEO of Powerful Accounting, LLC. Powerful Accounting is a nationally recognized accounting, tax, forensic and fraud, IRS and State Agency audit professionals as well as a QuickBooks consulting firm. Recently, Powerful Accounting has partnered with Anderson, Brolin & Coba...