Skip to content-main content

Part One: Fraud Prevention and Detection Best Practices

It seems a day doesn’t go by where there isn’t a news article talking about an employee who stole customer data or intellectual property, embezzled funds, or committed some other nefarious act against their employer. According to the Association of Certified Fraud Examiners (ACFE) most recentReport to the Nation on Occupational Fraud and Abuseorganizations lose 7% of their annual revenues to fraud; in their previous report, the ACFE indicated the figure as 5%. The current report also indicated the median loss amount was $175,000, an increase of 10% from what was reported in the previous report. There are a number of factors that can be attributed to the increase; the economy, pressure to perform, lack of loyalty to the organization, and an increasing sense of entitlement or greed.

Most reports, such as the one cited above, focus on the money that’s “walked out the door”; however, there are other costs to consider which can increase the figure by as much as 3 to 5 times the reported figure. These other costs include:

  • Investigation costs – the cost of maintaining an investigations department or hiring someone to conduct the investigation
  • Other Departments’ Involvement – An effective investigation program is collaborative in nature, key groups involved can include HR, IT, Legal, and management
  • Business Disruption – Regardless of how confidential the investigation is there will be rumors and lost productivity
  • Reputational Issues – if the matter makes the news media there will be costs associated with addressing reports and repairing the company’s image
  • Cost of Hiring a Replacement – estimates to replace an employee range from 30% to 45% of the individual’s first year salary

The costs and risks associated with internal fraud can be mitigated with an effective and comprehensive investigation program. The following outlines the components of an effective and comprehensive investigation program.


A company can have some of the most skilled investigators and a well-documented investigation program; however, if there is not a strong framework for the investigators to operate in then the program will be ineffective.

Tone from the Top – Senior leadership must not only “talk the talk” but “walk the walk”, they have to send a very clear message that they will not tolerate any unethical behavior or business practices by anyone regardless of position, expertise, etc.  And take appropriate action when unethical behavior is confirmed.

Code of Ethics – A company’s code of ethics must detail expected behavior. A code of ethics is not expected to deal with every possible situation; however, it should discuss, in general terms, expectations around conflicts of interests, insider trading, outside employment, compliance with policies and regulations. An effective code of ethics should require:

  • Reporting of known or suspected fraudulent activity
  • Cooperation in the investigation process
  • Penalties for failure to cooperate

Employees should affirm their understanding and compliance upon initial employment and again on an annual basis.

Internal Controls – An effective system of internal controls not only ensures the accuracy of financial data but also can prevent and detect internal fraud. Senior leadership should hold individuals accountable for failing to adhere to internal controls.

Risk Assessments – Periodic risk assessments of functions assist in identifying what areas are vulnerable to fraud and whether adequate controls are in place to prevent or detect unauthorized activity:

  • What types of fraud can occur?
  • How can the fraud occur?
  • What is the likelihood of occurrence?
  • What is the impact (i.e. dollar amount, reputational and operational) of the fraud?

Any gaps identified during the risk assessment should be analyzed to determine if the related risks are acceptable, and if not, what actions can be taken to remediate risk / close the gaps. Risk assessments should be performed annually or as there are changes to processes, regulations, etc. and include management, as no one knows the business better than the owners of the process.

Know Who You Hire

Criminal Background Checks – Criminal background checks should be considered for positions of trust or where the individual will be controlling significant assets. Some industries such as the financial services industry, are mandated by federal regulations to perform criminal background checks. The Federal Sentences Guidelines also has a “know your employee” clause.

Financial Reviews – Financial reviews should also be considered for individuals who will be handling cash or controlling significant assets. Financial reviews are subject to Fair Credit Reporting Act and a company’s Legal department should be consulted prior to performing.

Education and Employment – Education and employment background checks should be considered for positions where acquired knowledge is critical to the success or safety of the company and its assets.

Regardless of what background checks are performed, standards or criteria should be documented as to what is acceptable or not acceptable and consistently applied.

Reporting Known or Suspected Suspicious Activity

Reporting known or suspected suspicious activity must be an easy process; if it isn’t, activity may not be reported or reported timely.

Ethics Hotline – The Sarbanes-Oxley Act requires that all publicly traded entities have the ability to receive anonymous complaints related to unethical / inappropriate accounting and/or audit activities. The complainant should also have the ability, if they desire, to report their concern directly to the Board of Directors. Though not required by the Sarbanes-Oxley Act, a best practice is that the hotline have 24 x 7 accessibility. Companies not legally required to maintain an ethics hotline should consider establishing a similar process to ensure all concerns are reported.

Other Reporting Channels – In addition to an Ethics Hotline, consideration should be given to establishing email addresses (i.e. and internal numbers for employees to report their concerns. Additionally, employees should be encouraged to report their concerns directly to their contacts in Audit, HR, Legal and/or to management.

All available reporting channels should be promoted / advertised on the company’s intranet site and in common areas such as employee lounges, break rooms, etc.

Groups such as Audit, HR, and Legal as well as managers who may be the recipients of complaints must be trained as to what to do with complaints that they receive. Processes should be established to prevent two groups independently investigating the same complaint.

Internal Fraud Detection Software

Companies that conduct large volumes of transactions should consider using automated internal fraud detection tools to identify suspicious employee activity. Optimally, the software would be able to identify suspicious transactions and/or employee behavior.

—  Transactional analysis identifies unusual / suspicious transactions regardless of who owns the account

—  Behavioral analysis identifies pattern of activity of a system user which falls outside the range of normal activity for a pre-defined group such as call center representatives or cashiers

An example of a suspicious transaction could be an employee waiving a fee on their own account or a neighbor’s account of processing a transaction outside their authority (though there should be systemic controls to prevent the latter).

An example of unusual behavior could be a call center representative viewing a large number of customer accounts when compared to their peers (this activity could be indicative of identity theft or stealing customers).

The potential downside to internal fraud detection software solutions is that they can be costly to purchase, implement and operate. If possible, take advantage of bundling an internal fraud detection software with external fraud detection software.

Proactive Reviews

Proactive reviews should be performed in areas susceptible to fraud as identified in risk assessments. Proactive reviews not only can identify fraud in the early stages but can also identify control weaknesses which, if not corrected, would allow fraud to occur or go undetected. Areas where proactive reviews may prove most beneficial include:

Payroll Review – Payroll reviews should be performed to identify “ghost” or non-existing employees, employees receiving multiple payroll checks, and/or unusually high salaries given a position (e.g. an administrative assistance making six figures).

Travel and Business Expense Review – Travel and business expenses is one area that is often abused by employees. Reviews in this area should look for altered or missing receipts, purchases from merchants not typically associated with travel and business expenses (e.g. jewelers, home improvement stores, etc.), and excessive / unusual activity (e.g. an administrative or clerical position indicating sales call expenses).

Accounts Payable – Accounts payable is another area that is often the target of fraudulent activity. Reviews in this area should include identifying duplicate payments or payments differing by cents, two or more payments in the same month, payments sent to PO boxes, vendor tax identification numbers which are the same as employees’ social security numbers, and payments sent to addresses that match employees addresses.

Incentive Programs – Incentive programs, unless well designed and effectively monitored, can be taken advantage of by disreputable employees. This review should focus on typically poorer performers who suddenly exceed goals and employees who constantly exceed goals.

Ongoing Management Reviews

A key component of an effective internal investigation program must include ongoing management reviews and observations. Management should be aware of operational (i.e. work environment) and behavioral (individual) indicators (i.e. red flags) that could suggest unauthorized and/or fraudulent activity. Generally speaking, the greater the number of red flags, the greater the likelihood of fraud. Questionable activity or transactions should be researched to understand what is occurring and why. At the end of this article is a list of common operational and behavioral red flags.

Tom Holland is a Certified Fraud Examiner with over 28 years of experience developing and implementing global fraud prevention, detection and investigation programs, as well as conducting internal fraud investigations.  During his tenure at Bank of America, and Capital One Financial Corporation, Tom has implemented multiple programs that have resulted in significant reduction in fraud losses, as well as increased the speed and productivity of internal investigations.


If you would like to talk to Tom or want further information about implementing or improving your fraud prevention, detection and/or investigation programs contact Fahrenheit Finance at 804-955-4440.Information


In our next newsletter, Part Two: Internal Fraud Investigations, Requirements and Best Practices


Operational / Work Environment Red Flags

—  General ledger activity has increased without any apparent reason

—  Average balances in general ledger suspense / float / work-in-progress accounts have been steady increasing

—  There are an unusually large number credits of in the general ledger suspense accounts

—  There are an unusual number of aged general ledger suspense items

—  General ledger accounts are not reconciled, or reconciled timely

—  Differences identified during reconciliations are not researched or documentation supporting how differences were cleared is not available

—  There are unusual and/or large sundry operating losses without supporting documentation

—  Expenses for local purchases of supplies, staff, entertainment of customers, etc. have increased for no apparent reason

—  Receipts supporting expenses are missing or not original

—  Poor internal controls or disregard of  internal controls

—  Sales / marketing goals are unrealistic

—  There have been an unusual number of similar customer complaints or complaints involving the same individual

—  Certain customers insist that only a particular employee can assist them

—  Vendor payments are not supported by invoices

—  Vendor addresses are PO boxes instead of physical addresses

—  Vendor invoices are sequentially numbered

—  Too much reliance is placed on one individual (i.e. the subject matter expert) without appropriate oversight

—  Confidential customer information is not effectively controlled, particularly after business hours

Behavioral / Individual Red Flags

—  Employee is living beyond their apparent means

—  Employee suddenly comes into a large sum of money

—  There has been a dramatic change in the employee’s life (i.e. death, illness, marriage, birth of a child, etc.)

—  Change, often dramatic, in the employee’s personality

—  Change, often dramatic, in the employee’s lifestyle

—  Employee’s attendance pattern changes

—  Other employees have raised concern about the behavior of a particular employee

—  Employee is willing to work overtime without pay or historically resisted working overtime but is now willing to do so

—  Employee is unwilling to take vacation or is willing to come in and work during vacation

—  Employee is “protective” of certain customers and insists that they are the only one to assist these customers

—  Employee is involved in processing transactions and/or performing duties that are not within their normal scope of responsibility

—  Employee is knowledgeable of functions / activities that are not within their scope of responsibility or not in line with their previous work history

—  The same employee always performs or oversees certain key functions

—  Employee has total disregard for internal controls and transaction authorities

by Tom Holland, CFE