Fraud Disasters Require a Contingency Plan Too
Your business probably has a disaster plan — or a set of procedures for dealing with a fire, natural disaster, terrorist attack or other emergency that could disrupt operations and threaten lives. Although a fraud contingency plan probably isn’t as critical, it’s still important for most companies to have one. Here’s how to draft and put a fraud contingency plan in place.
Where are your weaknesses?
Start by meeting with your senior management team and financial advisors to devise as many fraud scenarios as you can dream up. Consider how your internal controls could be breached — whether the perpetrator is a relatively new hire, an experienced department manager, a high-ranking executive or an outside party.
Next, decide which scenarios are most likely to occur given such factors as your industry and size. For example, retailers are particularly vulnerable to skimming and construction companies are prone to employee/vendor collusion in bid rigging. Small businesses without adequate segregation of duties may be at greater risk for theft in accounts payable.
Also identify the schemes that would be most damaging to your business. Consider them from financial, employee morale and public relations standpoints.
Who will be responsible for what?
As you write your plan, assign responsibilities to specific individuals. When fraud is suspected, one person should lead the investigation and coordinate with staff and any third-party investigators. Put other employees to work where they can be most effective. For example, your IT manager may be tasked with preventing loss of electronic records and your HR head may be responsible for maintaining employee morale.
You’ll also want to define the objectives of any fraud investigation. Some companies want only to fire the person responsible, mitigate the damage and keep news of the incident from leaking. Others may want to seek prosecution of offenders as examples to others or to recover stolen funds. Your fraud contingency plan should include information on who will work with law enforcement and how they’ll do so.
How should you communicate incidents?
Employee communications are particularly important during a fraud investigation. Staff members who don’t know what’s going on will speculate. Although you should consult legal and financial advisors before releasing any information, you probably want to be as honest with your employees as you can. It’s equally important to make your response visible so that employees know you take fraud seriously.
Also designate someone to manage external communications. This person should be prepared to deflect criticism and defend your company’s stability, as well as control the flow of information to the outside world.
Strong internal controls
A fraud contingency plan shouldn’t be your only effort to combat theft and other crimes within your organization. After all, this plan is intended to help you after fraud has occurred. So be sure to establish strong internal controls that can reduce fraud risk.
(This is Blog Post #1635)