Preventing Fraud Through Employee Training
Your employees are one of the best resources you have in terms of preventing fraud. If properly trained, they are your first line of defense. In order to detect and prevent fraud, employees must first know what to look for, and then what to do about it. (Note that while it’s outside the scope of this article, training your employees to look for theft is also valuable.)
Employee fraud can take place in many ways, but by far the most common involves accounting, accounts payable, and payroll functions. In order to commit fraud, it helps to have access to money and accounts. Employees who submit expense reports are also prime sources of fraud, especially if your internal controls are weak.
Let's start with the basics. Train your employees so they understand company policies and procedures. Make sure they know and follow all rules and guidelines. Also make sure they understand the repercussions of committing a fraud - up to and including criminal prosecution.
Put the following processes in place and train employees to follow these processes. Internal training should include:
- Create separate duties with checks and balances built in. Require multiple approvals for expenditures. Have multiple employees keep the books, handle payroll, make deposits, and reconcile bank statements.
- Cross-train employees to perform basic financial functions. Relying on one person to handle a financial process makes it easier for that person to commit fraud.
- Train employees to perform basic internal audits - outside of their normal work area. Oversight is a great deterrent.
Then focus on training employees to identify external sources of fraud, including identity theft. (Not only is doing so a good practice to help protect your business and your customers, but creating procedures to stop identity theft will also soon be the law. See the article Understanding the Red Flags Rule for an overview of upcoming government legislation.)
Teach employees to watch for:
- Identity theft - using another individual's personal or financial information without his or her consent.
- Phishing - fraudulent attempts to get personal or company information that can be used to perpetrate identity theft.
- New account fraud - setting up accounts based on stolen identity or personal information.
- Credit card fraud - using credit cards without authorization.
- Check fraud - using checks without authorization, or using fake checks.
- Invoicing for over-utilization of services (i.e. billing for unneeded services; the services were performed but were not needed or requested).
- Invoicing for products or services that were never provided.
Policies and Procedures
The key to providing effective training is to first determine what policies and procedures you wish to put in place. If you run a retail operation and you wish to prevent identity theft, for example, you may decide employees should verify two forms of identification before accepting checks or credit cards. If that is your policy, train your employees and monitor that they, in fact, consistently follow the policy. The same is true for internal controls; if you decide one employee should verify the accuracy of incoming shipments at the receiving dock, and another employee should double-check the accuracy of items received before placing them into inventory, train employees appropriately and then check periodically to make sure your policies are being followed.
Then establish set procedures for what employees should do if they suspect internal or external fraud. Your procedures for handling external fraud can be straightforward and should not require significant judgment on the part of the employee. For example, if a cashier suspects that a customer is attempting to use a stolen credit card, they should immediately notify a member of management before proceeding further.
With internal fraud, the actions taken may not be so clear-cut. Many employees will hesitate to accuse others of illegal or unethical behavior; create a climate of trust by establishing a confidential way for employees to share their concerns. Confidentiality protects the whistle-blower and the alleged perpetrator; if the accusations are unfounded, no one needs to know there were ever suspicions in the first place.
Make sure that your employees are thoroughly trained and consistently apply your policies in order to protect your business against fraud.