Your business likely has a disaster recovery plan in place—procedures for handling fires, natural disasters or other crises that could disrupt operations or endanger lives. While a fraud contingency plan might not seem as urgent, it’s still crucial for most organizations. Here’s how to create an effective fraud contingency plan.
Identify Your Vulnerabilities
Begin by gathering senior management and financial advisors to brainstorm potential fraud scenarios that could impact your business. Think about how your internal controls could be bypassed—whether by a new employee, a department head, a senior executive or an external party.
Next, determine which fraud scenarios are most likely to occur, based on factors like industry and company size. For example, retailers are prone to skimming, and construction firms may face employee/vendor collusion in bid rigging. Small businesses with inadequate segregation of duties are particularly vulnerable to theft in accounts payable.
Finally, assess which fraud schemes would be the most damaging to your business, considering the financial impact, employee morale and the effect on your public image.
Assign Clear Responsibilities
When developing your plan, assign specific roles to key individuals. If fraud is suspected, designate one person to lead the investigation and coordinate with internal staff and external investigators. Delegate tasks based on expertise—for instance, your IT manager could handle securing digital records, while the HR manager works to maintain employee morale.
It’s also important to set the objectives for the fraud investigation. Some companies may simply want to mitigate damage, terminate the responsible party and keep the incident confidential. Others might seek prosecution of offenders to recover stolen assets or to deter future incidents. Your contingency plan should outline who will collaborate with law enforcement and how to proceed with legal actions.
Plan for Internal and External Communication
During a fraud investigation, clear communication with employees is essential. Without transparency, rumors will spread. Although it’s important to consult legal and financial advisors before sharing details, aim to be as open with staff as possible. Employees should know that the company takes fraud seriously and is actively addressing the issue.
Also, appoint someone to manage external communications. This individual should be prepared to defend the company’s reputation, manage any potential fallout and control the flow of information to the public and media.
Strengthen Your Internal Controls
A fraud contingency plan alone won’t prevent fraud; it’s a reactive measure. To minimize fraud risks, focus on strengthening internal controls. Some key practices include:
- Segregation of Duties: Ensure that no one person controls an entire financial process, such as both approving and processing payments.
- Approval Protocols: Require multiple signoffs on major transactions to prevent unauthorized actions.
- Regular Audits: Conduct routine internal audits to catch any potential issues before they escalate.
Fraud prevention requires constant vigilance and a proactive approach. If you need assistance in creating a fraud prevention plan or bolstering your internal controls, contact us for help.
Kaitlyn H. Axenfeld, CPA/CFF, CFE, is an audit partner at Dannible & McKee, LLP, a Syracuse-based public accounting firm that has been delivering expert tax, audit, accounting, valuation and consulting services since 1978. Kaitlyn specializes in forensic accounting and consulting services, including litigation support to law firms and privately held companies in fraud detection, damage calculations and prevention matters. For more information on this topic, contact Kaitlyn at kaxenfeld@dmcpas.com or visit www.dmcpas.com.