Mat Ng, Managing Director of JLA Asia, looks particularly at how smaller companies, which can be highly susceptible to incidents of fraud, can better protect themselves. This article was co-authored by Gabriel Tsui, Associate Director of JLA Asia.
Significant financial losses have been caused by fraudulent acts every year. According to a recent report conducted by Association of Certified Fraud Examiners, frauds between 2014 and 2015 resulted in the following:
- Total loss exceeded US$6.3 billion (average loss per case was US$2.7 million); and
- Median loss was US$150,000, 23.2 percent of which caused losses of US$1 million or more. Big corporations can hire consultants or professionals to design detailed and meticulous policies and procedures to prevent, detect and investigate fraud. SMEs can consider the following general recommendations to reduce the threat of fraud.
Employees at all levels, upon hiring, should be provided with an employee handbook with code of conduct and company policies in relation to:
- What behaviour and actions are prohibited;
- How to seek advice when they are uncertain of ethical decisions; and
- Where to report fraudulent acts.
Regular training should be provided to employees in respect of:
- Case studies;
- Regulatory requirements; and
- Refresh of company policies and code of conduct.
Procedures should be established to prevent and detect fraudulent activities. Examples of some basic prevention measures include segregation of duties, rotation of duties, periodic internal control review conducted by the internal audit department, etc. Here are some typical red flags:
- Regular payments in rounded amounts to same persons or entities;
- Payments made one or two days before month-end;
- Employees do not take leave;
- Employees do not regularly change or update computer login passwords; and
- Employees responsible for both fund application and approval.
A communication system should be established to:
- Promote ethical behaviour, deter wrongdoing and communicate ethical issues;
- Enable employees to seek advice prior to making difficult ethical decisions; and
- Report concern about known or potential wrongdoing.
- A designated compliance officer responsible for promoting ethical behaviour, encouraging reporting on wrongdoing (not only within the company but also to suppliers and customers), and investigating reported issues; and
- A designated hotline or email to receive anonymous reports of wrongdoing.
In some cases, it may be more appropriate to hire external professionals, for example:
- Covert investigation if you receive a whistle-blower report, but do not want to alert the fraudsters of any internal investigation.
- Potential investigation by local or overseas regulators because your suppliers or customers were involved in fraud.
- Advice on any weaknesses and improvements of current internal control procedures, employee handbook or code of conduct.
There is no one-size-fits-all fraud prevention manual, but we hope these recommendations can serve as some basic initial steps that SMEs may start considering.