There is a plethora of evidence on how fraudulent and corrupt activities within an organisation have the potential to cripple an organisation’s growth and, in some instances, prospects of success. Not only does such activity hinder an organisation’s growth, but the financial consequences of such activity can have dire consequences for an organisation. Most small businesses do not have the financial muscle or resources to set up or sustain sophisticated internal risk and compliance units.
Mitigating the risk of fraud and corruption does not necessarily involve implementing sophisticated and complex processes and procedures. There are numerous practical measures that an organisation can take to protect itself from the sinister activities of those intent on enriching themselves unlawfully at the expense of others.
At the outset, one needs to understand the particular risks that one’s organisation faces. All organisations are at risk internally, from employees and externally from, among others, suppliers and service providers. Employees often pose a higher risk because they have access to company information, systems and the like. Furthermore, the procurement and finance functions of any business are usually the most at risk. There are also risks that may be unique to a particular organisation given the nature of its business.
Once the key risk areas in your business have been identified, it is important to implement practical and functional controls to mitigate fraud and corruption risks. These measures include:
- Documenting policies and procedures
Among others, such policies generally include:
- fraud and corruption policies (such as a fraud, anti-corruption, gifts and benefits, and whistleblowing policy);
- appropriate finance policies (detailing, amongst others, how payments will be processed, how invoices and other supporting documentation will be checked, different authorisation levels, and so on); and
- a procurement policy (setting out how the procurement of goods and services will be dealt with).
- Raising policy awareness
Organisations should ensure that all employees are made aware of company policies and that regular training is provided to them to ensure that they understand company policies and procedures.
- Setting the tone at the top
It is important that senior management establishes a culture within an organisation driven by ethical and lawful behaviour. Employees are less likely to follow the rules if they see senior management disregard the prescripts of company policies and procedures.
- Appropriate segregation of duties
This is particularly important in the procurement and finance units of an organisation. This should be coupled with appropriate checks and balances to ensure that nothing ‘slips through the cracks’.
- Vetting all prospective employees
This is particularly important when recruiting employees in high risk positions. This precaution includes employees with access to critical functions of your business.
- Vetting all suppliers and service providers
Get to know exactly who it is that you are doing business with. Establishing a business relationship with an unethical or corrupt organisation poses not only a financial risk to your business, but a reputational one as well.
- Creating a culture of accountability
Establish a culture in your organisation in which accountability flourishes. This includes establishing a mechanism for whistleblowers to report any irregular behaviour.
The above list is by no means exhaustive. Ultimately the measures an organisation implements to mitigate fraud and corruption risks will be guided by numerous factors. These include the size of the organisation, the nature of business conducted and the risks faced by the organisation. It is advisable to seek advice on the measures an organisation can implement to protect its business.
In addition to implementing preventative measures, it is important for an organisation to have an appropriate fraud response plan. One should not be misguided into thinking that “it will never happen to me or my business”. Fraudsters are not prone to warning their victims before they attack. It is important to have an appropriate plan in place to ensure that if fraudulent or corrupt activity is identified, the incident is handled in the most appropriate manner. In particular, an organisation needs to ensure that the business is protected from further fraudulent activity, that the full extent of such activity is discovered and that the perpetrators can be brought to book. Any action taken within the first few hours and days after such a discovery will significantly impact the course and/or outcome of an investigation into the matter as well as any ensuing legal process (such as civil recovery proceedings, a criminal investigation/prosecution or disciplinary proceedings against employees involved).
There is an African proverb that reads: “when there is no enemy within, the enemy outside can do you no harm”. The greatest risk to the success of a business is not necessarily its competitors but its employees who can cripple a business through fraudulent or corrupt activity. Limit your risk by putting in place measures to prevent the crippling effects of fraudulent and corrupt activity from affecting your business.