Over the past year, most businesses have been forced to contend with multiple crises, including COVID-19, social unrest and financial challenges. The last thing you need right now is a fraud incident. But if your company is defrauded, you can help mitigate the damage with a fraud contingency plan.
Identifying likely scenarios
No contingency plan can cover every possibility, but yours should be as wide-ranging as possible. Work with your senior management team and financial advisors to devise as many fraud scenarios as you can dream up. Consider how your internal controls could be breached — whether the perpetrator is a relatively new hire, an experienced department manager, a high-ranking executive or an outside party.
Next, decide which scenarios are most likely to occur given such factors as your industry and size. For example, retailers are particularly vulnerable to skimming. And small businesses without adequate segregation of duties may be at greater risk for theft in accounts payable. Also identify the schemes that would be most damaging to your business. Consider this from both a financial and a public relations standpoint.
As you write your plan, assign responsibilities to specific individuals. When fraud is suspected, one person should lead the investigation and coordinate with staff and any third-party investigators. Put other employees to work where they can be most effective. For example, your IT manager may be tasked with preventing loss of electronic records and your head of human resources may be responsible for maintaining employee morale.
You’ll also want to define the objectives of any fraud investigation. Some companies want only to fire the person responsible, mitigate the damage and keep news of the incident from leaking. Others may want to seek prosecution of offenders as examples to others or to recover stolen funds. Your fraud contingency plan should include information on who will work with law enforcement and how they will do so.
Employee communications are particularly important during a fraud investigation. Staff members who don’t know what’s going on will speculate. Although you should consult legal and financial advisors before releasing any information, aim to be as honest with your employees as you can. It’s equally important to make your response visible so that employees know you take fraud seriously.
Also designate someone to manage external communications. This person should be prepared to deflect criticism and defend your company’s stability, as well as control the flow of information to the outside world.
Taking swift action
A fraud contingency plan isn’t designed to prevent fraud. Instead, it’s a blueprint for taking swift and effective action should fraud occur. To reduce the risk of theft, you’ll need to ensure that you have strong internal controls. Contact us for help with both plans.