In light of the challenges caused by the COVID-19 pandemic, employee fraud might be the last thing on business owners’ minds. But fraud doesn’t stop just because employees are working remotely. And ignoring the problem if it exists in your company can cost you big in the long run.
If you have yet to implement clear internal policies on how to address employee fraud, here are some things you should know — and steps to take to help protect your business.
Evaluate your risk
Some of the most frequent fraudulent activities include the following:
- Collection of customers’ personally identifying information (PII)
- Unauthorized credit card purchases
- Payments to fictitious vendors for personal benefit
- Bank transfers to an employee’s personal account
With many of us working remotely for the foreseeable future, the risk environment at most organizations has changed over the past several months. This change could reduce or eliminate routine in-office procedures for handling sensitive information. Furthermore, layoffs or reduced hours might increase financial pressure on employees, making them more open to temptation.
Be especially vigilant for unexpected entries or discrepancies in the following:
- Expense reimbursements
- Company credit card transactions
- Daily, weekly, or monthly expense reports
- New or unrecognized vendors
Best practices for handling fraud allegations
No one likes to think an employee could commit workplace fraud. If the employee has a reputation as an upstanding citizen on the job and within their community, fraud allegations can cause confusion and denial for their colleagues.
If you suspect inappropriate activity, follow these best practices:
- Vet any anonymous reports to verify their credibility before moving into a full investigation.
- Involve legal counsel early in the process.
- Consider enlisting a forensic accountant or other independent consultant. In addition to bringing specialized training, skills, and tools, having an outside firm review documents and conduct interviews can help you avoid any actual or perceived biases that might occur with an internal investigation. Plus, an outside reviewer can take on the time-consuming task of going through what sometimes adds up to years of financial records. For organizations operating with reduced staff, adding these tasks to your team’s workload can create a significant burden.
- If fraud allegations are substantiated, remove the employee from the organization, as quickly as possible, whether through paid or unpaid administrative leave. Deny all access, including physical office keys and company passwords, and don’t overlook third-party applications accessed via the internet.
- As more information is uncovered, the employee might be asked to provide a statement. Should they refuse to cooperate with the investigation, document that refusal in case a subsequent decision is made to move forward with employment termination.
How to recover from employee fraud
After your internal investigation and depending on the length and magnitude of fraudulent activity, you’ll need to make some challenging decisions, including:
- How will you recover from the damage, both financially and from a morale standpoint?
- If assets were diverted, will you file an insurance claim?
- Will you file a police report, (usually required by insurers to proceed with a claim) which may lead to additional investigation by outside authorities?
You’ll also need to distribute internal messaging to reiterate that fraudulent activity will not be tolerated within the organization. Update employee onboarding processes and manuals to emphasize expectations for integrity and responsible handling of sensitive documents for staff at every level.
Another tactic to manage future risk is to secure adequate theft recovery insurance. Based on the experience of Wipfli’s fraud investigation team, wrongdoing often lasts anywhere from 24 months to several years. Even unauthorized transactions of a few hundred dollars per month can add up to major losses over time. If you haven’t already, plan to review your organization’s insurance coverage and determine whether it’s sufficient protection for your organization’s size and risk appetite.
There are multiple layers to unfold in the face of employee fraud, which is why it’s important to implement a plan of action before potential cases occur. Regardless of your organization’s size or historical background, it’s typically not a matter of if fraudulent activity will happen but when. Having a plan in place enables you to manage such stressful situations in a timely and efficient manner.