In January of 2021, Tuskegee University made an unsettling discovery — there were major financial discrepancies in grant payments to certain school funds. To get to the root of the issue, the university launched an investigation. The effort was led by a Special Review Committee in partnership with law enforcement, and it revealed that roughly $500,000 had been stolen from the school through diversions of grants and university-owned funds. The scheme took place over several years, and likely avoided detection due to the small portion of the total funding the fraudsters took, and the small increments in which they took it. In the end, three staff members were arrested, and many more were terminated by the school for their involvement.
In a letter shared with the university community, Dr. Charlotte Morris, President of Tuskegee University, stated “though the University was a victim of this complex fraud scheme, our internal investigation also highlighted the need for Tuskegee University to more closely examine the institutional controls and accounting processes that made the University vulnerable to this breach of trust in the first place.”
Tuskegee University’s case goes to show that even a well-established organization could have weak spots that, unbeknownst to them, open the doors for fraud. However, there is a way to stop these schemes before they begin, and it starts with a comprehensive fraud prevention and detection policy.
Lessons Learned From Tuskegee: Anti-Fraud Measures To Take Immediately
Improve Whistleblower Reporting Procedures
A strong fraud prevention and detection policy first and foremost must include robust whistleblower procedures. It should start by explaining why the procedure exists, what its goals are, and what qualifies as reportable information. While some incidents are fairly obvious, others, such as mismanaged resources, inventory theft, and expense fraud, may be more ambiguous. In those situations, employees need to be certain about what they can and should report, as you don’t want employees to be discouraged from reporting due to a lack of clarity.
Next, the whistleblower procedure should include information on how employees can report malfeasance. Companies could allow reporting through a letter, email, phone hotline, an online form, etc. What matters is that the channels are accessible, can be completely anonymous, and everyone is aware that the company will keep their concerns confidential.
However, even with anonymous channels, people won’t report if they are worried that doing so could impact their career or bring about hostile treatment. And if that isn’t reason enough to ban retaliation, according to the Whistleblower Laws Enforced by OSHA, it’s strictly illegal. So, it’s an absolute necessity that your fraud prevention and detection policy around whistleblowers includes an anti-retaliation clause barring employers from taking any adverse action (firing, denying overtime, mocking, etc.) against a whistleblower.
Decentralize Approval Processes & Controls
An anti-fraud policy isn’t complete if it doesn’t incorporate accountability, and one way to do so is to decentralize the approval process and controls. If one person is in charge of managing finances for the company (or even a department), corruption could go unnoticed. To prevent this from happening, companies can implement multiple levels of approval and controls that go back to different people. For example, a company could opt to hire a third party to audit their books every year.
An organization’s fraud prevention and detection policy also needs to prohibit nepotism, which occurs when those in power show preference to friends or family, particularly by offering them jobs and promotions. This form of favoritism lends itself to supervisors overlooking potential red flags, in addition to a host of other issues. Nepotism hurts morale, prevents the most talented employees from moving up the ranks, results in biased decision making, hampers innovation, alienates other employees, and often brings about conflicts of interest. All of this leads to poor performance and company losses.
However, this doesn’t mean friends and relatives can’t work at the same companies, it just means there need to be well-enforced boundaries. To prevent nepotism in these situations, companies can create a policy that prohibits friends and relatives from directly or indirectly reporting to one another.
Implement Ethics Training
If people don’t know what the rules are, they can’t be expected to follow them, and if people don’t know what qualifies as unethical, they can’t be expected to act ethically. Ethics trainings ensure that everyone is aware of the behaviors that go against the company’s values. Not only does this help protect the company from fraud and prevent a hostile work environment, it also protects the business’s reputation. In this day and age, people can find out virtually anything about a company, and anything unethical they uncover could impact their decision to give that company their money.
Create A Fraud, Waste, And Abuse Policy
A fraud, waste, and abuse policy is an essential fraud prevention and detection policy, one every organization could stand to benefit from. The policy should clearly define and explicitly prohibit each of these behaviors. As we saw with the Tuskegee case, fraud, the act of intentionally deceiving others in an attempt to unlawfully gain something of value, can be extremely damaging. However, waste — the careless or excessive overuse of company resources — and abuse — the improper use of a resource — can be just as harmful. While these actions may seem small in comparison to fraud, over time, they can cost a company significantly.
Streamline Your Fraud Prevention And Detection Policy Management With Compliancebridge
Stopping fraud before it rears its ugly head is no small task, but a comprehensive fraud prevention and detection policy is a great place to start. ComplianceBridge has all of the tools organizations need to streamline policy creation. With automated workflows and approval staging, the process doesn’t have to be complicated, and with automated reminders and notifications, review and collaboration is fast and easy.
Managers can see who has read and signed off on policies, and employees always have access to the most up-to-date version, which they can view from anywhere with an internet connection. However, people also need to understand a policy in order to comply with it. So, ComplianceBridge offers online assessments to ensure everyone has read and fully comprehends the policy. Managers can even send follow-up materials to those who need them.
By guiding the entire policy lifecycle, making policies accessible, and ensuring employee understanding, ComplianceBridge makes managing fraud prevention policies a breeze. Thinking of revamping your anti-fraud policy? Request a demo today!