There are often many red flags which, in hindsight, are obvious to those who are left to deal with the aftermath of the fraud.
The risk is that fraud could be discovered but is not, as the organisation does not recognise the red flags associated with the fraud due to not having approriate exception reporting in place.
Methods to Mitigate the Risk
An organisation should be prepared to develop a series of exception reports that highlight red flags of fraud.
It must be remembered that red flags are just that. They indicate a potential problem. However, if the potential problems are not recognised and then investigated the fraud, if it is occuring, will continue to occur. For that reason, any red flags that are highlighted by the exception reports, need to be investigated.
An example of an exception report is to consider if employees have created false creditors which are being paid by the organisation. To do this involves electronically comparing employee and creditor bank account numbers, street addresses, postal addresses, post codes/zip codes, telephone numbers and mobile / call phone numbers (especially those employees in the accounts payable and payroll departments).
Another simple exception report is to consider variances between actuals to budgets for income that is below budget and expenses that are above budget.
It should be noted that there are numerous exception reports that can be utilised by an organisation. Each organisation should determine which exception reports are appropriate to them.
To make exception reporting easier, it can be computerised. An organisation should take the time to set up the exception reports that are appropriate. Once this initial investment of time has been made, the exception reports can easily be run on a regular basis. Then the investment of time will be investigating exceptions as they arise.