Fraud management is a system of policies and procedures implemented by a corporation to detect and mitigate its internal risk of employees committing illegal acts against the company's interests to enrich themselves. Although each corporation establishes its own specific procedures, fraud risk management will ordinarily entail assessment, prevention, detection, investigation, mitigation, and corrective action. The process is often handled by internal auditors or a fraud department with occasional help from outside auditors and other business consultants.
In the early 2000s, the US business economy was significantly impacted by fraud scandals that involved senior executives at a number of major corporations. Lawmakers felt that the scope of the crimes undermined the public's confidence in the country's financial systems and markets. A number of laws were passed that heightened the legal responsibilities of corporate management to actively guard against fraud by employees, established stricter management and reporting requirements, and introduced severe penalties for failure to comply. As a result, fraud management became a necessary functional process.
Major corporations employ dedicated staff members who are responsible for internal fraud management. These types of internal controls are distinct from the procedures a company might adopt to detect external fraud committed by customers or other third parties because the internal process is only concerned with illegal behavior by employees. The statistics regarding internal fraud have established that most major fraud is committed by senior management. When a senior executive steps over that line, the scope tends to be significant and the damage to the company's public image catastrophic.
A corporation's fraud team establishes policies and procedures to set an atmosphere of vigilance and zero tolerance within the company. After conducting an assessment, thorough fraud management addresses eight categories of activities. The team will initially be concerned with deterrence and prevention. This could take the form of enhanced security systems, redundant authorizations for high risk transactions, employee education, or written policies to make expectations clear.
Fraud management would next look to detection and investigation. Detection might include the company hiring an outside accounting firm to conduct a fraud audit of financial transactions. Investigation takes the steps necessary to determine the culpable parties. Once the involved parties have been identified, the team would move to mitigation of the damage and prosecution of the guilty. New corporate standards favor prosecution over internal settlement of instances of fraud in the belief that public punishment restores confidence and serves as a further deterrent.
The last two steps in the fraud management cycle are analysis and policy. Internal fraud can sometimes be traced to a particular climate in certain departments or the overall attitudes of certain employees. Analyzing why fraud occurs in the confines of a particular company is as important as detecting and stopping it. This analysis drives the establishment of the correct corporate policies to make internal fraud an unthinkable option.