Welcome to a special five-part K2 Integrity sponsored podcast, series Business and Financial Fraud: Yesterday, Today, and Tomorrow. In this series I am joined by Joanne Taylor, a Managing Director at K2 Integrity. She has 20 years of legal, investigations and financial crime compliance experience, working within the financial and legal services industries. I am also joined by Ray Dookhie, a Managing Director in K2 Integrity’s Investigations and Risk Advisory practice, with more than 25 years of experience in compliance, integrity risk monitoring and management, and investigations. Over this series, we will consider the top fraud trends you might expect to see in 2021, what the regulatory landscape may well look like in 2021, best practices in fraud prevention, how to detect fraud and responding to fraud once it is uncovered. In Part 3, Ray Dookhie reviews best practices in fraud prevention.
We began with an exploration of how organizations should stay ahead of these issues and move from simply a detect mode to a prevent fraud and misconduct mode. Dookhie believes there are several aspects of a fraud and misconduct prevention program. The first is to understand the changes in the regulatory landscape and new regulations as he believes that organizations need to stay informed and even stay ahead of those regulations. The next step is a risk assessment, which he termed as absolutely key along with a gap analysis of the policies, procedures, and financial controls. Dookhie does not believe that financial controls “get enough credit in the compliance world.” (Although being a CPA does help inform this opinion.) This means we would expect that companies should be enhancing their policies, procedures, and controls to address the new risks and emerging risks.
Another key area of fraud prevention Dookhie pointed to is around training, which he believes “you cannot underestimate the power of training, as it is where an organization ensures that their officers, their directors, their employees on the front lines are informed of the risks and then the potential new controls that they may be responsible for.” The final place Dookhie referred to was that an organization must do a good job at understanding the fraud risks and creating a policy and procedure to detect and prevent them. All of these actions should lead to what Dookhie termed an “audit readiness assessment. Given the shift in the new regulatory landscape with potentially new regulations; this all has implications for policies and controls. An organization needs to make sure if the regulators are going to come into an organization, that we understand where the pitfalls in our compliance controls are before they get here.”
We recently had a major fraud enforcement action by the Department of Justice (DOJ). In the settlement, the DOJ listed out the steps for a fraud risk management program. I asked Dookhie how a compliance professional should think through performing a fraud risk assessment in the midst of the continuing pandemic. Dookhie began by noting there is “no single right response. You want to make sure that you’re asking questions in a way that it doesn’t allow for much wiggle room. This makes drafting the questionnaire a key aspect of doing a risk assessment. In the area of a controls assessment, you will need attachments of documents or supporting evidence, of the controls. You should also sample the transactions that they’re approving on a daily basis, just by way of example.”
We concluded by reviewing an audit readiness assessment, which can be used in conjunction with an overall fraud risk assessment. Dookhie said it is a basic “tool for compliance officers to help them stay informed. What the audit readiness assessment does is a very targeted approach to looking at fraud risks. You might do a dry run of what a regulatory audit would look like ahead of the regulators coming in.” From this you could then “design an audit program to stress test your own systems. The ensuing report will just help you improve your compliance program or an aspect of your compliance program.” It should also “hopefully identify some of the pitfalls before the regulators come in.” The bottom line is it can be a tool which helps compliance professionals “really get it right ahead of the regulatory visit or inspection.”
Join us tomorrow in Part 4 where we look at strategies for detecting fraud.
For more information on K2 Integrity, check out their website here.