Fraud is any intentional act or omission designed to deceive others, resulting in the victim suffering a loss and/or the perpetrator achieving a gain. The primary reasons why fraud occurs are pressure to do whatever it takes to meet goals, to seek personal gain as well as not considering their actions fraudulent.
All organizations are subject to fraud risks. Large frauds have led to the downfall of entire organizations, massive investment losses, and significant legal costs. Publicized fraudulent behavior by key executives has negatively impacted the reputations, brands, and images of many organizations around the globe.
Only through comprehensive and ongoing efforts can a credit union protect itself against significant acts of fraud. Key principles for proactively establishing an environment to effectively manage a credit union’s fraud risk include:
- A fraud risk management program should be in place, including written policy and procedures. It is important to understand the roles and responsibilities that personnel at all levels of the credit union have with respect to fraud risk management and what the expectations are of the board as well as senior management.
- Fraud risk exposure should be assessed periodically by the credit union. All credit unions should understand their specific risks that directly or indirectly affect them. Assessing the likelihood and significance of each potential fraud risk is a subjective process that should consider not only monetary significance, but also significance to a credit union’s financial reporting, operations, and reputation, as well as legal and regulatory compliance requirements.
- Prevention techniques to avoid potential key fraud risk events should be established, where feasible, to lessen possible impact to the credit union. While prevention techniques do not ensure fraud will not be committed, they are the first line of defense in minimizing fraud risk.
Every credit union is susceptible to fraud, but not all fraud can be prevented, nor is it cost-effective to try.
- Detection techniques should be established to uncover fraud events when preventive measures fail. Although detective controls may provide evidence that fraud has occurred or is occurring, they are not intended to prevent fraud.
- Processes should be in place to investigate and corrective action should be used to help ensure potential fraud is addressed appropriately and timely. A consistent process for conducting investigations can help the credit union mitigate losses and manage risks associated with the investigation. After the investigation has been completed, the credit union will need to determine what action to take in response to the findings. Any findings of actual or potential material impact may need to be reported to the board, the audit committee, and the external auditor if they are not receiving investigation reports directly. Notification may also be required to legal and regulatory agencies and the credit union’s insurers.
Although fraud is not a subject that any credit union wants to deal with, the reality is most credit unions experience fraud to some degree. A proactive approach to managing fraud risk is one of the best steps credit unions can take to mitigate exposure to fraudulent activities. Although no system of internal control can provide absolute assurance against fraud, credit unions can take positive and constructive steps to reduce their exposure through the combination of effective fraud risk policies, a thorough fraud risk assessment, robust fraud prevention and detection as well as coordinated and timely investigations and corrective actions.
By: MaryAnne Colucci, Director of Fraud & Risk