Fraud poses a critical risk to organizations. Management can help mitigate that risk through a number of strategies designed to provide employees with multiple ways to report concerns about fraud or other misconduct.
Deploy telephone hotlines. A dedicated telephone hotline is the most popular reporting mechanism used by large organizations, according to KPMG’s Integrity Survey: 2008–2009, which found that 65% of such organizations used hotlines. The more successful hotlines are those with appropriate oversight and protocols that provide employees with confidentiality, anonymity and availability through toll-free, 24/7 and international service. Click here for a chart assessing how to implement a hotline.
Establish a Web-based reporting system. A dedicated Internet reporting system typically provides 24/7 access for employees to report fraud and misconduct candidly and anonymously.
Implement workshops or focus groups. These meetings elicit employee feedback on actions witnessed in the workplace and encourage brainstorming on what kinds of misconduct can occur on the job and how best to spot and stop it.
Conduct employee surveys. Confidential and anonymous employee surveys can help management spot potential risks based on employee attitudes, perceptions or behaviors.
Solicit third-party interviews. Soliciting information from customers, vendors, regulators, creditors, analysts or others who come into routine contact with employees can provide insight into business practices and risks for misconduct.
Keep in mind that auditing and monitoring in high-risk areas are important tools that management can use to help determine whether controls are working as intended and can often identify issues that may otherwise escape attention. Such auditing (evaluating past events) and monitoring (evaluating events in real time) can be conducted in areas where there is a specific concern, a history of fraud and misconduct, high employee turnover or organizational change.
Require exit interviews. Management can identify concerns through exit interviews with departing employees, who may provide input on issues they did not want to raise earlier.
Enhance management accessibility by walking around. This philosophy encourages a hands-on management style of visiting employees in their workspaces, listening to their concerns, asking questions and listening to their suggestions.
Create and publicize an open-door policy. This gives employees direct access to senior executives without having to go through multiple layers of bureaucracy. An open-door policy can help identify issues that may otherwise escape attention.
Deputize “ethics champions.” Geographically dispersed organizations should not presume that their telephone hotlines will be successful at uncovering fraud and misconduct at all organizational levels and locations. Such organizations may consider designating local resources as points of contact for transmitting concerns and allegations from the field directly to leadership.
—These recommendations come from the book Managing the Risk of Fraud and Misconduct in a chapter written by Timothy P. Hedley, CPA, Ph.D., ( firstname.lastname@example.org ) a KPMG partner and global coordinator for Fraud Risk Management Services. The book is co-authored by Richard H. Girgenti, J.D., ( email@example.com ) a KPMG principal who leads Forensic Services for KPMG’s Americas firm. For more on this topic, see Managing the Business Risk of Fraud: A Practical Guide at tinyurl.com/43um8ka.
Telephone Hotline Comparison: In-House vs. Third Party
|Can provide toll-free telephone service||Usually||Usually|
|Can provide 24/7 service||Sometimes||Usually|
|Can provide access to international callers||Usually||Usually|
|Can access real-time interpreters||Sometimes||Usually|
|Can provide real-time advice and guidance to callers||Usually||Rarely|
|Can staff the hotline with trained professionals||Usually||Usually|
|Can understand the company lingo likely to be used by callers||Usually||Rarely|
|Can provide staff that will never recognize the caller's voice||Sometimes||Usually|
|Can invest in technology-based call and data management protocols||Sometimes||Usually|
|Can apply confidentiality and anonymity protocols||Usually||Usually|
|Can forward cases to appropriate departments and monitor resolution||Usually||Usually|
|Can instill confidence in the quality and integrity of the mechanism||Sometimes||Sometimes|
|Can operate a hotline cost-efficiently||Rarely||Usually|
More from the JofA: