In an ethical, disciplined organization, it is everyone's responsibility to help detect fraud. This includes fraud within the organization, fraud committed on behalf of the organization, and fraud perpetrated by third parties such as customers, vendors, and volunteers. Who better than the accounts payable clerk to see expense reports submitted with photocopied instead of original receipts? Who better than a project engineer to notice that the vendor may be substituting lower quality or counterfeit parts on our job?
However, not everyone is aware of this responsibility, and it is important for your leaders to set the expectations that employees should report wrongdoing when they see it.
A terrific way to communicate this expectation is to address fraud clearly in your Code of Conduct. When I assess an organization's policy related to fraud, I use this checklist. Answer the questions at the top of the form to determine how well the information has been disseminated through your organization, and use the checklist to evaluate your policy's coverage.
Now that we have established responsibility it is critical to define responsibilities. It may be everyone's job to help maintain an ethical and disciplined environment, but it is certainly not everyone's responsibility to investigate wrongdoing. Therefore, proper channels must be established before embarking on an investigation.
To determine whether your organization has covered potential investigative responsibilities, feel free to use this table. Edit as necessary for your organization, change the departments at the top to fit your structure, and add or delete rows as necessary to fit your situation. Better yet, assign specific names to the responsibilities, rather than departments. After each case, you may also use the table to determine whether responsible parties properly conducted their duties.