Does your organization currently have an anti-fraud policy?  If the answer is no, consider this:  according to the Association of Certified Fraud Examiners’ (“ACFE”) 2020 Report to the Nations, organizations lose an estimated 5% of revenue to fraud each year.  Now combine that with the findings that a typical fraud goes undetected for 14 months.  If this worries you, consider building an anti-fraud program at your organization.

The risk of fraud can never be 100% mitigated.  Each organization needs to determine where they are most at risk and weigh the costs vs. the benefits of mitigating that risk to an acceptable level.  To do this visit the ACFE website at and conduct a Fraud Risk Assessment in the Fraud Resources Library.  Contact us for more details on this tool, more resources, and any questions you may have.  From here you are ready to start building a program to protect your organization from the hefty potential costs of fraud.

Internal anti-fraud controls can be broken down into three categories: preventive, detective, and corrective. Every victim organization we have worked with after discovering a fraud has 1) wished they had placed more importance on internal controls and 2) stressed about whether their insurance would cover the losses.  One important mitigating control every organization should have in place, regardless of their size, is maintaining an insurance policy that covers fraud.  While this alone doesn’t prevent fraud from occurring, it does mitigate the risk of loss associated with fraud.  Insurance is one of those things that you hope you never need to use but you are glad you have it.

While preventive controls are important, the importance of detective controls cannot be stressed enough.  Since you cannot eradicate 100% of the risk of fraud, you need to ensure your organization catches it sooner rather than later in order to minimize losses.  In the ACFE’s  2020 Report to the Nations, small businesses had the highest median loss.  This is attributed to small businesses being less likely to have anti-fraud controls in place.  There are four detective controls that could reduce the duration of a fraud up to 50%: a code of conduct; an internal audit department; management’s certification of financial statements; and regular management review of internal controls, processes, accounts, and transactions.

An anti-fraud policy communicates to the staff that this organization takes the threat seriously and has processes in place to minimize and respond to nefarious actions.  The policy should include:

  • defined actions that are deemed fraudulent
  • procedures employees should take if fraud is suspected
  • certification that any and all instances of suspected fraud will be investigated and reported
  • encouragement and the expectation that employees report suspicious behavior
  • expected steps to be taken if fraud is discovered
  • who is responsible for investigating and remediating any fraud.

Don’t wait until fraud has occurred to build an anti-fraud program.  At that point, it’s too late.

For additional information, email