Most companies respond to fraud after discovery. Better organizations build detection frameworks preventing or catching fraud early.
The Three Layer Model
- Layer 1: Prevention: Make fraud hard through controls
- Layer 2: Detection: Catch fraud when it occurs
- Layer 3: Response: Investigate and remediate
All three layers matter. Prevention without detection leaves you vulnerable to sophisticated fraud. Detection without response creates frustration and recurrence.
Prevention Controls
Segregation of Duties: No one person controls entire transaction from order through payment application. At minimum, separate: order approval, invoice receipt verification, payment authorization, reconciliation.
Approval Authorities: Define who can approve what amounts. Surprise large transactions are red flags.
Documentation Requirements: Require standard documentation for all transactions. Unusual requests for exceptions get scrutiny.
Physical Controls: Limited access to blank checks, credit card processing terminals, or system credentials.
Reconciliation: Regular reconciliation between AR subsidiary ledger and GL. Timely identification of discrepancies.
Detection Indicators
Transaction Level:
- Invoices to unusual or new vendors
- Amounts significantly larger or smaller than typical
- Unusual terms or pricing
- Payment to addresses different from invoice source
- Multiple invoices same amount (suggests templates)
Customer Level:
- Sudden behavioral changes
- New contacts requesting payment details
- Pressure to rush payments or bypass normal procedures
- Inconsistent with normal business operations
Account Level:
- Unexplained AR fluctuations
- Growing aging in specific customer accounts
- Disputed amounts spike
- Unusual write-offs or credits
System Level:
- Unauthorized access attempts
- User accounts accessing unusual areas
- Mass data exports or unusual reports
- System changes without authorization
Detection Technology
Automated Monitoring:
- Duplicate invoice detection
- Duplicate payment detection
- Outlier detection (unusual amounts, timing, customers)
- Vendor address change alerts
- Payment method changes
Exception Reporting:
- High-value transactions
- Invoices outside normal ranges
- Payments to new vendors
- Manual journal entries
- After hours transaction activity
Analytics:
- Expense pattern analysis
- Vendor concentration analysis
- Customer receivable analysis
- Time series trending
Response Procedures
Suspected Fraud:
- Preserve evidence (documents, emails, system logs)
- Don’t confront alleged perpetrator (allows cover-up)
- Notify audit/internal control function and management
- Involve legal counsel
- Report to appropriate authorities if warranted
Investigation:
- Detailed transaction tracing
- Communication review (emails, messages, calls)
- Reconciliation and analysis
- Interview non-accused parties first
- Preserve chain of custody
Remediation:
- Terminate perpetrator if warranted
- Recover amounts if possible
- Enhance controls to prevent recurrence
- Communicate lessons learned without embarrassment
Common Fraud Schemes Your Framework Should Detect
Billing Fraud: Vendor creates fake invoices, diverts payment
Lapping: Payment from Customer A applied to Customer B, then B’s payment to C. Eventually discovered but hard to catch.
Fictitious Vendors: Perpetrator creates fake company, processes invoices, takes payment
Embezzlement: Employee processes legitimate transactions but diverts payments
Ghost Employees: Payroll fraud creating fake employees or inflating hours
Expense Reimbursement: Falsified or inflated expense reports
Who Should Own the Framework?
Internal Audit if you have dedicated function. Independent perspective matters.
Finance/Controller if no internal audit. Finance owns AR/AP processes anyway.
CFO/Finance Committee must be aware and supportive.
Board Audit Committee should be briefed on framework and incidents.
Framework Documentation
Write your framework covering:
- Risk assessment identifying vulnerable areas
- Specific controls for each risk
- Detection procedures and escalation
- Investigation procedures
- Remediation and communication
Documentation demonstrates commitment to fraud prevention and provides guidance for staff. Without documentation, detection efforts become random.
Training and Culture
Staff Training:
- What fraud looks like
- How to report suspicions
- Protection against retaliation
- Understanding importance of controls
Tone from Top:
- Leadership commitment to ethical conduct
- Zero tolerance for fraud
- Regular communication about fraud risks
- Recognition of fraud-prevention success
Fraud flourishes in environments where:
- Controls are seen as obstacles rather than protections
- “Just bend the rules” attitude prevails
- No one gets caught or disciplined
- Fraud becomes normalized
Strong ethical culture combined with solid controls makes fraud genuinely hard.
Measuring Effectiveness
Track your framework:
- Fraud incidents detected and prevented
- Cost of detection vs. recovery value
- Time to detection (early is better)
- Control compliance rates
- Staff awareness/training completion
The Bottom Line
Fraud detection framework isn’t paranoia, it’s risk management. Well-designed frameworks catch fraud that prevention alone might miss. They also deter would-be fraudsters who see strong controls and active monitoring.
Building fraud resistant operations protects profitability and stakeholder trust.
