Managing Fraud Risk for Directors

Fraud and cybercrime are on the rise – BDO’s Fraud Survey found that 84% of mid-sized UK businesses experienced fraud in 2021, with 37% reporting a rise on the previous year.  Average losses were £223,000 in the year and 89% of those surveyed believed their company was more exposed to fraud than in 2020.

The COVID-19 pandemic has left companies more vulnerable to cybercrime, with an IoD survey finding that 30% of respondents felt their company was more susceptible to fraud since the pandemic hit – 22% said that their firm had been the victim of a cyberattack in the first year of the pandemic.

The move to homeworking has also had an impact on cybercrime. Hiscox’s Cyber Readiness Report 2022 found that smaller companies are increasingly turning to cloud solutions which in turn has seen criminals target these vulnerabilities. Cloud servers are now the number one point of entry for cyber attacks (41%) – a jump of ten percentage points on the previous year. The report also found that 20% of corporate cybercrime victims in the UK had their solvency materially threatened by the attack – further highlighting the need for company directors to be properly educated on fraud risks.

With a growing need for company directors to be aware of the risks of fraud and cybercrime and how to combat them, the IoD has created a new course, ‘Managing Fraud Risk for Directors’, which has been designed to equip directors with the skills and information to help protect their companies from fraud.

The main aims of the course are to:

• Enable directors to discharge their duties in relation to fraud.
• Raise awareness of fraud threats and risk.
• Better understand anti-fraud prevention and detection techniques.
• Study modern financial crime, particularly bribery and corruption.
• Review recent fraud cases to learn their lessons.

In order to properly prepare directors, the course is divided into four sections to give attendees a foundation in fraud prevention and detection:

• The modern anti-fraud framework
• Risk and responsibility
• Effective fraud prevention
• Deterrence and detection techniques

The modern anti-fraud framework

• A guide to the different types of fraud including phishing, ransomware, asset misappropriation, insider dealing, money laundering and bribery.
• Case studies to demonstrate the mechanics of different types of fraud, as well as the consequences for the companies and individuals involved.
• Basic corporate antifraud practices such as effective management of user privileges and strong security protocols for digital devices.
• A summary of the international and UK legal frameworks designed to prevent and investigate fraud.

Risk and responsibility

• Factors affecting the rise in fraud.
• A guide to who is responsible for the prevention and detection of fraud.
• Special emphasis on the board’s ultimate responsibility to protect a company from fraud, including governance failings to guard against.
• Focus on accounting fraud, including motivations, key controls and responsibilities of auditors.
• Spotlight on corruption and bribery, including key legislative protections, potential reputational damage and procedures and controls to minimise risk.

 Effective fraud prevention

• Key steps to creating and implementing a strong fraud risk management framework, including how to identify fraud control weaknesses.
• Writing and maintaining effective anti-fraud and anti-corruption policies and procedures.
• How to identify and remedy any conduct risks, including lack of training, complacency and a lax workplace culture.
• Common factors to most frauds – ‘The Fraud Triangle’ of opportunity, incentive and rationalisation.
• Behavioural red flags to watch for, including changes of lifestyle and personal control issues.

 Deterrence and detection techniques

• The board’s role in deterrence against fraud and corruption, including a strong commitment to creating a culture of honesty.
• Toolkit for detecting fraud, including understanding risks and motive, the importance of internal and external audits and individual accountability.
• Focus on whistleblowing as a deterrent and investigatory tool.
• The importance of external due diligence controls to maintain transparent and ethical business relationships.
• Modern tools for detecting fraud, including using data effectively and break-point clustering.

Once completed the course will give directors a solid grounding in five key anti-fraud principles to inform company boards:

• Risk governance
• Risk assessment
• Control activities
• Investigation and corrective action
• Monitoring

To help full IoD members in combatting fraud, they can contact the Information & Advisory Service for a range of templates from the legal database LexisPSL, including:

• Anti-bribery and corruption policy
• Whistleblowing policy
• Internal investigations and fraud investigation policy
• AML and counter-terrorist financing policy
• Money laundering, terrorist financing and proliferation financing organisation-wide risk assessment

© Institute of Directors. All rights reserved.