By Tracy Coenen, Contributor to CFO.com
You think your company has a robust compliance program to prevent financial-statement fraud, asset misappropriation, Foreign Corrupt Practices Act violations, and other financial frauds. There are checks and balances in place, with lawyers, internal auditors, executives, and the board of directors keeping an eye on things.
Still, the unthinkable happens. Reports of a major internal fraud surface, and the scheme may involve several members of middle or upper management. The information – received through an employee’s whisper, an internal hotline, or the rumor mill – has enough substance to be deemed credible, yet not enough to know exactly who is involved, how wide-reaching the fraud may be, the amount of money stolen, or the exposure to government action and penalties.
What should the recipient of the tip do? First, realize that compliance programs fail. Despite a company’s best efforts, a risk may exist that its executives didn’t anticipate, or a hole that they didn’t see. There is no time for lamenting what went wrong. What matters is what a company does next, in terms of getting a handle on whether fraud occurred and keeping regulators at bay. With that premise in mind, here are the steps a company should take:
Evaluate the allegation. The first step for any company looking into a report of suspicious activity or discovery of a questionable situation is to determine whether it is credible. Are there specific allegations with sufficient information to be believable? Does the fact pattern make sense in light of what is known about the company, its operations, and its employees? The more specific the allegations, the more credible a whistle-blower report often is.