Fraud remains a significant risk for organisations across all industries, with financial, reputational, and operational impacts often being substantial. An organisation delivering community-based services requested a review of its fraud prevention framework as part of its cyclical internal audit plan. The organisation operates across multiple locations, employs over 200 staff, and processes significant membership funding, grant funding and donations annually. Due to its decentralised structure, the organisation recognised the need to strengthen its fraud prevention controls and sought assurance over their design and effectiveness.

Primary objective

The primary objective of the internal audit was to evaluate the design and operational effectiveness of the organisation’s fraud prevention measures. Specific areas of focus included:

• Assessing the organisation’s fraud risk management framework and alignment with industry best practices.
• Evaluating the effectiveness of internal controls in mitigating fraud risks.
• Identifying gaps in fraud awareness and reporting mechanisms.
• Recommending improvements to strengthen fraud prevention and detection capabilities.

HaysMac approach and methodology

Our initial approach was to consider their fraud control framework and developed a set of fraud scenarios for our fraud preventative controls assessment, this included the following amongst others: conflict of interest, bypassing procurement processes, tender evaluation process, miscoding of expenditure, supplier payment process, manipulating set-up of new suppliers, manipulating financial reporting, and employment fraud.

We referred to regulation and legislation to ensure that all basis of fraud management were addressed during our assessment. The failure to prevent fraud offence captures the fraud and false accounting offences most likely to be relevant to organisations: fraud by false representation (section 2 Fraud Act 2006) fraud by failing to disclose information (section 3 Fraud Act 2006) fraud by abuse of position (section 4 Fraud Act 2006).

Key observations

Following the audit, we shared detailed findings with the client to help strengthen the overall control environment. The focus areas helped the organisation acknowledge weaknesses and gaps in the control framework. Some key thematic observations were as follows:

• Increased fraud awareness across all levels of the organisation.
• Formalise the fraud risk assessment process and integrate it into the organisation’s enterprise risk management framework.
• Strengthened internal controls, particularly in regional offices.
• Enhance internal controls by ensuring adequate segregation of duties, particularly in procurement and payroll processes.
• Enhanced capability to detect and respond to potential fraud through the use of data analytics.
• Greater employee confidence in reporting concerns via the whistleblowing mechanism.
• Implement mandatory fraud awareness training for all staff, with tailored modules for high-risk roles.

Conclusion

Fraud prevention is a critical component of an organisation’s risk management and governance framework. Where fraud preventing measures are not regularly considered can expose an organisation to significant risks, including financial, operational, and reputational damage.

The risks of not undertaking a fraud prevention review extend beyond immediate financial losses to long-term impacts on reputation, operations, and compliance.

Regular reviews are essential to proactively identify and mitigate vulnerabilities, ensuring that the organisation remains resilient in the face of evolving fraud risks. By investing in fraud prevention, organisations can safeguard their assets, reputation, and future growth.

Key areas for every organisation to consider when considering their fraud prevention framework:

1: Governance and oversight
2: Fraud risk assessment
3: Policies and procedures
4: Internal controls
5: Whistleblowing mechanism
6: Awareness and training
7: Fraud monitoring and detection
8: Incident response and investigation
9: Culture and leadership
10: Third part and external fraud risks