a) Who is monitoring the hot-line? If it’s done internally, assign either Internal Audit (IA) or Compliance to do it. You need someone independent, objective and that has access to Committees if needed. If you’ve a provider, determine: the escalation process and criteria to report it as urgent or normal and keep IA or Compliance as the main contact. Minimize gossip or leakage about this sensitive information.

b) Lack of reports doesn’t mean that everything is OK. It means your company is one more of the statistics: people don’t report because they are afraid, because they think nothing will happen, because they don’t want to lose their job. Make sure reports are taken seriously and something is done. Beyond an investigation: that internal controls are improved and that is sanctioned properly. You don’t want impunity to prevail!

c) Develop an anti-fraud program and a fraud checkup. This should be the framework on what to do, how to do it, who is responsible for what, etc. and the thermometer of how vulnerable the company is to fraud risk.

d) Keep a record of red flags: how many have been repeated? Which have been the repeated areas? Is it the same job position? Make an inventory of this, which will help you to improve your internal controls and detect possible frauds more easily.

e) Train ALL employees. Establish reminders on a regular basis about the code of conduct; of what is right, of what is wrong.

Make sure you’ve the right controls in place for fraud prevention and detection. The consequences of a fraud are catastrophic. But the worst is the impact it leaves on the image and reputation of the company.

By Mónica Ramírez Chimal - International Speaker & Trainer, Writer, Consultant-Partner at Asserto RSC