4034896Just about everyone’s got their favorite lists these days, from late-night TV celebrity David Letterman and his occasionally-funny “top ten,” to the rosters of famous reindeer, dwarfs, wonders of the modern world, continents, ad infinitum.  On the more serious side, we can all likely quote from the Ten Commandments and other relevant enumerations offering more than just orphaned, seldom-accessed information.  These serve targeted and useful purposes, from in-context guides to living, safety items, even indices of to-be-checked-off business rules.

The following list combines a number of lessons-learned in business, but I actually developed many of them from experiences in preventing or detecting fraud.  Clearly, though, they can be applied to a number of business approaches, strategies, pursuits, and tasks.  I offer them here, but know they are not all mine.  AND finally, they represent things which I voluntarily or involuntarily ended up learning (on my own, or “the hard way”).

  1. Make skepticism, but with a positive attitude, your “modus operandi.  Said another way, and in more famous words, “trust but verify.”  Yes, leaders set the culture and tone for the organization, and example is the best teacher, but you must prove – to yourself and others — that things are happening as planned, measured, and expected…and if they’re not…it’s trouble.
  2. Build relationships ACROSS the organization.  This is also one of the best ways to LEARN the business…but furthermore…it cannot be done from your office.
  3. Note and understand changes in behavior.
  4. Get the facts, as that’s where the devil is…in the details.
  5. Management must proactively establish and regularly communicate expectations, at all levels.  (The business process experts reside within your organization, and since TIPS are the best source of uncovering fraud – ensure your own experts know expectations.)
  6. If you cannot get CRISP information, either people do not understand, or they are hiding something…and both of those are problems.
  7. FACT: fraud (cheating, dumb business practices, inefficient/ineffective/suboptimal behavior, etc.) — all are occurring in the organization.
  8. Develop a “fraud” framework as part of risk management and assessment: the what, when, how, where…and who.  (Consider this as an extension of the scientific method you learned in elementary school—it is still applicable.)
  9. Develop robust, sophisticated reporting.  Address the usual suspects: people, processes, systems, transactions, and the “sacred cows” too.  Tools exist to assist or execute this for you—find and implement the best ones.
  10. Once you gain “street-smarts” from your experiences, know you can “trust your gut.”
  11. Act on the data, or be acted upon.  “Whistleblower is a four-letter word” so have your proof and your data, but be doing something about it.
  12. Expect to have to make this decision: at some point in time, you will change from documenting a process/transaction/behavior to…preparing evidence.  Steel yourself.

Trust me, this is not fully comprehensive—find what works for you—within your organization.