How creating the right organisational culture can prevent internal fraud and cybercrime
When you have a good organisational culture, you create an environment where employees feel invested in the company’s success and want to protect it. Because they want to protect it, they are more likely to identify and report threats.
Fraud and cybercrime are two huge threats faced by businesses and organisations of all sizes, and having the right culture can be instrumental in mitigating the risk.
What’s the difference between fraud and cybercrime?
Although fraud and cybercrime are often lumped together, they are different.
Not all fraud is committed online, and not all cybercrime is fraud. Understanding the difference is a big step towards minimising the risk of both.
Generally speaking, fraud involves making a false representation or purposely neglecting to disclose information to cause loss to a third party or give yourself an advantage (often financial). This can include false accounting, creating fake documents or obtaining money or data under false pretences.
Cybercrime is any crime committed online. This includes online fraud but also covers other crimes such as theft, sex trafficking, child pornography, dealing in illegal or stolen goods, etc. In other words, cybercrime is any criminal activity carried out online.
The fraud diamond: opportunity, motivation, capability and rationalisation
Businesses can be victims of fraud carried out by external parties, and it’s important that your teams understand how to spot suspicious activity. But external fraud isn’t the only risk.
Internal fraud is prevalent and usually occurs when four factors are present – opportunity, motivation, capability and rationalisation. These four factors are known as the fraud diamond.
Opportunity – wherever there is an opportunity, there is a risk. If your systems are vulnerable, your processes are flawed, and nobody is keeping track of the money, you create an opportunity for employees to act dishonestly. That’s not to say all or any of your employees would exploit any vulnerabilities, but the risk is heightened when the other factors are also present.
Motivation – desperation can make people do things they never thought they’d do or act completely out of character. If an employee is struggling to meet their financial obligations, they might be tempted to commit fraud if an opportunity presents itself. Divorce, bereavement, debt and addiction are just some of the many things that can quickly impact a person’s financial and mental well-being.
Capability – this concerns the capability of the perpetrator. This is why a higher proportion of internal fraud is carried out by members of staff who have worked within the business for a longer period of time. Longer serving staff members have the experience and the knowledge in how to best carry out the act successfully undetected.
Rationalisation – it’s amazing how easily people can justify their actions to themselves, even if deep down they know they are doing something wrong. “The company makes loads of money – they won’t miss it”, or “I work myself into the ground for this organisation, and they aren’t even giving me a pay rise this year.” If you don’t have a good culture where staff feel valued and engaged, the disconnect can make it easier to rationalise fraudulent behaviour.
While one, two or even three of these factors being in play doesn’t guarantee fraud will occur, it will increase the chances.
How to reduce the risk of internal fraud and cybercrime
You can reduce the risk of internal fraud and cybercrime by creating the right organisational culture – a culture where employees feel invested in the organisation’s success and want to protect it.
Establish a psychologically safe environment
Psychological safety is about creating an environment where employees feel comfortable being themselves. They aren’t scared to share their ideas or concerns, ask questions, or admit mistakes.
Employees who work in a safe and supportive environment are more open and honest. They are more likely to share any personal worries, which, if left bottled up, could lead them to act out of character.
A psychologically safe environment also makes it easier for employees to speak up if they have concerns or have identified suspicious activity. After all, you’re more likely to raise a concern if you think your concern will be taken seriously.
Lead by example – integrity inspires integrity
A good culture starts at the top. If senior managers aren’t showing integrity, then employees will follow their example.
If managers are manipulating figures to suit a particular narrative, purposely withholding specific information, or ignoring procedures, then employees will feel it’s acceptable for them to do this too.
Gradually those little transgressions become bigger and bigger, and the lines between right and wrong become more and more blurred.
Make fraud and crime prevention everyone’s responsibility
Fraud and crime prevention shouldn’t be one person’s responsibility – it should be everybody’s. That means having clear reporting channels for employees to raise concerns and report any suspicious activity.
Make sure employees are aware of these reporting channels and understand what to report, when to report it and who to report it to.
Provide training around fraud and cybercrime
Employees will only report suspicious activity if they understand how to identify it.
Make sure employees understand why prevention is important and how to spot threats. Employees who have had fraud and cybercrime training are more likely to spot:
• weaknesses in systems or processes
• internal controls that are not being followed
• exceptions to normal business operations
• unusual behaviour or strange requests by colleagues or customers
They can then report these findings to the correct person or department.
Mitigate the risk of fraud and cybercrime with Meritec
Meritec’s digital learning courses are an invaluable tool for organisations and businesses that want to mitigate the risk of fraud and cybercrime.
All our digital learning products are SCORM supported to integrate with your existing LMS. Alternatively, we offer a fully customisable and secure eLearning platform with an optional mobile app for hard-to-reach learners.
Each course has been developed with subject matter experts to ensure quality content, and we have created sector-specific versions for private businesses, schools, local authorities and sports clubs.
Our pricing structure is completely transparent and extremely affordable. Pay a one-off set-up fee and a single monthly subscription fee to cover all your employees.
Give your teams the tools to protect your organisation from fraud and cybercrime so your managers can sleep better at night.
Contact our friendly team for more information on our digital learning products or to book a demo.