Considerations for building in-house fraud risk management teams: Expertise
In an era where technology is rapidly evolving, along with tighter regulations, stronger enforcement, and steeper sanctions, risks of fraud and non-compliance have become a reality for organizations. The implications of such events are either direct financial loss or reputational damage, and legal costs including fees, penalties, and settlements.
Broadly, organizations understand the urgent need to build a strong fraud risk management framework to effectively prevent, detect, and respond to fraud. There are, of course, various considerations in putting together such a framework, including infrastructure and costs, experience and expertise, independence, and ancillary support, that need to be examined in order to address all of the organization’s needs.
This series of blog posts will be exploring these issues, beginning with the question of whether such activity is best managed in-house, or whether it would prove more effective to have external experts build and manage it for the organization.
Many organizations opt to build in-house forensic capabilities for fraud risk management and investigation of internal complaints and incidents. The role played by such dedicated teams—if adequately trained, equipped, and empowered—cannot be undermined. Working within the organization on a day-to-day basis means that the teams can develop deep insight into the functioning of the entity, business requirements and dependencies, pressure-points, and process and control weaknesses. Additionally, informal conversations and connections with other employees can help internal teams to sense possible concerns or threats that may need to be delved into.
There are, however, a few considerations that organizations should bear in mind when building internal teams, the first being limited exposure to diverse incidents of malfeasance, fraud, and non-compliance across the industry at large. Wider knowledge often remains largely theoretical due to lack of exposure, which may mean that teams may face difficulties due to lack of relevant experience in case a new kind of fraud is encountered.
The second consideration is with regard to developing expertise in using technology and tools effectively in investigations and fraud risk management. Organizations may not wish to invest in latest technology due to budgetary constraints or lack of understanding of its
External fraud risk experts, on the other hand, tend to overcome many of these challenges as they work across functions and sectors, thus gaining wider exposure. They become early adopters of the latest tools and
However, external consultants often face a different set of challenges. They may not be familiar with the internal dynamics and environment of the client organization, which may affect their ability to view the situation in
In addition, seeing an external forensic expert is often unsettling for employees, who may become overly cautious about sharing information, thereby impeding the fraud management process. External consultants also typically agree upon a definitive mandate beforehand.
While there are advantages of both internal and external fraud risk management teams, both have their set of limitations. A ‘one size fits all’ approach cannot help organizations, as every entity has its own pain points and challenges. The key is to gauge each organization’s unique requirements, and then decide whether an internal team is needed or external experts would be more
Do read our forthcoming posts on other aspects of the debate on internal forensic teams and external experts for a more in-depth understanding of the challenges facing both.
Authored by: Sumit Makhija, Partner and Kavita Nathaniel, Senior Manager, Deloitte India