Considerations for building in-house fraud risk management teams: Expertise

In an era where technology is rapidly evolving, along with tighter regulations, stronger enforcement, and steeper sanctions, risks of fraud and non-compliance have become a reality for organizations. The implications of such events are either direct financial loss or reputational damage, and legal costs including fees, penalties, and settlements.

Broadly, organizations understand the urgent need to build a strong fraud risk management framework to effectively prevent, detect, and respond to fraud. There are, of course, various considerations in putting together such a framework, including infrastructure and costs, experience and expertise, independence, and ancillary support, that need to be examined in order to address all of the organization’s needs.

This series of blog posts will be exploring these issues, beginning with the question of whether such activity is best managed in-house, or whether it would prove more effective to have external experts build and manage it for the organization.

Expertise

Many organizations opt to build in-house forensic capabilities for fraud risk management and investigation of internal complaints and incidents. The role played by such dedicated teams—if adequately trained, equipped, and empowered—cannot be undermined. Working within the organization on a day-to-day basis means that the teams can develop deep insight into the functioning of the entity, business requirements and dependencies, pressure-points, and process and control weaknesses. Additionally, informal conversations and connections with other employees can help internal teams to sense possible concerns or threats that may need to be delved into.

There are, however, a few considerations that organizations should bear in mind when building internal teams, the first being limited exposure to diverse incidents of malfeasance, fraud, and non-compliance across the industry at large. Wider knowledge often remains largely theoretical due to lack of exposure, which may mean that teams may face difficulties due to lack of relevant experience in case a new kind of fraud is encountered.

The second consideration is with regard to developing expertise in using technology and tools effectively in investigations and fraud risk management. Organizations may not wish to invest in latest technology due to budgetary constraints or lack of understanding of its capabilities, or may be unable to adequately train their teams to utilize the tools available. This may result in suboptimal processes running at higher costs, and could lead to possibly insufficient mitigation frameworks or conclusions.

Another issue, faced particularly in global organizations, is the execution and applicability of fraud risk management and investigation methods across geographies. A centralized team may face practical challenges in understanding local customs, considerations, and language, which may be key to understanding and analyzing fraud scenarios in different regions.

External fraud risk experts, on the other hand, tend to overcome many of these challenges as they work across functions and sectors, thus gaining wider exposure. They become early adopters of the latest tools and technology, and build experienced global and local teams in order to better deal with a range of issues across geographies. Due to the nature of their work, they frequently assist clients deal with situations of litigation, regulatory enquiries, disputes, and other similar situations.

However, external consultants often face a different set of challenges. They may not be familiar with the internal dynamics and environment of the client organization, which may affect their ability to view the situation in context of the factors unique to the entity. External experts would also need to first obtain an understanding of the background, relevant processes and controls, and situational dynamics, before effectively responding to a fraud scenario that may lead to a delayed response.

In addition, seeing an external forensic expert is often unsettling for employees, who may become overly cautious about sharing information, thereby impeding the fraud management process. External consultants also typically agree upon a definitive mandate beforehand.

While there are advantages of both internal and external fraud risk management teams, both have their set of limitations. A ‘one size fits all’ approach cannot help organizations, as every entity has its own pain points and challenges. The key is to gauge each organization’s unique requirements, and then decide whether an internal team is needed or external experts would be more beneficial, or else find the right balance between the two.

Do read our forthcoming posts on other aspects of the debate on internal forensic teams and external experts for a more in-depth understanding of the challenges facing both.

If you have any comments/ views you would like to share, please write to us at inforensic@deloitte.com or on our Twitter channel.