Fraud has rarely been out of the headlines in recent times as millions have been lost as a result of the activities of a small criminal element. It is tempting to think that it will always happen to someone else but fraud can strike anywhere and at any time. According to surveys by PwC and Ernst & Young on fraud affecting major companies:

• 70% of large firms in the UK have been the victims of economic crime in the past two years.
• The combined impact of the worst fraud suffered in one year by 739 respondents to an international survey was US$172 million, an average of more than US$230,000 for each company. Of this, only US$49 million had been recovered at the time of the survey.
• 82% of the worst frauds were committed by employees, almost one-third of whom were in management posts.

There are huge difficulties in measuring fraud. It is difficult to identify, it's often hard to distinguish from simple poor record-keeping and it regularly goes unreported. It also can have considerable social and psychological effects on businesses and individuals. When a fraud causes the collapse of a major company, a huge number of people can be affected. In addition to the firm's own staff, employees of suppliers can be hit by the loss of large orders and other creditors can suffer huge losses on loans.

While there are relatively few major frauds, massive sums are lost as a result of the large number of smaller-scale scams. Surveys have shown that most companies have experienced fraud at some level, and that many do not have formal processes in place to deter and detect it. In addition, the advent of the Internet and developments in e-communications present new challenges for existing systems and mean that employers must be even more watchful.

Any fraud prevention and control model should achieve the following main objectives:

• Deterrence
• Prevention
• Disruption
• Identification
• Facilitation of civil or criminal proceedings

The first objective must be to deter potential fraudsters from even trying any criminal activity. A scam is much less likely to occur if it seems that the rewards will be modest, that it will be detected or that the punishment will be severe. The main way to achieve this must be to establish a comprehensive control system that increases the likelihood of detection and raises the potential cost to the fraudsters.

There will be some individuals who are not deterred by the limited rewards of risk of detection and severe punishment. So a second objective must be to create an environment that, as far as possible, makes it impossible to commit fraud by offering no opportunities and making it extremely difficult to circumvent the system.

A good prevention strategy should also make life as hard for a fraudster as possible. It should keep them on the move and under pressure by having constant reviews (both planned and unannounced) and by upgrading systems.

An effective anti-fraud strategy will help you to identify high-risk activities and weaknesses in the control environment. It will also equip employees in all parts of the organisation to spot the warning signs. No system is completely watertight, but the losses can be minimised if a problem is detected at a sufficiently early stage.

Civil action to recover losses can be expensive and time-consuming. Criminal investigations can also unsettle an organisation. An effective strategy will limit your need to resort to costly civil proceedings or prolonged and disruptive police inquiries.

The exact details of a fraud prevention strategy will depend on the individual organisation, but it must meet certain key criteria if it is to work. First, fraud prevention needs to be seen as an integral part of the organisation's overall approach to risk management, with clear support from the top. Fraud is as much of a threat as changes in legislation, competitor action or inflation. Its overall effect must therefore be managed accordingly. Your strategy needs to be comprehensive and include a range of counter-measures.

Creating the right environment is the key to success. Your organisation's stance on ethical issues will underpin its approach to fraud and should be made clear in a code of business conduct emphasising the norms and values expected in daily activity. Both this and the organisation's policy on fraud should be promoted to employees, customers and suppliers. This will ensure that everybody knows what is expected of them. The environment must be one of sound, appropriate control where any necessary procedures, such as authorisation chains and security measures, are understood, documented and followed, with senior managers leading by example.

However well planned a strategy is, its successful implementation depends on the people in the organisation. All staff need to be aware of the risk of fraud and their role in preventing it. They need to be informed about the threats, including specific issues affecting their own unit or function. They should then be trained to identify these risks and respond to them.

An important part of the support given to employees is a clear policy on whistle-blowing, which encourages people to report suspicions, together with the establishment of a system, either internal or using a third party, that encourages them to speak up with the reassurance that they will be protected. Individuals with specific responsibilities must be clear about their role and given the support and training to fulfil it. The development of a fraud response plan reduces the likelihood of panic, ensures that everyone understands what is required of them, ensures that effective action is taken and can limit the damage.

Lastly, there needs to be a process of continuous review of all procedures relating to fraud prevention. This should include the monitoring of compliance with controls and of changes in the environment that may require shifts in strategy. It may be helpful to establish a group to review any failure, identify success and implement changes.

The threat of fraud will always exist. It will never be possible to eliminate the danger since many fraudsters are sufficiently determined to beat the systems put in place to stop them. Every organisation will fall victim to fraud at some time or other but those with an effective strategy are much less likely to suffer significant looses as a result than those without one. It has been said that there are three criteria that need to be met to reduce the risk of fraud: good ethics, good people and good systems. If every organisation were to take the steps outlined above, it would move us all a long way towards meeting these requirements - and the statistics on fraud in future could be very different from those that we see today.