Perform a Comprehensive Fraud Exposure Analysis
Position by position, department by department, ask the question "What could go wrong?" Develop offsetting prevention and early detection procedures for each risk identified. Then record and publicize the results in the form of a Fraud Risk Inventory.

Define acceptable (and unacceptable) behavior
Employees, vendors, csontractors and others all need to know what is allowed in daily behavior. And just as important, what is considered misconduct. Make sure vendors, contractors and other third parties know your restrictions on gifts and e ntertainment. Consider making your "Code of Conduct" part of any agreements with third parties and posting it to your website.

Fraud prevention and detection expectations should be stated and understood
Never assume that managers and employees know what you expect. Tell them. At an upcoming staff meeting, consider adding a discussion covering what you personally expect of others. Include your thoughts on risks, awareness, prevention, early detection and proper response. Cover anything that would fall under wrongdoing, misconduct and outright fraud.

Be aware of the example set by all leaders
For years the phrase "tone at the top" has been used to focus on the statements, business practices and personal behavior of executives and other senior management members. But remember, a "leader" includes anyone we look to for an indication of proper behavior. That includes everyone from factory floor supervisors right to the Board.

Codes of Conduct should require reporting of known violations
Most employee conduct statements and similar documents do a great job of raising awareness of acceptable and unacceptable behavior in a variety of situations. Periodic employee sign off is a good way to track awareness, and to minimize "I didn't know" situations. Consider adding a second sign-off whereby employees and managers acknowledge that they are not aware of violations by others.

Write and distribute a fraud policy
All organizations face the risk of wrongdoing and fraud. And to effectively manage these risks, everyone should know what their responsibilities are in this important area. An effective "Policy on Suspected Misconduct" is the perfect place to put these responsibilities in writing. Employees and managers will have a one-stop source explaining their role in deterrence, early detection and effective incident response.

Take action to fix identified weaknesses
Weakness at significant internal control points can surface in a number of ways. Managers and key controls employees are in the best position to notice. But internal and external auditors are looking as well. When weakness are found or surprises surface, take action. Everyone notices - and they will take action, too!

Identify, quantify and track losses
Few organizations have developed a complete list of their loss areas. Begin by listing areas where losses have occurred in the past. Then research these areas, and assign ranges of probable current loss levels. Normally, this list will total no less than one percent of revenue. If your list totals less than that amount - keep looking! Then, use that "scorecard" to track improvements over time.

Those who break the rules must believe they will be punished
The single most effective fraud deterrent is the belief that you will be caught and punished. Not just be permitted to go quietly away - people need to believe the authorities will be notified if fraud has occurred.

Sponsor prevention and detection skills training for employees and managers
Don't expect your team members to be able to handle fraud risks if you have never shown them how to do this. Sponsor awareness and training programs specifically addressing what employees need to be able to do to prevent, detect and handle fraud. Most employees have never been given the skill set needed to be effective in this area.

See that a Fraud Hotline is in place and trusted
In short, hotlines work! And while there have always been ways for those with knowledge of wrongdoing to come forward anonymously, why not make it easy. Put a hotline in place. Consider using a third party service for ease of implementation and ongoing support.