Practical Tactics to Fight Fraud: Chapter 3

Building a Culture to Prevent Fraud

David Miller: Alright, welcome back to Fraud Examination. I’m David Miller, and I’m here again with Maya Collins. Hey Maya, ready to dig into fraud-fighting tactics?

Maya Collins: Absolutely! And, before we get started, if anyone missed last week, we went deep on the whole “Fraud Triangle.” Today’s kinda the next logical step, right? Once you know why fraud happens, you gotta figure out what to actually do about it.

David Miller: Exactly. And, honestly, after years in compliance, the biggest bang for your buck is always prevention. I know that sounds a bit “apple pie,” but it’s true—prevention’s more cost-effective than chasing down fraud after it happens. And you avoid all that embarrassment and legal mess, for everyone involved.

Maya Collins: Yeah, and “cost-effective” is huge. Like, the authors point out, you actually can’t ever fully stop fraud, but if organizations build a culture of honesty and high ethics, you seriously cut down on how often it happens. So, what’s that mean in practice? There’s, like, five pieces to this, right?

David Miller: That’s right. It all starts with management—what they call the “tone at the top.” If the folks in charge cut corners or bend the rules, you better believe the rest of the company’s gonna take notice and follow. Gotta lead by example, always.

Maya Collins: It’s a little wild how often those leadership failures make headlines. I mean, employees notice if upper management is shady or just doesn’t care. And then, you end up with that “swing group”—the folks who maybe don’t have a strong compass outside work, so they follow whatever’s normal at the office.

David Miller: And hiring. Gotta say, in the Midwest, I’ve seen some doozies. There was this company—manufacturing, good folks—but they dodged a major scandal just because they happened to have solid ethics training in onboarding. They’d had a close call, but they caught a manager fudging numbers before it turned into a serious issue. Wouldn’t have happened if their hiring didn’t focus on, you know, actually checking references, asking the right questions, that kind of thing.

Maya Collins: Right—because if you’re not careful with hiring, you get situations like that PCA fraud. Remember that example? They hired someone who seemed squeaky clean, but the guy’s entire resume was fake—he’d already embezzled from someplace else! All because they didn’t dig deep on the background checks or really test for honesty. That cost them nearly a million bucks and a ton of reputation damage.

David Miller: You nailed it. And, beyond hiring, it’s about making expectations loud and clear—codes of conduct, actual fraud training, periodic reminders. None of this “write it once and forget it.” I think I saw somewhere that compliance training should involve both “what” and “why”—set the bar, show what happens if you cross it, and check in regularly. And the Sarbanes-Oxley Act actually makes some parts of that mandatory, at least for public companies.

Maya Collins: Absolutely. The best organizations don’t just teach the rules—they create a positive work environment too. Like, people commit fraud less when they feel respected and motivated. If management’s distant, pay is low, people never get recognized, that’s when trouble starts. It’s not just, “don’t steal,” it’s, “here’s why you want to stay and help this place succeed.”

David Miller: Right. And—the last piece—you also need an actual, clear policy on what happens when fraud does occur. Not just for optics, but because it shows people you’re serious about following through. If there’s no consequence, folks are gonna talk.

Maya Collins: Totally. And, building on past episodes, everything starts with prevention, but you gotta back it up, or all those policies are just for show. Otherwise companies end up in the Mark-X situation—big losses, public embarrassment, and a board that’s angry they got blindsided. Better to get ahead of it than try to clean up the mess after.

Detecting Fraud and Red Flags

Maya Collins: So, suppose prevention isn’t perfect—because it never is—then it’s all about catching fraud early. Early detection is, like, the next most cost-effective line of defense. If you spot it quick, the losses are smaller, and you avoid full-scale disaster.

David Miller: Yep. One thing that’s easy to mix up: “detection” isn’t the same as “investigation.” Detection’s finding those symptoms—the red flags—and figuring out where to look closer. Investigation comes after, if you think you’ve really got something to chase down.

Maya Collins: Exactly. And, for detection, you’ve got a couple of tools. First, proactive stuff like whistleblower hotlines—one of my favorite topics. With Sarbanes-Oxley, public companies have to have these now, but honestly, every company benefits. They let employees speak up anonymously, so you don’t get punished for flagging something sketchy. It’s not foolproof, though.

David Miller: No, it isn’t. You can get hoax reports, or angry folks just trying to get someone in trouble. But I’ll take some false alarms over missing the real deal any day. Data analytics is also getting huge—you can comb through truckloads of transactions for weird trends or “red flags” that just don’t fit. The more automated you get, especially in big companies, the quicker you can spot what the old paper-and-pencil audits used to miss.

Maya Collins: Honestly, setting up my first real fraud hotline was an adventure. We thought people would only use it for the “big stuff.” But the range of tips was kinda hilarious—sure, there were some really solid leads, but also “someone ate my yogurt from the fridge.” Not kidding. But you learn quickly which ones to flag for closer review and which ones…well, not so much.

David Miller: I love that. And, it comes back to what we covered before—most fraud isn’t actually caught by external consultants or fancy audits. It’s coworkers and supervisors, people with eyes on the ground. When leadership actually encourages employees to speak up and protects them when they do, you get that whole organization working together to spot fraud early.

Maya Collins: And the earlier you spot the problem, the less painful (and expensive) everything is. Otherwise, you’re letting that little leak become a waterfall. And not to keep bringing up the Fraud Triangle, but you need those early warning systems, because people in that “swing group” from our last chapter can go either way—they’re responsive to what’s normal and whether people are paying attention.

David Miller: That’s absolutely right. You know, there’s that saying: there’s no such thing as “small frauds” — only big ones caught early. Detection’s your shot at stopping the scam before it snowballs, and prevention and detection just work better together.

Investigation and Legal Action

David Miller: So, let’s say you detect fraud—then you’ve got to investigate. But these investigations are expensive and sensitive, and—they don’t always end in dramatic court scenes like TV makes it look. Often, the hardest part is making sure you don’t jump to conclusions or ruin innocent people’s reputations.

Maya Collins: Yeah, and people sometimes forget how complicated the evidence piece is. There’s testimonial stuff—like interviews and honesty tests; documentary stuff from records and computers; physical evidence, like, fingerprints or even stolen goods; and personal stuff the team observes directly. Investigators have to corroborate everything and protect confidentiality—it can get really messy.

David Miller: You have to walk a fine line—keeping it all under wraps, making sure only the folks who need to know are involved. I always tell organizations, move slow and steady. Once you have “predication”—basically a legit reason to suspect fraud—you start digging in, but you can’t let the accused know too soon, or you risk evidence being destroyed, or worse.

Maya Collins: And at the end of it all, organizations face real choices. Sometimes, weirdly, there’s just… no action. More often, it’s civil—like lawsuits for recovery—or criminal, when law enforcement gets involved. But less than half of cases ever even get that far, which blows a lot of people’s minds. Companies sometimes hope the issue will quietly disappear, either to save face or avoid expensive legal fights.

David Miller: But that silence can backfire. Years ago, there was this Midwest logistics company—they uncovered fraud, but decided not to prosecute, thinking it’d protect their reputation. Six months later… same problem, different people. All because folks saw there weren’t any real consequences. I get wanting to avoid a scene, but prosecuting—when you can—sends a message that fraud isn’t tolerated. That’s the only way you really protect your organization in the long run.

Maya Collins: Exactly. It’s about balancing business risks with setting ethical expectations. If you do go the legal route, civil suits are usually for perpetrators with deep pockets, or for outside vendors, not so much day-to-day employees. Criminal prosecution? That’s tough to actually pull off—“beyond a reasonable doubt”—but sometimes it’s worth it for the bigger picture.

David Miller: So, to wrap it up—prevention’s the best weapon, detection comes next, and when fraud does hit, you want careful investigation and a strong but sensible response. That’s the real-world cycle. And if you think “oh, fraud will never happen here,” well, that’s how it sneaks in the back door.

Maya Collins: Perfect summary, David. And there’s still so much more we can dive into, especially around handling whistleblowers and what happens when the legal side gets extra complicated—so stay tuned for future episodes. Thanks for joining us today. David, always a pleasure!

David Miller: Always great talking with you, Maya. Thanks to all our listeners, keep asking questions, and we’ll see you next time on Fraud Examination. Take care!