Fraud Management Guide for CISO and CIO 2018


Nowadays there is an immense evolution of Frauds in an organization. People think that Fraud only covers the submitting of false information, but this is untrue it covers much more than this. Managing of fraud in a correct direction is utmost important. Fraud Management framework for an organization is established to grow the development of controls that will aid in the detection and prevention of fraud. The formation of the Fraud guidelines sets the responsibility of every employees and management in relation to the reporting of fraud or suspected fraud within the organization.

Fraud Management guidelines should apply to any irregularity or suspected irregularity, involving employees as well as shareholders, consultants, vendors, contractors, outside agencies doing business with employees of such agencies or any other parties with a business relationship with the organization.

Areas cover under Fraud

Fraud is broadly defined as an intentional act to obtain an illegal advantage. Fraud shall include but is not limited to:

  1. Theft of assets.
  2. Misrepresentation of assets.
  3. Submitting the false bills for reimbursement.
  4. Accepting or offering a bribe
  5. Accepting gifts or any other favours under circumstances.
  6. Making false entries in the inventory of chart sheets.
  7. Intentionally creating false financial reports.
  8. Paying of excessive prices without proper justification.
  9. Providing the tenders to the vendor without proper vendor identification.
  10. Disclosure of companies confidential information to unauthorised users.

Investigation Responsibilities

Initially, Fraud reviewer shall review the report and confirm the category of the incident, post that the Investigation Department formed by the Fraud Management Committee. If the investigation substantiates that fraudulent activities have occurred, then the Investigation Department will issue reports to the members of Fraud Management Team. The decisions of proceeding or disposition of the case shall be with the Top management (company specific).

The Investigation Department treats all information received confidential and Restricted. Any employee who suspects dishonest or fraudulent activity shall notify the team immediately and should not attempt to personally conduct investigations. Investigation results should not be disclosed or discussed with anyone other than those who have a legitimate requirement. This is important in order to avoid damaging the reputations of persons suspected but subsequently found innocent of wrongful conduct and to protect the organization from civil liabilities.

Fraud Management Committee

The Fraud Management committee shall comprise of higher management of the organization, including the HR and Legal Heads.

  1. Fraud management Committee shall:
  2. Fairly conduct enquiry
  3. Shall not disclose the evidence to unauthorised people
  4. Maintain complete documentation of the proceedings

Fraud Management Reporting

An organization may adopt the below procedure for reporting the fraud in their organization. When the employee suspects that a fraud has occurred he/she should directly report it to the designated department/Phone number/Email ID. Person reporting should not directly contact the suspected in an effort to determine facts. If any employee suspects fraud and intentionally cover up, obstruct a fraud that they become aware of shall be considered as a victim and shall be treat as per the HR disciplinary process.

Investigation Team and Fraud Management Team have to take care while doing the investigation of suspected improprieties or irregularities so as to avoid mistaken accusations or alerting suspected individuals that an investigation is underway. An employee who discovers or suspects fraudulent activity shall call out on the following immediately. The employee or other complainants may remain anonymous. No information concerning the status of an investigation shall be given out.

The response to be given to any unknown or known parties (except the member of investigation department and Fraud management Team) can be: “I/we are/are not in the liberty to discuss these matters.”

Fraud Identification

Fraud Reviewer will review the evidence, reports and will confirm the category or the type of report if reported fraud actually covers under Fraud or not. If the complaint does not fall under the purview of Fraud Management policy then the same would be redirected to the right forum. For e.g. – If the complaint is related to harassment, same will be forwarded to the respective Committee and would be dealt as per harassment specific policy.

The Review then forwards the report to the Investigation Department. In case if the fraud is raised against the member of the Fraud Management Committee, the Disclosure will be managed by the remaining members of the Fraud Management Committee or committee to be replaced by a Top Management(as applicable).

Investigation and Reporting

The investigation team will conduct the investigation and will submit the report to Fraud Management team will all the evidence collected during the Investigation. Fraud Management team will review all the evidence and the suggested disciplinary action of investigation department. If the Investigation is clear the Fraud Management Committee will directly close the investigation and if the fraud is identified in the investigation, HR disciplinary actions will be taken against the employee.

Investigation Team shall derive their authority from Fraud Management Committee when acting within the course and scope of their investigation and are:

  1. Required to conduct a process towards fact-finding and analysis
  2. Apply principles of natural justice
  3. Make a finding as to whether, fraud or any other matter occurrence
  4. Submit their report to the Fraud Management Committee

Closure of Investigation

Outcomes can include any, or a combination, of the following:

  1. Disciplinary action (e.g., demotion, transfer, suspension, probation or dismissal)
  2. Official warnings that are noted on the perpetrator's personnel file
  3. Disciplinary action against the person who raised the Fraud, if there is strong evidence that the reporting was vexatious or malicious


If an investigation results in a recommendation to terminate an individual, the recommendation will be reviewed for approval by the designated representatives from Human Resources and the Legal Department before any such action is taken. The Investigation department does not have the authority to terminate an employee.

Fraud Management Workflow

Information Disposal

  1. All documented evidence, proceedings of the investigation shall be documented and handed over to the Legal department on completion of the proceedings
  2. All related documents shall be in the custody of the Legal department and shall be retained as per company data retention policy
  3. Access to these documents shall be restricted to Fraud Management Committee members and Legal department, any audit on this document and the requirement of showcasing of this evidence will be done post signing the NDA and in front of the fraud management Committee (Evidence sharing is not allowed).

The requirement under this Guide

  1. Fraud Investigation Team
  2. Fraud management Team
  3. List of members of the Top management committee
  4. Contact Number to report fraud
  5. Group Email ID for reporting fraud
  6. Non-disclosure agreement with the Audit Team
  7. Fraud Reviewer
  8. HR Disciplinary Process including Actions for Fraud