Fraud is a growing concern, particularly for healthcare organizations that serve vulnerable populations. According to the 2024 ACFE Global Fraud Report, 1,921 cases of fraud across 138 countries led to over $3.1 billion in reported losses. Alarmingly, organizations are estimated to lose around 5% of their revenue to fraud each year. As healthcare CFOs, it’s crucial to take proactive measures to safeguard your organization and clients from these risks.
Understanding Fraud
Fraud manifests in various forms, primarily as asset misappropriation (89% of the time), corruption (46%) and financial statement fraud (4%). However, relying solely on external audits to detect fraud is not enough. It’s time to adopt a more comprehensive approach. Here are seven practical steps healthcare CFOs can take to mitigate fraud risks.
-
Establish a Clear Path for Anonymous Reporting
Detection is one of the most critical steps in combating fraud. The 2024 report shows that 43% of fraud cases were uncovered through tips, with over half coming from employees and about one-third from vendors or customers. Providing accessible reporting mechanisms—such as email, web-based platforms, and phone hotlines—can make it easier for individuals to report suspected fraud. With email and web-based reports now surpassing telephone hotlines, it’s essential to ensure multiple reporting channels are available and well-communicated.
-
Evaluate and Strengthen Internal Audit Functions
A robust internal audit function is essential for identifying vulnerabilities within your organization. Key aspects to consider, per the Institute of Internal Auditors, include:
- Staying up to date on professional and industry standards
- Maintaining independence from board and management influence
- Operating within a clearly defined scope of work
- Regularly assessing the control environment
- Ensuring compliance with regulatory standards
- Communicating audit results to relevant stakeholders
- Requesting periodic external assessments to maintain objectivity and improve effectiveness
By strengthening your internal audit function, you can ensure that your organization remains vigilant in detecting fraud early on.
-
Enforce Regular Management Reviews
Healthcare organizations must ensure that management is actively involved in monitoring processes at all levels. This includes implementing written policies and procedures across key functions like treasury, payroll, billing, disbursements, and accounting. Management should review and sign off on key processes using forms or checklists, with meaningful consequences for inappropriate approvals. This level of oversight ensures that potential fraud does not slip through the cracks.
-
Tighten Documentation and Reconciliation Procedures
One of the easiest ways to prevent fraud is to implement strict documentation and reconciliation processes. This includes:
- Segregating duties across teams to avoid conflicts of interest
- Ensuring systems are in place for proper maintenance of financial records
- Providing accessible policies and procedures for reference
By enforcing these practices, you create multiple layers of accountability, making it harder for fraud to occur unnoticed.
-
Develop and Communicate an Anti-Fraud Policy
A well-developed anti-fraud policy serves as both a deterrent and a tool for preventing fraud. Effective policies should include surveillance and monitoring measures such as cameras or software and set a tone of zero tolerance by committing to report fraudulent activity to law enforcement. Annual anti-fraud training, accompanied by signed acknowledgments, further strengthens your organization’s defenses. Data shows that organizations without fraud awareness training are at risk of losing twice as much to fraud, and employees who receive training are twice as likely to report suspicious activity.
-
Partner with HR to Identify and Reduce Risk Factors
Fraud prevention is not just about policies and audits—understanding the human side of fraud is equally important. While background checks are a good start, they are not enough. HR can play a key role in identifying risk factors by conducting employee surveys, monitoring workplace pressures, and using personality tests or behavioral assessments. A healthy organizational culture, where a tone of integrity is set from the top, can often be the most effective deterrent against fraud. Common behavioral red flags include living beyond one’s means, facing financial difficulties, or unusually close relationships with vendors or customers. However, keep in mind that fraud can still occur without any obvious red flags.
-
Review Fraud Risk Annually at the Board Level
Fraud prevention should be an ongoing effort. Each year, your board and executive team should perform a formal risk assessment, asking key questions such as:
- Are our controls effective?
- Can we strengthen them?
- Are our policies and procedures still relevant?
By reviewing and updating your risk management strategy annually, you ensure that your organization stays ahead of emerging fraud risks.
How The Bonadio Group Can Help
Fraud is an ever-present threat, especially in sectors like healthcare that serve vulnerable populations. By taking a proactive and comprehensive approach, CFOs can protect their organizations and clients from fraud and maintain the integrity of their financial systems.
At TBG, we offer a variety of services to help healthcare organizations manage fraud risks, including:
- Risk management policies and procedures
- Fraud risk assessments
- Anti-fraud policy and training programs
- Fraud tip hotlines
- Fraud investigation services
- FraudFindr, a tool designed to help organizations detect illegal transfers in Medicaid applications and identify fraudulent activity in patient accounts
If you need further guidance or have any questions on this topic, we are here to help. Please do not hesitate to reach out to discuss your specific situation.
This material has been prepared for general, informational purposes only and is not intended to provide, and should not be relied on for, tax, legal or accounting advice. Should you require any such advice, please contact us directly. The information contained herein does not create, and your review or use of the information does not constitute, an accountant-client relationship.
