Below is an article which appeared in the July/August 2003 issue of Business Digest, a now defunct Harare publication.


In the March/April issue of this journal, we carried an article by Caleb Mutsumba on ‘Fraud At Your Workplace’. This outlined the common problems of theft and false accounting and referred to the importance of developing a contingency plan to implement when fraud is detected.

In this article, Caleb Mutsumba gives specific guidance on developing such a plan.

In terms of our Companies Act (Chapter 24:03 of the Statute Law, Section 140), it is the responsibility of management to establish and maintain an adequate internal control structure and procedures for financial reporting.

In the new Sarbanes-Oxley Act of 2002, the USA goes one step further than this statement of the obvious when it stipulates that management should report on the company’s internal controls, and the auditor should give an opinion on the effectiveness of those controls.

The grave risks posed by occupational fraud – reflecting adversely on management – can be greatly mitigated by a well-thought-out company policy on fraud and an operational Fraud Response & Contingency Plan.

A ‘policy’ may be regarded as providing standing answers to recurring questions.

The two purposes of a Fraud Policy are to –
 provide an outline as to what may constitute fraud, and
 detail procedures to be followed where fraud is suspected or discovered.

A fraud policy also reduces the moral burden of one employee reporting on a fellow employee (‘dobbing’, in the slang term). Because it usually makes it clear that not informing management about possible fraudulent activities may lead to a drawing of negative inferences against the employee-in-the-know, such a policy makes it easier for employees to, to ‘blow the whistle’ on wrong-doing – from which is derived the term ‘whistle-blowing’.

Where an organisation has an ‘Ethics Policy’, the expected behaviour regarding reporting fraudulent activities may be incorporated therein. Alternatively, the obligation to report where fraud is suspected or discovered – and the procedures to be followed by various parties – may be crafted into a composite policy document known as a Fraud Response & Contingency Plan.

When a fraud is discovered, there is a need for clear, prompt and appropriate action. Yet, if managers have not experienced the situation before, the existence of a Fraud Response & Contingency Plan increases the likelihood that the crisis will be managed effectively.

Individual Responsibilities
A Fraud Response & Contingency Plan should spell out officials’ responsibilities regarding various procedures, as follows.

  • The official from the management team who is responsible for the preliminary investigation.
  • Depending on the outcome of the preliminary investigation, there may be a need to involve independent investigators to perform a thorough investigation.
  • Other designated personnel in the organisation who should be informed immediately if a fraud is detected or suspected.
  • Who should decide when and which lawyers and/or forensic auditors should be instructed, and who should liaise with them.
  • Who should decide on the involvement of the police and/or regulators, and who should liaise with them.
  • What steps will be followed and actions taken after the investigation is referred to the police and/or regulatory agencies.

Dealing with employees suspected of fraud

The Contingency Plan should –

  • Specify that the suspected fraudster should have no rights of physical access to company buildings – or to clients (see Footnote 1  below).
  • Emphasise that the investigation team should not allow the suspect to have unsupervised access to company records or computer equipment during the investigation (see below – Where Computers are involved).
  • Specify that procedures followed will be fair – e.g. the employee will be provided with an opportunity to answer allegations (see Footnote 2)
  • Emphasise that management needs to be fully aware of legal termination procedures. Take legal advice as necessary.
  • • Mention the need to consider consultation with union/workers representatives, where appropriate.

Interviewing the suspect

The Contingency Plan should state that where lawyers and/or the police indicate that the company should interview the suspect –

  • The requirements of the disciplinary legal process have been considered and balanced.
  • The interview is held by a senior member of staff with a note-taker.
  • Detailed notes of all conversations and meetings held with the suspected fraudster are made, as these notes may be used for prosecution purposes (see Footnote 3).

Collecting and handling evidence

The Plan should outline steps to follow in collecting and handling evidence –

  • Collect all related original documents from the premises and from external sources (e.g. banks).
  • Record from whom, from where and when the document was collected (include date & time, so as to make a clear ‘audit trail’).
  • Take care not to ‘contaminate’ evidence, as it may be needed for evidence purposes. For example –

 Do not mark any of the original documents
 Limit the number of times the documents are handled.

Where Computers are involved

  • Obtain details of all the suspect’s passwords and computer rights.
  • Freeze the suspect’s IT network and remote access until the investigation has reached a conclusion.
  • Do not turn off the suspect’s computer, as important and vital information may be lost.
  • Contact an independent specialist for help, as necessary.

Communicating to staff

  • Keep as much information as possible confidential. In the early days of an investigation, it is often not possible to identify all those who may be involved.
  • Ensure that a consistent message in line with the press release (see below – Publicity) is issued to staff still at work.
  • Remind staff of the confidentiality clause within their employment contracts, to try and restrict additional details of the story being leaked outside the workplace.


  • Inform the designated press officer of the suspected fraud at the earliest opportunity.
  • Agree on a statement that can be used when necessary.
  • Ensure that all calls received by employees about the suspected fraud are routed to the press officer.

Contact Numbers

The contingency plan should record contact details for those involved in operating the plan, such as appropriate board members  and  third parties who may have to be contacted, including:

  • Police
  • Lawyers
  • Forensic Auditors/Accountants
  • Auditors
  • Insurers
  • Regulators.

Professional Forensic Services

I hope this brief outline shows that it is vital to have a contingency plan laying down quick and effective steps to be taken when fraud is detected. Professional fraud examiners, such as 5wh Forensic Services, besides investigating fraud, assist businesses to outline strategies to minimise the risk of fraud. These include assistance with crafting and operationalising effective fraud policies and contingency plans.

© Caleb Mutsumba


Footnote 1

Preventing physical access to company premises necessitates suspending the employee from duty. New Termination of Employment Regulations contained in Statutory Instrument 130 of 2003 gazetted on 23rd May 2003 provide for ‘summary suspension without pay … where an employer has good cause to believe that an employee is guilty of any of the conduct mentioned in paragraph (b) of subsection (2) of section 12B of the Labour Act’. Section 12B(2)(iv) of the Labour Act refers to ‘theft or fraud’.

What constitutes ‘good cause’? You just need a reasonable basis for believing that the employee has a case to answer – you do not need to be able to prove him guilty before suspending him. His guilt or innocence – on a balance of probabilities – will have to be established at the Disciplinary Hearing that you need to carry out after the investigation. Note that in terms of labour law you will need to hold an internal hearing to regularise dismissal, even where the police prosecute successfully and the employee is found guilty in criminal court. Until you formally terminate his employment, and have a written record of evidence proving his guilt, he remains employed by you.

Footnote 2

Section 101 of the Labour Act deals with Codes of Conduct and 101(3)(e)& (f) spells out the rights of an accused employee to –
 Be notified that disciplinary proceedings are to be commenced against him in terms of a                specific breach of the Employment Code (or Section 12B(iv) of the Labour Act if there is no            company Code or National Employment Council Code in existence)
 Be given the opportunity to answer allegations at a hearing.

Footnote 3

When you hold your own internal Disciplinary Hearing –regardless of whether you call in the police – note that :–
 It is easier to prove ‘guilt’ in an internal administrative hearing than in a criminal court.
This is because the ‘burden of proof’ in a Disciplinary Hearing requires only that you prove            the employee to be guilty on a balance of probabilities, rather than on the more strenuous            basis of beyond reasonable doubt.
How do you do this? Labour consultant George Makings advises the Hearing Officer or Committee to –
 list in one column on a sheet of paper the strong evidence presented against the suspected            fraudster (and then the weak evidence).
 In the neighbouring column, then list the strong (and weak) defences the employee                           presented in denying the allegations.
 Appraise the columns – and decide ‘on the balance of probabilities’ whether the employee is        guilty of fraud.

 The Labour Act [Section 101(3)(g)] states ‘a written record or summary (must) be made of             any proceedings or decisions taken in terms of the employment code’. This would obviously         also apply if you proceed in terms of Section 12B, where there is no employment code of                 conduct. The reason for having a written record is that appeals against decisions are often             done on the written record of the hearing, not by means of a new hearing.

The above material is from George Makings’ 2003 Commentary on the New Labour Act.


What do you think? What strategies do you, or your company, use to manage the risk of fraud and error in your organisation? Are you primarily proactive or reactive in your approach to risk management? Share your experience in the Comment box below.

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s