A successful and robust Anti-Fraud, Compliance, and Ethics Program has tremendous benefits to a company, including minimizing material theft, keeping policies and procedures up-to-date, and making minimal year-to-year program changes. Along the way, some companies' programs become less important as the attention to their programs falls which causes the benefits to the companies to decline.
What are the reasons these programs fail?
Lack of upper management support - without upper management support, lower management's annual compliance goals get minimized, and the necessary program updates are not made. This results in a less effective program that cannot effectively reduce fraud.
No direct impact to bottom line - although well-run programs offset fraud occurrences and minimize monetary losses, there's no number that shows the actual savings which impacts the "bottom line". Thus, a company may emphasize projects that positively impact the company's net profit ahead of their compliance program updates.
Middle management's focus on income/bonus - this is usually correlated to the company's annual profit, which can increase due to the addition of profitable projects (and less emphasis on the compliance program).
Disorganization - a program manager needs to oversee and optimize the program. Without organization and emphasis on ever-changing fraud risks and program changes, it's difficult to redeploy resources to effectively address fraud.
Outdated SOX (Sarbanes-Oxley) narratives - an ineffective program is one that does not update internal controls consistently. This can lead to both internal and external auditors relying and testing ineffective controls.
There is no shortcut to ensuring a strong Anti-Fraud, Compliance, and Ethics Program. At least annually, policies and procedures must be updated, risks must be reassessed, and effective controls must be implemented.