Anti-Fraud Controls – Building Layers of Protection

Why Controls Are the Core of Fraud Defence

Controls are the organization’s first and last line of defence against fraud. A strong fraud risk strategy doesn’t just depend on one type of control, it relies on multiple control types working together to:

Prevent fraudulent acts

Detect them early

Correct weaknesses before they recur

Types of Anti-Fraud Controls

1. Preventive Controls – Stop fraud before it happens

   Examples:

   • Segregation of duties (no one person controls a full transaction flow)
   • Maker-checker approvals
   • Access restrictions in ERP systems
   • Vendor due diligence and blacklist checks
   • Delegation of Authority (DoA) frameworks
2. Detective Controls – Identify fraud after it has occurred

   Examples:

   • Exception reports and trend analysis
   • Monthly reconciliations
   • Internal audit spot checks
   • Surprise cash counts or inventory audits
   • Whistleblower tips
3. Corrective Controls – Fix the gaps that allowed fraud to occur

Examples:

• Updating policies/SOPs after fraud is detected
• Revoking system access for terminated employees
• Enhancing ERP controls or automating manual checks
• Conducting fraud awareness workshops after incidents

Layered Control Example – Vendor Payment Process

UAE Context: Regulatory Expectations on Controls

• SCA Governance Code requires PJSCs to establish internal control systems and fraud reporting mechanisms
• CBUAE mandates strong preventive controls across payment processes, IT access, and outsourcing in financial institutions and insurers
• AML Law requires documented transaction monitoring, audit trails, and escalation protocols
• Corporate Tax Law necessitates secure financial recordkeeping and evidence-based reporting—where preventive and detective controls become key

Common Gaps in Anti-Fraud Controls

Over-reliance on manual approvals

Lack of documented DoA or outdated approval matrices

Inadequate monitoring of ERP access logs

Ignoring system override logs and audit trail reviews

Failure to act on audit or whistleblower findings

How Crowe Helps Strengthen Anti-Fraud Control Frameworks

We support clients by:

• Conducting anti-fraud control gap assessments
• Designing layered control frameworks by process and risk area
• Integrating fraud controls into SOPs, RCMs, and ERP workflows
• Training teams on red flag detection and control testing
• Supporting forensic response when controls fail

Coming Next Week:

Next week, we focus on Investigating and Responding to Suspected Fraud - from forensic evidence collection to structured reporting and recovery strategies.