Ernst & Young have released a 30 page Survey into Fraud Risk Mitigation in 13 European Countries (it is very slow to download, at least in my case).
The report discusses the need for anti-fraud controls such as a Code of Conduct, whisleblowers' hotline (plus suitable governance/control structures to protect whistleblowers from reprisals), awareness (going beyond simply signing the Code of Conduct) and others.
How E&Y came up with the list of controls used in the survey is not explained, but presumably reflects their prior experience (and hence potential prejudices) in the field. Section 4 and Figure 8, for example, state that most employees report fraud to their line managers. This in turn implies that managers should be given training and support in how to encourage and handle fraud reports by their staff.
I found the statistics on the incidence of fraud in section 6 very surprising. Only one in five respondents (described as "corporate management") acknowledged fraud in their companies in 2006, whereas I would expect the true incidence to be much closer to 100% ... depending on one's definition of fraud. Perhaps "fiddling" of expense claims and timesheets is not considered fraud by management? Or perhaps respondents were blissfully unaware of the extent of 'minor' fraud in their organizations? A survey of internal auditors would, I'm quite sure, have shown different results in this section.
The report's conclusion introduces a neat diagram summarizing anti-fraud controls:
It's a shame the report did not provide much information on the latter steps, particularly fraud incident response plans. Still, the report is well worth reading.