Not every threat to a company comes from outside.

A Marsh webinar on fraud risk, prevention and response reportedthat there were 778 internal-fraud cases in 2012. The most commonschemes in the U.S. involve billing, making up three-fourths of thestatistic; corruption, which increased by three percent since 2010;and expense reimbursements.

In more than half of these cases, the embroiled companyphysically lost only $200,000 or less, but the real headachesurrounding fraud discovery comes from the ensuing private civilclaims, potential government investigations, criminal prosecutionsand bad publicity.

Having a strong ERM program in place, in which all departmentleaders understand their role in assisting management while keepingemployees calm and collected, will help prepare companies, saysTracy Gillis, leader of Marsh's Reputational Risk and CrisisManagement Practice.

She recounted an incident in which a client discovered a trailof internal fraud that had been occurring for years. As the FBIstormed the headquarters, removing significant records and filesbefore the eyes of the watchful media, the company realized it wasunprepared to respond to the negative publicity.

“When dealing with crises, it is critical to realize that assoon as you can see the potential damage that can impact thecompany and organize your response, the sooner you can positionyour company to manage it,” Gillis said.

She added that it is important to stick to the internal plan andnot be distracted by disruptive forces like social media, which shesaid is a good indicator of the public knowledge of the situation,but it is only one of many avenues for the spread ofinformation.

Usually, fraud is detected by an employee tip-off, or is caughtduring a management review or following an internal audit. If anyof these potentialities applies, or even a “gut” feeling by anexperienced executive, the first step is to conduct a prompt andthorough self-investigation.

“An internal-audit investigation is like an insurance policy”for a company, said Paul Mastrocola, Business Litigation partner atBurns & Levinson LLP, during the webinar. Its goals are todetermine the relevant facts of a fraud event, to gather andpreserve evidence, assess legal repercussions, and administercorrective action- before an outside authority does.

Also, being the first to report the incident to authorities “cantake the sting out of government investigations.”

Corrective actions should involve making amends with the“victims”, revising or implementing corporate-compliance programsand strengthening internal controls.

“Any corrective action must be tangible and real, and not forappearances — that would be counterproductive in the government'seyes,” Mastrocola said. These actions can include offeringemployees incentives to open up about their qualms.

“Often, an employee suspects that something is occurring butdoesn't want to get involved. In these cases, a little incentive,if it comes with several zeros after it, may help,” said JasonLelio, managing consultant with Marsh's Forensic Accounting andClaims Services Practice.

There are several fidelity and crime coverage options availableto protect insured from the loss of money, securities and inventoryresulting from employee dishonesty.

Crime coverage can include property theft, losses due to forgeryand electronic wire transfer fraud. The financial and commercialmarkets saw a flat to 5 percent increase of such lines in2012.

And no modern coverage is complete without a cyber policy,especially as a recent court decision may allow for the expandedcoverage of cyber losses under a fidelity bond.

Said Damian Brew, managing director of Marsh's FINPRO practice,“Having insurance coverage without cyber is like playing hockeywithout a goalie.”