Building a Culture of Fraud Awareness in Finance

August 13, 2025

Fraud prevention isn’t just a policy, it’s a mindset. And in Accounts Payable and Accounts Receivable, where money moves fast and pressure runs high, culture is everything.

In this powerful episode, fraud expert Paul Zikmund breaks down what it really takes to build a culture of fraud awareness in finance. From real-world red flags to leadership blind spots, he explains why checklists and compliance alone won’t cut it, and how organizations can start shifting behaviors before a crisis hits.

Bonus: How to overcome the most common excuses for not prioritizing fraud culture—and what’s at stake if you don’t.

If you think your team is immune to fraud, this is the episode you can’t afford to miss.

Paul Zikmund

Paul E. Zikmund serves as SVP Chief Risk, Compliance & Information Security Officer at Berkadia. He is responsible for managing the company’s enterprise risk management program, ethics & compliance, internal audit function, information security, data privacy, and corporate investigations. Prior to his role at Berkadia, Paul served as a Director of Baker Tilly’s Global Fraud and Forensic Investigations, Compliance and Security Services practice where he was responsible for helping clients develop, assess and administer ethics and compliance programs, conduct global and cross-border fraud and misconduct investigations, including, bribery, corruption and compliance matters and manage risks related to ethics and compliance failures. Prior to that, Paul served as Deputy CCO & Vice President Global Security, Bunge in White Plains, NY where he was responsible for development and implementation of Bunge’s fraud, ethics, compliance and security risk management programs and controls designed to protect company assets, mitigate fraud and misconduct, ensure compliance with federal and state laws, protect company assets, and promote adherence to Bunge’s core values.

Paul managed and conducted investigations of compliance matters, fraud and ethics violations. Paul assisted with the development and implementation of tools and techniques to mitigate enterprise security, fraud & compliance risk, manages the company’s third party risk management program, and administers security, compliance training and awareness programs. Prior to joining Bunge, Paul worked as the Senior Director Forensic Audit at Tyco International in Princeton, NJ and the Director Litigation Support Services at Amper, Politziner, & Mattia, LLP, in Philadelphia, PA where he was responsible for developing, implementing, and administering fraud risk management services to Tyco and to clients. He possesses nearly 28 years of experience in this field and has effectively managed global compliance and forensic audit teams at various Fortune 500 companies.

Grace Chlosta
Senior Content Manager, IOFM

Grace is the Senior Content Manager at the Institute of Finance & Management (IOFM), where she has led content strategy and development since 2022. In this role, she oversees all aspects of IOFM’s digital and event-based content, ensuring it remains timely, relevant, and actionable for all financial operations professionals.

Grace manages IOFM’s robust library of site content, leads the organization’s editorial and member webinar programming, and hosts IOFM’s podcast series. She also oversees a team of subject matter experts who contribute thought leadership and educational articles. In additional, Grace curates and manages all speaker content for IOFM’s in-person and virtual events, ensuring consistency and quality across every touchpoint. With nearly three years in the role, Grace brings a deep understanding of the financial operations landscape and a passion for delivering content that empowers professionals to excel in their roles.

Subscribe Today

Listen below and subscribe on Apple Podcasts today.

Transcription

Grace Chlosta: Welcome to the IOFM podcast. This is a podcast for accounts payable and accounts receivable professionals who want to stay in the know with current AP and AR trends and ideas. We'll be interviewing professionals in this space on a wide variety of subjects, including automation, artificial intelligence, career growth, compliance, leadership, and much more.

Hey, Paul. How's it going?

00:00:33

Paul Zikmund: Good, Grace. How are you today?

Grace Chlosta: I'm doing good. We are on site at IOFM Spring. How has your time been? I know you're kind of a pro now. You've been to quite a few. But how is this one comparatively?

Paul Zikmund: Oh, it's fantastic. It's a great venue, wonderful hotel. The crowd at my session yesterday was fantastic, very participative.

Grace Chlosta: Awesome.

Paul Zikmund: So far, so good.

Grace Chlosta: Good. And what do you have left for the rest of the day?

Paul Zikmund: So I'm doing this podcast with you, and I've got a workshop this afternoon, an hour and a half workshop, on some advanced techniques on AP and AR fraud detection and prevention.

Grace Chlosta: Amazing. Well, a very important topic, as always. So we're here to talk about fraud today and creating like a culture around fraud awareness at your company. So tell me a little bit about how to set the tone. What is the difference between really having the policies in place, but then creating a culture that understands the fraud, as a background?

00:01:23

Paul Zikmund: Yeah, it's a great question, and in my sessions we talk a lot about culture because if you have all of the policies and the processes and the procedures in place, but you don't have the right culture, many times they're meaningless. So just beyond what's written in a policy or what's written in a procedure is you look at the holistic view. We look at detection. We look at deterrents. We look at prevention. We look at investigation and response.

00:01:52

When you think about culture around that, it all really starts at the top, so how interested and supportive are the leaders within the company? Are they giving you the resources? Are they giving you the budget? Are they supporting training, and are they supporting internal awareness around the topic?

Grace Chlosta: Yeah, that's great. I mean, I guess, how do you even start that conversation? How do you get leadership to become invested, without feeling like a burden or that you're asking too much?

Paul Zikmund: Yeah, in my experience, leadership gets very interested when they need to manage a risk, and so I think one of the first things that we can do -- and we talked about this yesterday at the session -- is the overall risk assessment around AP and AR. Just what are our risks? How are they being mitigated? How are they being managed? Are we within our risk appetite for preventing and detecting fraud? So when you highlight the risk to them and explain to them where there's opportunity to mature your program, that generally gets their interest.

Grace Chlosta: I would hope so, right? I feel like it's a very important topic, and I think that, yeah, [if] you go with the facts and why it's important, they would understand that.

Paul Zikmund: Absolutely.

00:02:59

Grace Chlosta: Talk to me about what happens when fraud awareness is a checklist you go through. You maybe do one course a year. It's just that you checked it off. Why is that not enough?

Paul Zikmund: Yeah, that's a great question. You could probably answer it yourself for the organizations that you've worked with, when you had to go in and take a 15-minute online training. You had to answer five questions at the end. Most of the time, you're multitasking when you're doing that, and so you're not retaining much. That really helps develop your idea around the overall culture within the company. Yeah, we care a little bit about this, but not that much. Just check the box. It's a lot more than that.

When you think about training and awareness, how often is it conducted? How is it conducted? Are there specialized courses, more relevant to people that work in AP and AR? Are they getting special types of training, more so than people that are working in sales or working in the assembly line at the plant? You really need to make the training bespoke to the role within the company, because each of the roles have different responsibilities.

00:04:04

Grace Chlosta: And where can they find those specialized trainings?

Paul Zikmund: Yeah, there are so many places to get those trainings. IOFM is one. IOFM offers an abundance of training around fraud, but also around AP and AR best practices. I think it's not just learning about fraud awareness; it's all about learning about best practices. And what should companies have in place around best practices for processes and procedures in these areas? If you have best practices in place, by default you're really minimizing the risk of fraud.

Grace Chlosta: Absolutely. So what would you say -- you look at an AP organization. What are some characteristics that really show that they are on their game, they're fraud aware, [and] they're doing the best they can? And then what are some that would show holes, good and bad?

00:04:51

Paul Zikmund: Yeah, I mean, when I look at just sort of the holistic view of AP, I look at the experience of the individuals I'm working with. I look at: Are they following best practices? Do they have segregations of duties? Are they leveraging technology for better efficiencies and better fraud prevention and deterrence as well? And I think a lot of AP departments are getting there, but I still see some opportunity for improvement. Are they getting the training? Are they engaged with internal audit? Are they engaged with their enterprise risk management teams to learn more about progress, learn more about best practices and what they can do to help reduce the risk? Are they working with departments like legal and HR and learning more about what's happening within the company, maybe from a misconduct perspective?

00:05:40

I've investigated probably thousands of fraud cases in my career, and a number of them did involve AP and AR. So are you sharing lessons learned with the AP department and with the AR folks to better prep them to minimize the risk?

Grace Chlosta: Yeah, absolutely. Also, I feel like I hear from so many folks [that] AP managers have been in their careers for 20+ years, right? Some folks are really set in their ways, whether that be leadership or people on your actual team. "We don't have time. We've never had an issue before." Why is it not okay? You're waiting for something to happen, right? You need to be proactive I order to not have a fraud occur, right?

Paul Zikmund: That's right. Absolutely. You need to be proactive. Unfortunately, when you look at the way a lot of folks are -- their performance is assessed, it's based on volume. It's based on speed. It's based on efficiency. It's based on reduction in error rates.

And so the same things that we're being assessed on from a performance perspective are, in some ways, Grace, contradicting to what we can do to better detect fraud. We have to get things done quickly. We have to make sure we're not making any errors.

00:06:48

And when we're working in that environment, sometimes we overlook those little red flags that we probably should stop and pause for a moment and say, "Hey, maybe we have an issue here. I might want to take a further look."

Grace Chlosta: Right. And people are so busy that it's very easy to miss those red flags, or just wipe 'em off and say, "Okay, well, we'll deal with it later." And then "later" comes, and it's not a good scenario.

Paul Zikmund: And it's too late.

Grace Chlosta: And I feel like, thinking about doing these specialized trainings, changing the way that you've been doing things for a long time takes a lot of change management. How do you handle that as a department lead, to gear your team up to really change the way that they're thinking about things, and catch those red flags before they become a problem?

Paul Zikmund: Yeah, I think a lot of it is around just education -- so educating your department on, "Hey, look. Times have changed. Things have changed. You look at technology, you look at AI, you look at the way payments are being made -- it's not just cash and check; it's wire, it's ACH, it's virtual cards, it's gift cards. I mean, you name it.

00:07:48

The methods of payments these days are just so vast that it's hard to keep up with all of the risk. So sometimes it's good to just sort of take a pause. I've been successful in conducting some workshops with AP departments, where you sit down and you say, "Okay, let's assess our environment. Let's talk about the risk within our environment. What are we doing to mitigate that, and where might we have some opportunities to improve?"

Grace Chlosta: Right, absolutely. So it's kind of taking that pause, taking a step back and seeing what you can do. I always like to, not leave it, but…

00:08:21

As we close, what are some things that people could do today to start to build and foster this culture?

Paul Zikmund: Well, we talk about a few, right? We talk about getting leadership's involvement and support. We talked about leveraging training and awareness -- not only just generalized training, but training that's more bespoke to AP and AR. The risk assessment is key. You really need to think about who within your company can conduct an effective risk assessment -- a fraud risk assessment, not just a general enterprise risk, because I get a lot of feedback from folks that, "Well, we have an ERM department." But are they focused on fraud? Because it's a very specific type of risk within a company, and you have to have the risk subject matter expertise to do that. So it's that as well.

00:09:08

It's also looking at not only your policies: Do you have the right ones in place? Are they comprehensive enough? But, are they being followed? That's where a lot of companies fall down. "We have this great policy, but, oh, by the way, we have some exceptions. Once in a while…and that's okay." It shouldn't be. If you have many, many exceptions, then you really don't have a policy.

And then a couple additional things that you can think about is bringing internal audit in and doing a forensic audit of the department, so actually having them do a deep dive to go and look at some of your payment history, some of your vendor management capabilities, to see if there are any examples of potential red flags for fraud.

00:09:49

And then, certainly, leveraging technology. It's a little intimidating in today's world. Everybody talks about AI. I think those two letters are misused and misunderstood more than anything else.

Grace Chlosta: Right. It's almost the fear factor.

Paul Zikmund: It's the fear factor, right? You don't have to have a large language model or deep learning or gen AI to find fraud. Certainly, there are opportunities to do that.

And then I think one of the last things to think about is being transparent, right? More communication within the company, more transparency around things that are happening, because that builds awareness. It also builds a lot of knowledge.

Grace Chlosta: I completely agree. Really great advice. We also -- you talked about risk assessment. We had a great podcast, a couple weeks ago now, all about risk assessment. You did a fantastic whitepaper for us on the subject, so if folks are hearing that and they're thinking, "Okay, that's a place I can start," listen to that episode, and also look at the whitepaper on IOFM, I would say.

00:10:40

Paul Zikmund: Great idea.

Grace Chlosta: Well, thank you so much, Paul. Always a pleasure. I hope you have a great rest of your day today.

Paul Zikmund: You, as well. I enjoy seeing you at the conference and look forward to seeing you in Vegas.

Grace Chlosta: Yes, me, too. Thank you.

Thank you so much for listening to the IOFM podcast. Remember to head on over to the Member Forum to discuss today's episode and provide ideas for our next one. And to stay up to date on IOFM's current events, both in-person and virtually, head on over to IOFM.com.

Continuing Education Credits available:

Receive 1 CEU per hour of listening time towards IOFM programs:

Receive 1 CEU per hour of listening time towards maintaining any AP and P2P related program through IOFM! These programs are designed to establish standards for the profession and recognize accounts payable and procure-to-pay professionals who, by possessing related work experience and passing a comprehensive exam, have met stringent requirements for mastering the financial operations body of knowledge.