Why Fraud Happens And What To Do About It
Corporate fraud is an ongoing reality. Studies show that most major companies report some form of fraud incident every two or three years. The typical direct loss is €1.5million, with additional costs of investigation, prosecution, management time and reputational damage, adding at least €500,000 to the total. Andrew Brown takes a look at how to minimise the risk of fraud in your organisation.
The current economic climate is likely to raise the risk of fraud. As individuals and companies suffer financially, more people may be tempted to cross the line of legality
and engage in fraud to maintain the lifestyles they had enjoyed during better times. Think of the current pressures that may be on individuals stagnant earnings, no bonuses, the possibility of job losses – all of these, and more, increase the likelihood of an individual to commit fraud.
FRAUD AND THE FINANCE DIRECTOR
When a fraud happens in an organisation, attention will focus on the finance function and the Finance Director in particular. Inevitably there will be questions about why it wasn’t spotted by the organisation’s internal and external control procedures. In addition it will be the Finance Director who is normally tasked with getting to the bottom of the problem, sorting out the mess and putting in place control improvements going forward.
The more that Finance Directors understand why fraud happens, the better we are able to deal with it. For fraud to occur three things need to be present - an opportunity, a motive and a justification – otherwise known as the Fraud Triangle.
Opportunities are created by poor internal controls and/or a lack of segregation of duties that allows one individual, or a small number of individuals in collusion, to override controls and gain access to company assets. It is often longer serving employees who are able to identify these opportunities because of their familiarity with the internal systems and control weaknesses.
Every employee would like more money, but most people do not steal. There is a hard core of individuals in society who have no conscience about theft - studies suggest this may amount to as much as 5% - thankfully the majority never find their way into the business sector. But as financial pressures increase on the other 95% of the population, some individuals may be tempted to take advantage of weaknesses which they have identified to help them deal with those pressures.
This is the least recognised area of the fraud triangle. People who would not normally commit a crime need to be able to justify their actions to themselves. Often, people will argue that the money they took was only intended as a loan and there was an intention to pay it back. It is also common to find that the individual is genuinely surprised to discover how much they have actually stolen: this can be explained by their psychological unwillingness to acknowledge their actions.
REDUCING FRAUD RISK –SOME SIMPLE STEPS
The risk of fraud can never be completely eliminated, but here are
10 simple steps which companies can take to significantly reduce fraud risk.
STEP1: Keep Fraudsters Out
Fraudsters target companies and you should make sure that your HR department is focusing on fraud risks when employing people. There have been cases where fraudsters have a previous history of theft but have falsified their CVs and references. Proper take-on procedures should be applied to all employees including consultants, agency, temporary and any outsourced functions which will have access to your assets, such as cleaning and security staff.
Step 2: Encourage tip offs
Fraud is often uncovered by a tip-off so you must do all you can to make this easier. Formal whistle-blowing facilities may be part of this but the reality is that a lot of people do not have enough confidence in them so there need to be other “softer” mechanisms in place. One example might be a confidential ethics survey which allows people to highlight areas of concern without having to specifically blame an individual. Organisations need to make sure that anyone with any concerns, be they employees, customers or suppliers, understands that they can raise them and they will be investigated quickly and effectively, whilst ensuring that the person accused is not prejudiced. Also review the operation of any formal whistle-blowing facility. If you aren’t getting any calls is it because you don’t have any fraud, or because people don’t know the facility exists?
Step 3: Segregation of duties
Almost every fraud we investigate results from a breakdown in the segregation of duties, most critically where the same person controls the cash and how it is accounted for. Review your pressure points and make sure you look at how things operate in reality, not in theory. Often controls which are supposed to operate can become stale over time, for example sharing of passwords. In smaller organisations it may be difficult to fully segregate responsibility but an alternative is to regularly reallocate responsibilities within the team. This is becoming very common in financial services trading operations where traders are required to take a regular ‘virtual holiday’ with someone else running their desk. Knowing that someone else is going to manage your area is a powerful disincentive. And don’t forget to enforce holiday leave. Fraudsters don’t like taking holidays as it means someone has the opportunity to sit at their desk.
Step 4: Corporate culture
Make your corporate policy on fraud clear and encourage an open working environment where people feel that their contribution is welcomed. It is well known that companies with high employee satisfaction levels suffer less fraud as people find it more difficult to justify theft to themselves.
Step 5: Procurement
Procurement fraud is often the most difficult to identify, but proper procurement procedures including regular tendering and independent reviews of procurement decisions will shine the spotlight on this area. Also check on how suppliers are taken on and closed off on the system. How easily could a payable account be set up by a fraudster in collusion with a supplier? Or are there lots of old supplier accounts which are no longer used but could be used to make payments to a fraudster?
Step 6: Follow the cash
Accounts can be manipulated, cash cannot. If profits are not being transformed into cash you need to dig into the balance sheet and understand the reasons why. Fraudsters will use little understood balance sheet accounts and reconciliations to hide their actions. Remember that a debit balance in a suspense account rarely turns out to be an asset!
Step 7: Focus on Distance
Fraud is easier to justify if you don’t have to face your victim on a daily basis. Subsidiaries or branches which are run as mini-empires with no head office oversight can give rise to problems.
Step 8: Ask Questions
The history of corporate fraud is full of examples of people who took advantage of management unwillingness to betray possible ignorance. If something doesn’t seem to make sense you should keep pressing for an answer and follow up on any explanations which are given.
Step 9: Build in Surprise
Fraudsters like to control and manage their environment. They don’t like disruption to their schedules like holidays, unexpected visits or questions. It therefore makes sense for management and internal audit to build an element of surprise into their work. One financial controller I know occasionally asks one of his team on a Friday evening for a printout of the ledgers under their control, so that he can supposedly look at it over the weekend. Knowing that their work can be reviewed at any time maintains a strong control environment among the accounts team.
Step 10: Prosecute
Even with the best control environment, fraud can still happen. When it does you need to be in a position to act quickly and decisively, and if the allegation is proved, then the aggressive prosecution of the individuals concerned sends out a clear message to all employees that the long term risk of being caught outweighs any short term benefits.
There will always be a small proportion of the population who are able to justify fraud to themselves, but as financial pressures on individuals increase during the current downturn, the numbers who are prepared to cross the line into illegality is going to increase. Finance Directors are at the frontline of responsibility for minimising fraud risk and whilst it may not be possible to completely remove the risk, the simple steps noted above will go a long way towards reducing the risk.
Andrew Brown is Director, Forensic and Dispute Services with Deloitte in Dublin.
4/5/2009 7:15:00 PM
interesting article to assist in understanding and implementing a fraud-terrent program.