Out with the old and in with the new?

In the main, fraud will occur as a result of either a well-researched and targeted attack, or a scattergun approach.

The scattergun approach is easy; fire off enough phishing emails or send in enough false invoices and the law of averages dictates that there will be some success. However, a little bit of research (or better still, inside knowledge) can reap significant rewards. So if it’s that easy, then why doesn’t everyone commit fraud? 

In the world of fraud prevention, there is an accepted 10-10-80 rule: 10% of employees will never steal/commit fraud, 10% will always steal/commit fraud, and 80% may go either way, depending on the circumstances (i.e. what is happening in their lives, the size of the prize, the chance of success versus the chance of getting caught, and the likely sanctions that will be imposed if they are caught).

Given this combination, the lead up to and wind down from holiday periods are a favoured time for fraudsters to attack. Staffing levels and motivation may be low, experienced staff may be away leaving inexperienced or temporary staff in place, or pressures to clear workloads may be high; all of these scenarios are a temptation to relax or bypass controls. It is vital therefore that staff are reminded of the importance of ensuring controls are properly and timeously applied (and hopefully they are fully aware of what and how to check, and why it is vital to do so: time and time again we see this part fail). 

You should have proactive controls that help prevent a loss (i.e. segregation of duties, supporting documentation, proper authorisation and physical control over assets), and detection controls designed to find errors or irregularities after they have occurred (i.e. reconciliations, analysing variances/outliers/anomalies, inventories/stock-checks and audits).

Whilst there are some ‘clever’ frauds, most are simple and have not changed for decades (if not centuries).  The reason fraudsters still succeed with simple or relatively straightforward frauds is because it’s rarely the case that controls fail; it’s the people. So the most important thing is to keep the controls as simple as possible (in relation to the risk, some risks need ‘rocket-science’ controls, but in the main, simple and effective controls will win the day), and beware of over-engineering the solution, or focusing on the wrong risks. 

It’s not hard to get back to basics. Check that you have:

• good segregation of duties (when did you last check, have there been re-structures, or what happens when someone goes off sick or on holiday?);
• standardised reporting systems and operating procedures;
• robust and workable policies;
• single (and approved) suppliers’ database and contracts register;
• payment names, accounts and sort-codes checked;
• strong risk management;
• robust forecasting and exception reporting;
• strong whistleblowing culture.

To be effective, controls should be evidence-based, open to challenge and scrutiny, unpredictable and regularly reviewed, but above all, easy to apply and designed with fraud prevention and detection in mind. 

The lead up to the holiday season and first few weeks of the new year is a perfect storm. Financial pressures will have increased for your staff (and worryingly 71% of all corporate fraud is committed by, or with the assistance of, staff) and the opportunities through a relaxed approach to controls will be there. So now is the time to re-visit what controls you have in place to reduce the risk of fraud and make sure they actually work; if you don’t fraudsters will happily test them for you.

We can help you reduce your risks of fraud with a range of counter-fraud services. Contact John Baker.

Leave a comment

 Security code