Fraud – It’s time to tip the risk versus reward balance in your favour

We’ve done our risk management training, so know all about ‘Likelihood’ and ‘Impact’ and we’ve identified the primary areas of risk facing our company. The trouble is, we’re not alone. Fraudsters are some of the best risk managers out there, weighing up the size of the prize against the chances of being caught; once calculated, the fraudster will inevitably ask ‘what will happen to me if I do get caught’?

If the likelihood of getting caught is low, that’s good news for the fraudster. If the consequences of getting caught are relatively insignificant, that’s great news! If the attack comes from an external supplier/contractor or any other third party/individual, then although still potentially damaging, it’s not as bad as getting hit from the inside, which carries additional reputational damage. The shocking statistic is that 71% of corporate fraud is perpetrated by (or in collusion with) staff.

Combined with the fact that fraud is still increasing, if you haven’t already been hit by insider fraud, you will be. It’s important to take a proactive approach to reducing the risk of fraud, rather than waiting for it to happen and be left with an investigation, usually long after the fraudster (and the assets) have disappeared. 

Whilst we appeal to the good nature of our honest staff, this is a pointless exercise when received by the fraudster, so we have to prevent, deter and change the risk/reward equation by increasing the likelihood (or even the perception of) of getting caught and (assuming our detection methods have identified a problem) ensuring that robust sanctions are applied to offenders.

Prevention

Prevention comes in many guises, but sits, in the main, with robust controls, policies and operating procedures. Simple controls such as segregations of duties and authorisation limits/approved signatories are frequently overridden so it is important to review these and ensure all payments and transactions have been made properly. ‘Easier said than done’ I hear you say with the huge amounts of transactions being made. So you need to be more incisive; go for invoices just below approval amounts, look for duplicate payments (and remember that this should include any instances where something has been added to an invoice e.g. an ‘A’ added to the invoice number) or ‘almost’ matches. There may be other triggers such as abnormal invoice volume activity or unexplainable above average payments per supplier. Of course, there will be other staff-related frauds such as inflated expenses, false CVs and qualifications, and possible frauds such as diversion of funds into shell companies operated by staff members, let alone other issues such as theft of assets/data and undisclosed conflicts of interest etc.

Once fraud has been detected, a swift and professional investigation is vital to establish the facts and gather the evidence so a decision can be made on what sanctions to apply. Consideration should be given to any combination of criminal, civil, disciplinary and/or regulatory (including striking-off from professional registers) proceedings. If sanctions are not applied and people slip away quietly by being allowed to resign, they will appear somewhere else. ‘Not my problem, in fact I hope they go to a competitor and do the same to them’ one might think, but that’s a short-lived strategy. Fraudsters talk – you’ll become known as a soft-target and attract more of the same.  If you take a stand, it’ll be tough, but it sends out clear messages that fraud will not be tolerated, displacing the problem to next door. 

We can help you reduce your risks of fraud with a range of counter-fraud services. Contact John Baker.

 

Leave a comment

 Security code