Wednesday, 9 October 2013 00:00
An overview of internal fraud
Internal fraud in organisations is on the increase and becoming alarmingly high. As per a study done in Australia and New Zealand in the year 2012 nearly 75% of frauds in organisations were committed by insiders. This is a 10% increase compared to the figures of 2010.
When internal frauds occur there will be lot of fire-fighting within the organisations as to who is responsible for this situation rather than taking immediate action to arrest the situation. The implications of not taking prompt action once a fraud is detected would be:
Loss of income and profits
Implications on reputation/rating
Loss of existing business and customers
Loss of assets
Defection of key employees
Increased capital costs
Increased Insurance cost
Undermine in house controls and work place ethics
Investigation costs increase due to loss of vital information
Defence costs for criminal and civil proceedings
Criminal and civil penalties
Once an allegation of a fraud is received it must be evaluated and investigated within the laid down protocols. It is imperative to mention that in the Sri Lankan context it is best that an entry is lodged with the Police as soon as a fraud is found. This will bring in uniformity that no fraud is treated lightly irrespective of the amount involved.
However, in practice some organisations will take such action depending on the seriousness of the fraud due to reputational risks.
Yet, the Police may find fault with such organisations for not reporting such cases as soon as it was found if the issue becomes complex at a later stage. It must be stated that by reporting to the Police such frauds can be uncovered fast as officers of other organisations cannot take the law into their hands and will have further issues by trying to do Police work.
If it is an apparent theft, an entry at the local Police station is sufficient and if it is a fraud, cheating or forged document, the following steps should be taken:
If the amount is less than 50K: Entry at the local Police station
If the amount is between 50-500K: Entry at the Divisional Special Crime Investigation Bureau (SCIB)
If the amount is between 500-5,000K: In the case of Colombo City limits at the Colombo Fraud Investigation Bureau (CFIB)/other districts, Divisional Special Crime Investigation Bureau
If the amount is above 5,000K: Criminal Inves-tigation Department (CID)
An internal inquiry to the said incident also should be conducted simultaneously which includes interviewing related parties, evidence collection and analysing. This will eradicate the chances of similar incidents repeating in future.
There is no perfect guideline to eliminate internal fraud as each fraud is unique in its own devises. No matter how strict the controls are, employees in collusion can create havoc in any organisation. That is why it is said fraud prevention controls are very important to any organisation.
Some of the important fraud prevention controls are HR procedures (screening of employees before offering the job), authority limits, and transaction level procedures. Whistle-blowing policies should be encouraged and rewarded as most frauds are detected by anonymous letters/calls and notification by employees.
Responding to early indications of fraud is absolutely critical in organisations. If warning signals are overlooked, the results will be damning. The red flags include:
Financial information that is inconsistent with key performance indicators
Lack of supporting documents for transactions
Failure to action on early minor fraud
Failure to implement internal controls
Staff who do not take leave
Signs of excessive wealth or spending
Bypassing procurement processes when purchasing goods or services
Unusually close relationships with particular staff, customers or suppliers
Failing to declare potential conflicts of interest
reconcile (cash or stock)
Requests for system access not commensurate with role
One of the biggest misconceptions in most organisations is that “fraud will never happen to us”.
In fact a KPMG Forensic study has shown that 43% of the responded firms had experienced fraud. Recent research has shown males are responsible most of the time for internal fraud and mature masterminds are on the increase. Perpetrators who collude also have increased compared to the perpetrators who act alone.
Further, the increase of frauds by the senior management compared to lower level staff has also increased.
Why and how do employees get involved in fraud is elaborated in the famous ‘fraud triangle’. The pressure resulted by personal financial problems, personal vices such as gambling, excessive drinking, drugs, extensive debts and desire for status symbols such as big house, dashing car, etc., paves the way for fraud. Then the fraudster tries to rationalise same by giving excuses such as ‘I did it for my family,’ ‘will return when I get my salary,’ and cannot afford to lose everything.
Despite the above two concepts a fraud can be accomplished only if there is an opportunity in the systems of the organisation such as non supervision and review of transactions, non separation of duties for reconciliation and processing transactions, no approval processes for expenditure, no access controls over financial data and no dual control mechanism, etc. Thus from an organisation’s perspective it is the opportunity to a fraudster that needs to be halted with proper controls.
Finally from an innocent employee’s perspective, they will be alarmed and disheartened that one of their trusted colleagues had betrayed them and they will be subject to domestic and external inquiries, which will be a nightmare. Then the million dollar question would be how you work without trusting your colleagues; in fact trust is a motivator which drives great teams to success, a hallmark of all success stories. So continue trusting your team but verify each detail that is brought to you, then even the toughest fraudster will think twice before attacking you or your organisation.
KPMG Forensic (2013) – A survey of fraud and corruption in Australia and New Zealand 2012
[The writer, Msc Mgmt (USJ), AIB (SL), MCPM, is a banker by profession. He can be reached via email – email@example.com.]