Fraud can come in a variety of different forms and can happen at all levels in an organisation. Over the past number of years the tendency to downsize has resulted in the removal of some basic controls (particularly segregation of duties) and increased the opportunity for fraud. In addition, with increased computerisation the sophistication and complexity of fraud has been escalating significantly.
In a recent international survey undertaken by Ernst and Young they found that 75% of the sample of 1,200 companies world-wide were victims of fraud during the last 5 years. Of the worst fraud over 80% was committed by staff over 75% of whom had been with the company for more than 5 years.
The study also discovered that 25% of businesses lost over $1m through fraud in the last 5 years and that more than half of the frauds discovered were discovered by chance.
Another interesting finding was that the majority of respondents believed that the worst fraud they experienced was preventable but lack of prevention policies and inadequate internal controls meant that many believed it could happen again.
The seriousness of the situation was verified recently when Ricardo Garotte was sentenced to seven years' imprisonment for stealing more than £4m from two banks while working as a temporary member of staff. It is believed the police are still trying to trace more than £2m.
Garotte used false references to get temporary work and was just about to land a staff job with a third bank when the police caught up with him.
This case shows the seriousness of the situation and highlights the need to thoroughly screen staff, including temporary staff, prior to employment.
The warning signs of potential fraud are usually evident although many employers fail to spot them, (e.g: gaps in curriculum vitaes, unexplained changes in living standards, staff not taking holidays, working unsociable hours, turning down promotions, resigning unexpectedly and many more).
The risk of fraud
Management must have an understanding of how and why fraud occurs in order that internal controls can be properly designed and operated.
The risk of fraud can arise in certain circumstances or due to certain factors, some of which are as follows:
– cash sales are usually a high-risk area, as the temptation can be considerable;
– changes in circumstances can increase the risk for fraud, for example changes in the management information system, in particular increased computerisation. Computer fraud is rapidly increasing in frequency and sophistication and presents a real danger for many organisations;
– organisational changes can also present very welcome opportunities for fraudsters, particularly during transition phases or following downsizing when key controls such as segregation of duties may be compromised;
– fraud can also occur during periods of rapid growth in the volume of activity when there may be inadequate time for proper verification of all transactions. Most organisations expand first and try to put the controls in place later;
– the risk of fraud may also be increased by factors which are specific to the industry, for example extensive travel and related expenses or very high levels of corporate entertainment;
– personnel factors may also have a significant influence where a dominant manager is either given or exercises extensive authority;
– inadequate supervision and a lack of emphasis on compliance with internal controls will eventually invite fraud;
– as was the case with Ricardo Garotte inadequate screening of new employees can have very serious consequences. In addition, if staff are being underpaid and morale is low this can also create an environment where fraud may be perpetrated.
These are only some of the circumstances under which fraud may occur but management must be vigilant at all times.
Prevention comes from an awareness of the circumstances where the risk of fraud is higher as well as an awareness of the various types of fraud, which could be perpetrated. There are a number of possible strategies to prevent fraud.
Two of the most important of which are:
– adequate internal controls;
– personnel polices and procedures.
It is the responsibility of management to ensure that adequate internal controls are in place in order to safeguard company assets.
A system of internal control should be based upon ensuring that all employees are aware of the emphasis on internal controls and clearly understand what these controls are. In addition, management must lead by example.
An internal control system should be based on key fundamental concepts:
1 Segregation of duties
Responsibilities should be divided to ensure that the key roles of custody, authorisation, recording and execution are separated.
2 Physical controls
Comprehensive recording of the location and ownership of assets is essential with access to assets or critical records restricted to authorised employees.
All transactions should require approval by an appropriately responsible person and this needs to be communicated and implemented.
4 Management control
Analytical review including review and investigation of variances is necessary.
5 Supervision and periodic reconciliation
All employees must be made aware that their work is likely to be checked.
Clear lines of responsibility must be operated to ensure that employees are aware of their specific responsibilities and to whom they are responsible.
The success of any system is to some extent dependent on the competence and integrity of those operating the control system.
Selection, training, appraisal and adequate remuneration are all essential to ensure appropriately qualified staff are employed.
Personnel policies and procedures
The personnel functions contribution to the prevention of fraud is often overlooked when in fact its assistance can be invaluable. Specific personnel controls which can be a very important means of preventing fraud include:
1 Recruitment process
The process must be designed to ensure that new employees are thoroughly screened prior to employment.
This includes a comprehensive interview process as well as obtaining and verifying any references given.
2 Annual leave
The company should have a policy requiring each employee to take his/her annual leave.
3 Staff rotation
Properly managed this can be a very beneficial way of developing management and employee skills with the added advantage of preventing or discovering fraud.
4 Remuneration levels
The personnel function needs to monitor and subsequently ensure that remuneration levels are adequate and that working conditions are acceptable. This will help reduce the need for staff to attempt to supplement their pay.
5 Staff development
Staff development programmes can be used to emphasise to staff the importance of adhering to internal controls and to appraise staff of the organisational structure including any changes being made.
6 Exit interviews
These can be used to obtain feedback regarding low morale or staff under undue pressure in certain sections of the organisation.
Many organisations use outside agencies to check potential employees prior to their engagement and a considerable number also have insurance to protect the organisation in the event of fraud, however, insurance is no substitute for good systems.
The important lesson is to put in place and regularly review the adequacy of internal controls designed to prevent fraud. Prevention is far better than having to deal with the consequences of fraud.