The Oxford dictionary defines fraud as (a) “wrongful or criminal deception intended to result in financial or personal gain”. For company frauds this could be expanded to incorporate the deliberate misappropriation of company assets to achieve the gain.
Despite the fastest growing global areas of fraud being cyber related, the traditional occupational fraudster remains a significant company risk although their typical profile is changing.
When are occupational frauds most likely to occur?
Donald Cressey, an American sociologist who studied occupational crime, spoke of the Fraud Triangle. He believed that most workplace frauds included occurrence of the following three areas;
Opportunity The ability to carry out the misappropriation of company assets. While this is more likely with a weak control system, a KPMG survey in 2013 found that 70% of frauds included collusion.
PressureA motivation or incentive to commit the fraud. This could be need or greed.
Rationalisation Justification that the activity is not unacceptable. For example; “it’s a victimless crime” or “I’m only taking what I deserve”.
The ‘typical’ fraudster
For many years the broadly acknowledged profile of the typical UK occupational fraudster has remained unchanged; Male – 35-55 years old – middle management – established within the company.
PWC’s 2014 survey into fraud has unearthed some surprising shifts in profile. Although the global profile remains unchanged, junior staff are now the leading UK perpetrators on 45% (32% in 2011). Middle management are still in second place on 42%.
Another noticeable shift is that 25% of the frauds in the survey were committed by women, a nearly two-fold increase from 13% in 2011.
Another interesting area within the PWC survey is regarding which methods are proving successful in uncovering frauds.
It is tempting for companies to pay lip service to fraud prevention by relying upon traditional methods, however only 4% of deceptions were identified through usual internal audit activities. Whistle blowing systems also exposed only 4% which could be a symptom of the high amount of formal compliance red tape which has been introduced within the last decade. EY have coined a good term for this – “compliance fatigue”.
Over half of the frauds discovered were as a result of either; Suspicious Transaction Monitoring, Fraud Risk Management or Data Analytics. A company must therefore be proactive to the possibility of a misappropriation of its assets.
Suspicious Transaction Monitoring
Specialist computer programs are used to analyse datasets for unusual patterns before suggesting any areas which fall outside the exception limit for further inspection. This could include apparent suppliers who are receiving payments with differing characteristics to average procedures.
The larger programs can also automatically check the names of customers and suppliers against the latest lists of suspicious people to aid compliance with anti-money laundering regulations.
This type of specialist software is best suited to company’s with a high volume of transactions.
Fraud Risk Management
An effective way to prevent internal fraud is to understand and subsequently manage the risks which your entity faces. Looking at the Fraud Triangle the entity cannot easily reduce Motive or Rationalisation but it can reduce the Opportunity and increase the fear of detection.
A clear policy which covers the following stages; prevention, detection, deterrence and response, should be in place.
As with regular risks, senior management should assess the scale and impact of the risk against the likelihood. Each area could then be designated to a member of senior management as their personal responsibility to aid accountability.
Testing of the system should be carried out on an adhoc basis. The advantage of mid-month testing is that any smoothing which may be carried out at month end will not be present. An example of this testing would be to match ledger control account balances to underlying records. This could be particularly useful in identifying common frauds such as teeming and lading on customer accounts.
A forensic accountant could assist with devising a tailored infrequent testing schedule which could be carried out by senior management or the forensic accountant.
For many small businesses this will be the most practical and achievable option. Simple procedures could include;
Ratio analysis;Simple ratio analysis could identify unexpected results.
Benchmarking against previous years;Large changes could be explainable but may highlight areas to target in more detail.
Review suspense and misposting account activity;Large transactions in and out, especially in patterns, could be an indication of dishonest activity.
Analysis of the amount of postingsA sharp increase could indicate that the audit trail is being made deliberately complicated.
The above methods may not detect every fraud but their existence will act as a clear deterrent and minimise the opportunity for occupational fraud.
Our forensic team have considerable experience of implementing systems to prevent and detect fraud as well as to investigate suspicious transactions and to assist with the potential recovery of assets and prosecution. Please contact them here.