Fraud Risk Management: Awareness, prevention, detection and investigation
The profile of a fraudster
It’s a myth that insiders who commit fraud need to be technically proficient or command a position of special trust or power, although the size of frauds are positively correlated with seniority. For example, a part-qualified accountant in a small consultancy firm used false invoicing, false salary payments and other acts of fraudulent accounting to steal thousands of euros from his employer. The crime was uncovered by the business owner, but not before the fraudster had fled abroad, taking the money with him.
Key to detection and prevention of fraud is to understand its nature. A common pattern is a “low and slow” approach to fraud. The fraudster misappropriates “low” amounts of money and conducts their activities “slowly” over a long period of time, possibly to avoid detection. Such fraudsters accomplish more damage and escape detection for a longer period of time. Given this typology, internal fraud needs to be tackled differently from external fraud, which tends to be “high and fast”.
Awareness
Bearing in mind that awareness of fraud risks can provide a business with protection, a useful model to know when considering the likelihood of fraud occurring is the fraud triangle. The fraud triangle is a model for explaining the factors that cause someone to commit occupational fraud. It consists of three components which, together, lead to fraudulent behaviour.
A potential fraudster facing a perceived unshakeable financial need (motivation) and having the means to commit a fraud (opportunity) may well find a way to justify the fraud within the constraints of his own belief system (rationalisation). In the ‘low and slow’ typology the rationalisation might be that the employer won’t miss a small amount and/or that the fraudster deserves it to compensate for something else, such as an unpaid bonus or overtime.
Breaking one of the sides of the triangle will stop the potential crime from happening. As shown in the diagram, this build up takes a number of months, even years, from conception to action – time during which the organisation could have detected and prevented the crime from happening.
In addition to a theoretical understanding of fraud risk, fraud workshops that focus on the risks that particular organisations face can be a useful technique to create better fraud awareness amongst management and employees.
Fraud prevention
A Deloitte UK survey revealed myriad opportunities and motives for fraud. Some of the top ones included disgruntled employees and external pres- sures on individuals. Ineffective internal controls were also a factor. Whilst it is true that one size does not fit all, a comprehensive plan, with the involvement of key internal functions, could go a long way to prevent and detect internal fraud.
For example, apart from internal audit mentioned above, the involvement of Human Resources function is key in fraud prevention. A robust recruitment stage through preemployment screening is a key detective measure. This would involve the process of checking that information provided by a prospective employee is accurate and complete. The results are used to make an informed decision about the suitability of an applicant for a particular vacancy. It can also deter dishonest individuals from applying in the first place, thus having the added benefit of being a preventative measure as well.
Fraud investigation
When it comes to investigation, this can be a very delicate matter. Whilst there is a temptation to try to maintain a ring of secrecy around embarrassing fraud events, if you are serious about recouping financial losses or seeing the fraudster punished, the involvement of professionals should be seriously considered. Forensic work and evidence gathering is important.
In conclusion
It is clear that this is not an issue that will simply ‘go away’. Organisations need to tackle it strategically and will benefit from being proactive rather than reactive, by preventing fraud before it can succeed. Awareness, prevention, detection and investigation are integral elements of an effective anti-fraud strategy. Its success will be of great benefit to any organisation. Stefan Lia is a manager at Deloitte Malta Risk Advisory. For more information, please visit www.deloitte.com/mt/riskadvisory