Nobody likes to be misled, especially by people they trust or have an expectation will do the right thing, whatever that is. Fraud and corruption can be a blow to the self-image of capable managers and their confidence in their ability to deter or detect a fraudulent scheme. More so, they can have a negative impact on an organisation’s brand, image and reputation, organisational morale and where the loss is large – significantly impact the bottom line.
In a recent survey of fraud in Australian organisations, 84 percent of respondents agreed or strongly agreed with the proposition that fraud control is a governance issue.
Corporate governance is an entire culture that sets and monitors behavioural expectations intended to deter the fraudster. As part of the establishment of sound corporate governance, it is now clearly accepted that an organisation should formulate a fraud and corruption control strategy. Through the development and implementation of the strategy, compliance with anti-fraud and corruption control practices can be promoted, maintained and instances of fraud and corruption control non-conformance identified and dealt with quickly.
What is a fraud and corruption control strategy?
It is a comprehensive summary of key elements that the organisation has introduced to prevent, identify, manage, investigate and deal with fraud and corruption specific to its own circumstances. According to the Australian Standard AS8001-2003 , although an organisation’s approach to its strategy will be dependent upon its size, diversity, geographical spread and the industry in which it operates, the Standard recommends that a strategy contain a number of elements. Several of these elements are discussed below:
– Fraud and corruption awareness – How does the organisation educate their staff and stakeholders about how fraud and corruption occurs and what to do if it is discovered? This is a key element as fraud surveys have clearly demonstrated over time that the majority of frauds are discovered by staff and that whistleblowers are also an important source of information.
– Reporting of fraud and corruption – Is there a formal reporting process? Does senior management and the Audit and Risk Management Committee get told of all incidences ? If all instances are not recorded centrally, how does management assess the size and breadth of the problem and effectively manage it ? Also importantly, if the instances if fraud and corruption are not reported to the Audit and Risk Management Committee, how do they monitor the performance of senior management in managing the risk?
– Fraud and corruption risk assessment – Identifying a couple of fraud risks in your business risk assessment or enterprise risk management process is far from adequate. An organisation should not rely on management alone to come up with all potential risks as there may be a knowledge gap, a reluctance to identify the existing weaknesses, inadequate allocation of time to discuss the issues or lack of a persistent inquisitor to ask the tough questions and follow up. So, consider having someone involved who thinks like a fraudster and has experienced a broad range of fraud and corruption issues who can add real value to the process. The insights regarding risks and process weaknesses can be invaluable.
– Whistleblowing – How does your organisation protect whistleblowers? Does it encourage anonymous reporting ? Whistleblower programs allow employees and others to report concerns-including those about corporate fraud-and can allow the management and/or the Board to take early corrective action. Whistleblowing lines are now becoming more prominent in the private sector.
– Pre-employment screening – Is there a consistent process of screening across the organisation ? How thoroughly are background checks, such as prior employment history, tertiary qualifications and memberships of professional associations, conducted ? Does it cover only full-time employees or include contractors ?
– Regular reviews of internal controls – Effective internal controls cannot be both successful and static. They should be monitored and evaluated for improvements and changes made necessary by changing conditions. The scope and frequency of evaluations of the internal control structure depend on risk assessments and the overall perceived effectiveness of internal controls. As an example, under the Sarbanes-Oxley requirements, management is charged with performing an evaluation at least annually. Anti-money-laundering procedures employed by financial institutions are a good example of a proactive process designed to deter fraudulent transactions from taking place through a financial institution.
Commonwealth Agencies have clearly led the private sector in developing fraud and corruption control strategies. This is mainly because it is mandated under the Financial Management and Accountability Act 1997 that all budget-funded agencies, and relevant Commonwealth Authorities and Companies Act 1997 funded bodies, put in place practices and procedures for effective fraud control. The Commonwealth Fraud Control Guidelines, outlines how each Agency must have a fraud control plan.
What are the trends and issues that organisations should be aware of?
Patterns of behaviour are clearly emerging as both the cost and complexity of technology decreases and information is shared through the internet in real time. Although more traditional frauds continue to be perpetrated against organisations, there are also a number of new or increasingly prominent challenges. Some of these challenges include:
– Identity fraud and theft – Criminal syndicates follow the money and as such identity fraud and theft is fast becoming a significant problem as they target individuals and organisations. The quality of recent forgeries of identification documents such as driver’s licences, birth certificates and even passports has highlighted the need for biometric identification solutions such as fingerprints, voice patterns, retinal images, facial or hand geometry to be seriously considered by organisations.
– Cyber-crime – The role of ‘phishing’ and the use of ‘trojans’ to illegally penetrate computers to obtain confidential information, including banking details, shows no signs of abating. As an example, over 11,000 unique phishing attack websites were reported to the Anti-Phishing Working Group in May 2006.
– Cheque fraud – this continues to be one of Australia’s most prevalent frauds affecting businesses. It involves the alteration of an existing cheque to a new payee and sometimes an altered amount.
– Gambling – There is an inextricable link between gambling addiction and fraud. As the opportunity to participate in various forms of gambling grows, the incidence of fraud will also continue to grow. Refer to the breakout box for some recent Australian examples.
What can your organisation do ?
Senior management tasked with governance responsibilities should undertake a review of their approach to fraud and corruption control. It is recommended that they at least benchmark your organisation against best practice recommended by the Australian Standard AS8001-2003 – ‘Fraud and Corruption Control’ in order to determine gaps that require addressing. This will be the blue print for going forward.
Key areas of the fraud and corruption control strategy that should be emphasised and undertaken should include:
– championing a pro-active and thorough approach to fraud risk management across the organisation;
– reviewing the organisation’s whistleblowing policy and procedures and where one does not exist, seriously consider the inclusion of an anonymous reporting line to augment the reporting structure; and
– educating staff about fraud, how it is detected and importantly the organisation’s reporting procedures.
Emerging technological trends, the globalisation of commerce as well as the growing impact of the prevalence of gambling should be of concern to Board members and senior management in all organisations, both large and small. They all create risks that need to be constantly managed.
Those who commit fraud and corruption, whether internal or external to the organisation, are often attuned to system and control weaknesses and therefore target least points of resistance.
To deal with these fraud and corruption risks, organisations must look to how they are allocating their resources and seriously consider the need for a comprehensive strategy.
Case Study – Whistleblowing
Fraud awareness training was provided to all staff in a division. Subsequent to this training, the Financial Controller was sent an e-mail with the sender’s details disguised although indicating that they had attended one of the fraud awareness sessions. The e-mail contained detailed allegations concerning anomalies with a senior manager’s use of a company credit card.
A preliminary review was undertaken of the credit card statements that revealed personal purchases of clothes, meals, accommodation, dating services and books over an eighteen-month period that were all fraudulently misrepresented on the card statements as business related expenses. Although the card statements were countersigned by another manager, the manager later admitted trusting the senior manager’s explanations for the purchases.
The senior manager was in a key governance position within the organisation and was subsequently dismissed.
Case Study – False invoicing
A Finance Director with responsibility for the Asia-Pacific region travelled regularly. An anomaly with his expenses led to a further investigation of his activities. A link was identified between the name of an Australian based company of which he was a Director and a company based in Malaysia that had received consulting fees authorised by the Finance Director.
Further investigation revealed four companies in different Asian countries that had received consulting fees based on bogus projects. As a result of the investigation, it was proven that more than 50 invoices were prepared and subsequently signed off by the Finance Director at an Australian Dollar equivalent just below his delegation limit.
International company searches revealed he was a Director and Shareholder in each company. Over AUD2 million was recovered.
It was also revealed that the annual budget for such consulting expenses was $300,000 when the Finance Director joined. In the first year, he increased the budget to $1.8 million. He therefore budgeted for his own fraud.
Examples – Gambling motivated fraud
$7.1 million – Accountant defrauded clients’ trust funds. Spent 937 days out of 7 years gambling at the Crown Casino.
$4.3 million – Claims officer reopened claims files and made out 1,003 cheques to fictitious 3rd parties over a period of 10 years. Most of the money was lost through gambling.
$8.3 million – Merchant Banker in an investment bank wrote out 76 cheques in erasable ink over four years, altering payee to own benefit used to gamble.
$17 million – Bank Manager by unauthorised EFT’s. Racehorses.
$4.57 million – Financial Adviser.
$22 million – General Manager of a Transport company. Unauthorised EFT’s. Racehorses.
$1.5 million – Two Managers of a Credit Union. Poker machines.
$254,000 – Financial Controller of a Hotel. Roulette.
$44,000 – Carer of people with a disability. Poker machines.
Brett Warfield can be contacted on (612) 9231 7588 or at [email protected]
Brett has significant experience in investigating fraud and other unethical conduct, financial profiling, asset and funds tracing and preparing financial briefs of evidence. He is an experienced presenter on fraud control and has presented to CEOs, senior executives, industry and professional bodies in Australia and Asia.
Brett established Warfield & Associates, a professional services firm specialising in Forensic Accounting and Fraud an, in 2004 with the aim of providing independent advice to organisations to assist them with addressing unethical behaviour, improving governance and identifying risks.
Brett has been a senior member of the national Fore