Internal Fraud -the Threat From Within

As a business owner, have you been kept awake at night trying to work out why your business is struggling to pay its bills on time when you know that you are doing more work and earning more income.

The answer could be that someone within your organisation is taking advantage of their position and is defrauding your business.

It is a sad fact of life that some people will abuse the trust placed in them by their business associates or employer and use their position to obtain personal profit.  This can have a devastating impact on a business, putting its ability to continue to operate in jeopardy, and also putting its creditors and directors at risk because of the company’s inability to meet its obligations.

Types of Fraud:

The types of dishonesty are many and varied.

Some of the more common types are –

  • Taking inventory without making any payment;
  • Making payment of personal expenses direct from the business bank account;
  • Creating “ghost” employees and setting up wage payments to their own account;
  • Creating fictitious invoices to make payment to themselves or a related entity;
  • Altering creditor batch payments to direct payments intended for a creditor to their own account; and
  • Manipulation of contract tendering processes for personal gain.

The Fraud Triangle:

Research has shown that, generally speaking, three things have to exist for a person to commit fraud against an employer.  Those three things are pressure, opportunity, and justification, and are known as the “fraud triangle”.

Pressure” is usually financial and could be funding a drug or gambling addiction, the threat of mortgagee sale of a property, or just the desire to have more money to spend on a grand lifestyle.  Time pressure in the business provides an opportunity for systems to be overlooked.

Opportunity” is the ability to commit the fraud.  The knowledge of how to manipulate the company’s processes, the belief that they won’t get caught, and weak internal controls that allow the actions to happen.

Rationalisation” is the justification by the offender for the fraud they commit.  Some of the common ones are fear of losing everything if they don’t have the money (mortgagee sale), labelling the theft as “borrowing” as they fully intend to pay it back, or job dissatisfaction as they believe that they should have received a promotion or are worth more than the company is paying them.

The Offenders:

The people who can cause the greatest harm are generally those that you trust the most. 

Often, they are the employee who is always there.  They are never off sick, even when they should be, and they don’t take annual leave outside of the normal shutdown periods.  They look after everything for you, from collecting the mail to ordering stock, invoicing customers, dealing with creditors and generally sorting out any issues as they arise.

They have online access to all the company’s bank accounts and may have signing authority.  There is a chance they are living beyond their means.

We do not suggest, of course, that all staff who fit within this description are defrauding their employers.  Far from it, as staff can be the glue that holds the business together and allows it to operate to its potential.

What has been shown by experience though is that if they fit this description and the factors involved in the fraud triangle described above exist, there is the potential for fraud to occur.

Case Study 1:

The director of an electrical services company employed an accounts person, on a part time basis, to replace a long-term employee who was leaving.  The new employee was immediately given online access to company accounts and was responsible for all dealings with creditors and debtors and reconciling of bank accounts.

The business was growing, employing more staff, and picking up new work but was still struggling to pay its creditors on time.

The director was alerted to possible issues by his bankers, who noted some unusual transactions.  A subsequent investigation identified that the part time accounts person had taken over $300,000 from the company in 18 months, simply by paying personal expenses directly from company accounts and by directing payments intended for creditors to the employee’s personal account.

The offender was convicted of criminal charges but reparation was not ordered.  The funds were all used to finance an extravagant life style.

The electrical services company had to cease trading and the director now works for wages.

This fraud was able to continue for as long as it did, and to the level it reached, because the director placed too much trust in the new accounts person.  He concentrated on the electrical services work and left all financial details to the accounts person and had no oversight of what was happening with the company’s account systems.

What Can Be Done:

There are a number of measures that can be taken to reduce the risk of internal fraud.  These will vary, depending on the size and nature of the business.  Some basic steps that could apply to any business that employs staff include:

  • Make a proper assessment of applicants who apply for work, including personally contacting referees;
  • As far as possible, separate duties of staff so that no individual has the ability to control all aspects of a transaction – from ordering of stock or issuing purchase orders, to receiving the supplier’s invoice, to making payment of that invoice and reconciling the bank accounts;
  • Have set systems and procedures in place for making payments that all staff are aware of and follow them;
  • Conduct stock reconciliations;
  • Clear and check the incoming mail;
  • Review monthly financial reports and dig into discrepancies in bank account movements;
  • Ensure that all staff have the confidence to report any activity by other employees that is in breach of the systems and procedures; and
  • As director, ensure that you have an understanding of the company’s financial position by checking and approving all payments to creditors, monitoring transactions through the company’s bank accounts, and regularly obtaining and reviewing profit and loss and cashflow information for the business.

It is unrealistic to think that by putting correct procedures in place you can absolutely prevent any form of fraud being committed.  The reality is that if someone has the skills and is prepared to take advantage of their position within a business they will be able to find a way around the procedures and systems that you have in place.

Case Study 2:

A person was engaged by a public sector organisation in a management position.  The position gave the manager authority over the administration and accounts staff.

The organisation had systems and procedures in place to ensure separation of duties and to provide a reasonable level of oversight and review by personnel who authorised payments, which were mostly made through online banking batches.

The manager was employed by the organisation for about 14 months and, during that period, the manager defrauded the organisation of approximately $800,000.  This was achieved predominantly by creating fraudulent batch payments using fake invoices.

Some payments were authorised without the proper process being followed by the manager instructing staff to take certain actions for supposedly urgent payments, and by getting payments processed when staff who were likely to question the payments weren’t present.

Other payments were made by following the correct procedures but the manager had used their technical ability to create false payment batches that disguised the fact that payment was being made to the manager’s personal account and not to the account recorded on the supplier’s invoice.

Conclusion

There is no absolute protection from staff theft or fraud but having robust and durable systems and procedures in place will lessen the opportunities for fraud to be committed or, if they are committed, increase the chances that they will be discovered before they can cause irreparable damage to your business.

If you think you may have been the victim of a fraud, or you would like more information or advice on your business systems and procedures, please contact McDonald Vague.

Read 2507 times