It is estimated that up to 80 per cent of fraud is committed by staff, and 50 per cent by middle managers. And in today’s technologically-driven environment, cyber crime and electronic fraud is an increasing issue.
As with most things, prevention is always better than cure, and all businesses should take steps to protect themselves from fraud.
Understanding the nature and extent of fraud is an important step in its prevention. Businesses should consider what kinds of fraud they might be subject to, and how to put in place systems that can identify or flag fraudulent activity.
At the same time, they should let employees know that the organisation is keeping an eye on fraud and is taking steps to prevent it, which in itself acts as a deterrent. Reducing opportunities, enhancing accountability, improving detection and deterrence all help fraud-proof the business.
Generally speaking, there are four main areas where fraud occurs within a business:
-Revenue
-Expenses
-Wages
-Assets
Revenue fraud
The risk of fraud in the recognition of revenue arises when all the revenue received by the company is not actually recorded, with the fraudster pocketing the difference.
Tips to prevent this include:
-Ensuring the sales process issues a customer receipt, thereby registering when a sale is made and the data is entered into the system
-Separating duties when it comes to recognising revenue. Ensure the same person who raises the invoice in the system is not the same person who collects payment.
It’s also important to have strong controls for credit notes. Unauthorised credit notes can lead to the misappropriation of inventory or stolen deposits from customers. Both of these cases can create a benefit for an employee.
Ensure all credit notes pass through an approval process to validate the claim. Part of this process should involve checking customer details are correct.
In addition, review and analyse credit note trends periodically to identify any anomalies or patterns involving particular employees requesting credit notes to be issued.
Expenses fraud
There are various ways that expenses can be manipulated to conduct fraud, including creditor payments and supplier selection.
Creditor payments
Payments made to creditors present significant scope for fraud to occur. In the absence of strong controls, unapproved, duplicate or overpayments can be made.
Each business has a Vendor Masterfile (VMF) which contains records of its suppliers, including bank account numbers. Weak VMF controls expose businesses to the risk of unapproved changes to a supplier’s bank account, allowing funds to be directed elsewhere.
Tips to manage creditor payments and reduce fraud include:
-Establishing an appropriate level of authorisation that is always required for payments to be made, including bank approval to release the funds;
-Reviewing the business’s requirements and analyse purchases to identify duplicate or unapproved payments; and
-Segregating duties relating to the maintenance of the VMF, purchasing, authorisation, invoice processing, payments and bank reconciliations.
Supplier selection
Businesses that don’t have strict controls for the process of selecting suppliers may be exposed to the risk of engaging false suppliers, or suppliers who charge above-market rates or who provide kickbacks.
Some tips for managing suppliers include:
-Having a rigorous process to ensure that multiple suppliers are examined before selection. This decision should be made at an appropriate level of seniority, reviewed by another employee and appraised periodically; and
-Reviewing supplier arrangements annually to confirm prices are reasonable.
Wages fraud
Two ways that wages fraud can be perpetuated is via changes to employee details, and bonus or leave calculations.
Employee details
In large organisations with many employees, tracking employee details is more difficult. As a result, it exposes these organisations to fraud risk in the form of:
-‘Ghost employees’, where a non-existent employee is set up with wages paid to another employee
-False hours, including overtime, being processed, and
-Higher rates paid to employees.
In each of the above cases, it is essential for businesses to have robust processes for employee data management.
These include: conducting periodic checks of employees to verify their existence, pay rate and accuracy of timesheets; and reviewing the procedures for adding and modifying employee details, ensuring all changes are approved by someone who will be supervising the employee.
Businesses should also review terminated employees to ensure no payments are made after they leave.
Leave calculations
It is important for businesses to confirm if sick, annual or long service leave taken by employees is entered into the system. If not, employees could potentially apply for and take leave without it being recorded in the system, giving that employee additional leave.
Businesses should:
-Regularly review leave balances and discuss with managers or supervisors whether balances appear accurate;
-Conduct random checks on leave balances for employees who have returned from leave to see if it has been entered correctly; and
-Introduce a control whereby leave taken or applied for is recorded and used to reconcile with that captured by the payroll system.
Assets fraud
There are various ways an individual can manipulate assets to conduct fraud, including theft of assets and discounted sales.
Asset theft
Theft of assets is the highest fraud risk category in Australia. While there are usually controls in place to monitor assets such as cash, inventory and equipment, how can businesses ensure these controls are always being adhered to?
Actions to take include:
-When conducting stocktakes, confirm the guidelines in place deal with variances and ensure high standards of accuracy required are communicated to employees conducting the count;
-Segregate duties between asset purchases, receiving assets and stocktakes; and
-Conduct random checks to guarantee controls such as safes and alarms are being locked or activated as per the process.
Discounted sales
To help prevent fraud, businesses must clearly understand the worth of its assets, especially when it comes time to sell.
Questions to ask include: is there a clear process relating to the sale of assets which realises the highest value possible? If not, employees are capable of selling assets to related parties and/or under its market value and may be able to receive a kickback.
When assets are sold there should be an approval process in place involving the evaluation of multiple sale avenues.
If assets are always disposed of to the same individual or company, frequently review the agreement in place.
No business is fully protected from fraud, but the best way to deal with fraud is to take steps to prevent it. The cost of investigating fraud once it is found, together with the losses that cannot be recovered, in most cases far outweighs the cost of a prevention system.
Simon James, partner, HLB Mann Judd
