A few years ago, as part of my effort to improve my professional forensic accounting profile in the local business community I would give after dinner talks to various different marketing clubs, Rotary groups and business gatherings. I had one talk that always went down well, “From Fish to Fraud”, probably because the title was a little intriguing. My introduction dispelled any mystery, and included how my career gravitated from being an aquaculture consultant developing fish breeding units around the world to becoming a recognised expert in the fields of forensic accounting and fraud.
My talk would then cover a series of anecdotes intended to provide both amusement and a warning about the seriousness of fraud to everybody. It never ceases to amaze me how naive most people are when it comes to understanding the threat of fraud each and everyone of us faces daily.
Unfortunately it is complacency that does most harm, along with the ease with which fraud can be committed. I would explain to my (hopefully) interested audience how, while undertaking some market research, I visited two senior financial directors of different national construction companies in the space of one week. The first challenged me with his belief that he had no fraud in his business because the workers salary packages were much higher than average. The second informed me that, if he so chose, he could authorize a transfer for £10 million to any account he wanted, and disappear before any of his fellow directors even missed the money. The first director was complacent, the second honestly admitting that his company’s fraud controls needed attention!
In order to enforce how vulnerable we all are to the fraudster’s attention, I would tell how some years ago I was duped into releasing my eBay log in details to an email “phishing” expedition. It was only when I was asked to confirm my bank details that I smelled a rat and quickly extracted myself. However, in the short time that the scammer had access to my account he set up a bogus sale in my name for an expensive Harley Davidson in the USA, obviously intending to divert any unsuspecting buyer’s money for the fictitious sale item to themselves. The buyer would have believed he was dealing with me and my 100% squeaky clean eBay record. Ebay quickly closed the fraudsters down and I was able to set up again with new login details – somewhat wiser than before.
My message is that if it can happen to a fraud specialist it can happen to anyone! Victims of fraud include highly competent CEOs, law enforcement officers and many other persons who are normally familiar with the problems. However, while you may be happy that you understand the risk of fraud and have even put in place the normal preventative controls, you have to remember that the fraudster is continually looking for that chink in your amour, a way in that you will not notice. The best way to protect against fraud is continual monitoring – don’t just send out an edict that everyone must use passwords – check that the control is being implemented and that passwords are being changed regularly. To be seen checking is a much better control than the passwords themselves!
Trust is another key factor in allowing fraud to flourish. In a business, fraud is committed by more long standing employees than anyone else. There is no excuse for circumventing controls, just because somebody has been doing a job for 20 years. This is one reason why a two week holiday each year is mandatory in most organisations. Absence of two weeks normally means that somebody has to fill in, rather than leaving work to pile up until the vacationer returns. This means that a persons work activities comes under scrutiny and it is harder to cover up an ongoing fraud. I would advise my audience tongue in cheek that giving their staff a couple of months off would be even better!
I work in the field of fraud, so does the fraudster. The rest of you are focused on your own businesses and very often ignore the significant risk that fraud poses. It is a bit like a nasty disease, you only worry about it when it has been diagnosed, often when it is too late to do anything about it. But with fraud there is a lot you can do, a lot of little tweaks that will not cost your business much. When was the last time your fraud prevention policy was reviewed?