Protecting a Business from the Attention of the Fraudster
Why do we always shut the gates after the horse has bolted?
Fraud happens on a regular basis. This is evidenced by the daily reports we read in the newspapers.It doesn't even seem to matter that a company has been audited by a respectable firm of accountants, year after year.
It does seem that the never ending tide of major losses resulting from the deceit of a proportion of society will never be stemmed. Yet we are only seeing the tip of the iceberg. Most fraud goes unreported and nobody knows how much is carrying on undetected! Most fraud is preventable but few organizations make provisions for the regular review of its fraud prevention controls.
Yet just a bit more care and attention to fraud risk could prevent so much more of this secret crime taking place.
Law and order is paramount!
Fraud Prevention Controls
Every business should have fraud prevention controls in place that are suitable for the size and complexity of the organisation. This may mean that smaller businesses may have fewer less sophisticated protection measures, but they should have them nonetheless.
According to estimates reported by the Association of Certified Fraud Examiners, on average every business in the USA loses an amount of money due to fraud equivalent to 5% of its gross turnover. Just think of this, 5% is more than many companies make as net profit! So why is the USA losing so much money to the fraudster?
In the UK estimates endorsed by the North East Fraud Forum, an organisation that is sponsored by the Northumbria Police Force, put the level of losses due to fraud at up to £100 billion. This sum does not even include money transactions resulting from money laundering of drugs money and other criminal activities. The costs do include fraudulent losses to organisations together with the cost of policing and regulating fraud. So why is the UK losing so much money to the fraudster?
If I discussed fraud statistics at length, I would conclude that the scale of losses is unknown but at the very least enormous and at worst breathtakingly gigantic! I would conclude that the biggest losses are in major economies such as the USA, UK, Canada and Australia. Significant losses can be seen in places such as Hong Kong, Dubai and Japan etc especially where Western business is being conducted - but less so in other centres such as China and India.
So the question is still why are we so prone to the attention of the fraudster? Why is our English language based economy so prone to fraud? I will have to investigate this from two angles - the first is our approach to defending our businesses and organisations, and secondly to look at our attitude to money generally.
Fraud Prevention Methods
For a business to reduce its risk of suffering a fraud, any business small or large must have a culture or ethos of integrity. If workers are able to see managers adding a few extra miles onto their travelling expenses they are going to see an organisation that is lax and doesn't care less.
So there must be a tone set from the top that fraud or any financial impropriety will not be tolerated. It does this by setting an example of course, but also must communicate the message formally to all directors, managers and staff within a fraud policy document. Many organisations will prepare a glossy brochure or booklet that sets out the stance against fraud, what is acceptable policy and what is not, what is expected of everybody and outline the resolve to deal with any problem immediately and robustly. This expensive publication will be circulated to all, and may even be backed up by video presentations to be shown to all new starters or to refresh the memories of old hands.
Of course a small business is unable to go to this expense, but it still needs to communicate its fraud policy to all. Even if this is a one page circular, costing nothing, it will be effective it it communicates the essential messages to the staff.
Many organisations will have an annual visit from their auditors and hope that any weaknesses they have to fraud will be picked up then. A big mistake! Most frauds will take place through many audits, often having been in place for a number of years before being discovered. An auditor does not have the responsibility for detecting fraud, nor the time or inclination on his tight budget to do so. Obvious weaknesses in accounting controls, if they impact the likelihood of the true and fair nature of the financial statements being wrong, might be detected - but the fraudster is looking for the not-so-obvious of course. And even if a company is fraud free at the time of the audit, other frauds can devastate a business in weeks or months before the next visit.
So a proactive and ongoing review of the risk a business might be facing due to fraud is essential. Again this only need be proportionate to the size and complexity of the organisation. For example, many public sector entities such as local councils and prime care health bodies are required by legislation to have fraud reviews annually. These are usually conducted by internal auditors, dedicated anti fraud units or outside contractors. They involve a review of all fraud controls in a business against standard check lists with a resulting score being awarded to the body. Then when the body is reviewed by the central funding authorities it may be judged against this score and others for different aspects of its business.
Other large organisations may have similar functions, but the ongoing review of the business could just as easily be carried out by the owner of a very small business at the other extreme.
By ignoring the need to be active in considering a if business is at risk from fraud, being complacent, puts that very business at risk, and sends out an invitation to the fraudster.
Our attitudes to fraud
There may be a problem with Western culture that makes us prone to the attention of the fraudster. In recorded interviews with Nigerian 419 Scam perpetrators the authorities have been told that we are targeted because we are easy! The Americans and British are considered to be stupid when it comes to fraud.
Is it because we have been successful in business, becoming rich nations, we are the targets? And is it because we think that money is easily come by that we do not take enough care over its custody? Perhaps, but this leads onto another question and that is with the global shift in wealth, and nations such as China and India move to the forefront of affluence, will the attentions of the fraudsters shift to these richer spoils? Or will these emerging powers take better care over their finances? This will be an interesting arena to monitor over the coming five years.
What can you do to protect your business?
In a nutshell?
Be aware of fraud. You do not need to do a lot, but any fraudster knowing that you are aware of the risks and can be seen to be caring for the business will think twice. Regular reviews of fraud prevention controls do not take a lot of time, but can be more effective in telling the fraudster that you are on the ball.
For example, a quick check that all your staff are changing their computer passwords on a regular basis and keeping them secret from each other will take a couple of minutes each month. A reduction in complacency is the biggest deterrent to fraud that there is.