The overriding question following yet another recent fraud disclosure - this time about a 32-year-old bank manager who stole more than £2m in order to purchase exotic birds, a large house and luxury cars - is how he was able to remain undetected for four years when the bank was regularly audited to the highest professional standards, supposedly?
As in the recent case of the disgraced London headmistress, the local bank manager had risen to his position of trust and responsibility after a period of 10 years working with the bank. After this time, his character and capabilities should have been known to his superiors.
Additionally, the regular internal audit checks and their review by the organisation’s audit committee, as well as the annual external audit that generally includes the customer’s written confirmation of their balances, did not detect the fraud. Furthermore, it is surprising that other employees of the bank were not suspicious of the manager’s changing lifestyle with his two Mercedes and Porsche cars.
It should be remembered that a good manager should always be aware of his staff’s behaviour both inside and outside the office. This ought to be the case whether he is a senior civil servant like Dr Kelly, about whom we have heard so much in recent weeks at the Hutton enquiry, a headmistress or a bank manager.
In the event of a school fraud, it may be worth looking further than just the head teacher. What about the school governors, the auditors, the supervising bank managers and those responsible for internal control in both organisations?
It has been shown in recent studies that one out of two people will take advantage of an opportunity to steal when it is presented to them and therefore fraud prevention measures have to focus on the whole internal control system.
If newspapers would also identify and target those persons responsible for these systems, they would fulfill a service to the general community by forcing all organisations to review and improve their internal control systems.
After all, the majority of frauds are not published in the newspapers as companies or institutions prefer to ‘close the issue’ without it becoming public knowledge, and therefore there is a greater responsibility on the newspapers for correctly highlighting those cases in the public domain.
In the case of bank fraud, it might also be asked if transactions between existing customers and the employees of the bank are highlighted by the bank’s internal control system. For example, there now exists special software so that when unusual transactions occur they are automatically highlighted and can be reviewed immediately within a bank.
In recent years, many companies and organisations have instituted fraud vulnerability studies by experts, who are trained to detect fraud and are just there to give a financial opinion on the accounts at the end of the year.
This type of work actually represents a cost savings approach that, after proper implementation, creates a stronger internal control system with the associated benefits.
The study is, in short, a way in which the internal control system can be tested by manual and computerised checks against various fraud scenarios.
Moreover, to ensure there is an objective review without any conflict of interest, it is recommended that this work be carried out not by the regular auditor but by specialists with experience in fraud detection who do not have any working relationship with the organisation.
Finally, despite the pressures of work, it is very important that managers invest sufficient time and resources in the recruitment process to ensure that the highest calibre of staff are appointed to positions of trust and responsibility.
Indeed, this may well become a condition for fidelity insurance cover as we have seen that many of these frauds are committed by long-term employees.