Fraud: Three-point plan for success
In today's difficult economic environment, and as in previous downturns, fraud often plays a part in many corporate disasters.
We see two common types of fraud. First, stealing assets from a business. Second, management of a business manipulating its financial statements to conceal losses or boost low profits. Fraudsters often steal to create a luxurious Walter Mitty lifestyle or to fund personal debt. These thefts usually occur over a long period of time with multiple false entries concealing the fraud.
The fraudster creates these entries and often no one else understands their effect because the fraudster manages to conceal them from management oversight.
The usual technique of concealment is either to write off the monies through misleading entries posted through the profit and loss account or creating a false asset in the balance sheet. The fraudsters can overcome existing controls, sometimes by exploiting weaknesses in the effective application of the segregation of duties. For example, the same person being able to authorise an invoice and raise a cheque.
Fraudsters are often long-serving ‘trusted’ employees. Others are serial fraudsters who move from job to job committing the same crimes relying on weak employment screening to obtain new jobs. It is usually management or employees who spot these frauds and it is essential to make everyone in an organisation aware it is their responsibility to spot and report any suspicions. The use of fraud awareness training and confidential ‘whistleblowing’ hotlines can improve these requirements.
Usually the manipulation starts off small, perhaps to cover up a mistake, but quickly gets out of control creating a significant black hole. By then the fraudsters know that if they report the problem they will be sacked and they continue the deception in the vain hope that somehow the problem will resolve itself; it rarely does.
Common control deficiencies that have allowed these manipulations to continue include: a lack of rigorous internal audit checks; a focus on reviewing the management accounts of entities which are reporting poor results rather then those reporting better than expected figures and the lack of detailed analytical review of reporting packs.
Many organisations have little idea of their overall fraud risk profile. Nor do they deal with the issue that frauds are committed by dishonest people who override control procedures. When reviewing the effectiveness of any control system one must ask: ‘Will it cope with dishonest employees or management?’. The review must also identify where the organisation is most at risk from fraud. Management should produce a fraud response plan to be reviewed regularly.
In today’s environment management cannot afford to ignore these real risks.
- Adam Bates is a partner with KPMG Forensic