Top 5 tips to prevent fraud…
1. Follow up on simple control failures. Seemingly minor bank account errors should be treated as possible red flags not operational glitches.
2. Dispose of old laptops and PCs without their hard disks. Computers have been traded complete with sensitive company data.
3. Audit expenses claims on a regular basis. The fear of getting caught will deter employees from trying to abuse the system.
4. Implement an anonymous whistle-blowing procedure. Being on the ground, employees can see what is going on better than their bosses.
5. Set password protocols to mitigate cyber-security risks, using letter, number and special character combinations in complex passwords as standard.
…and why it matters
The cost of fraud to business has reached alarming levels. New research from chartered accountants PKF Littlejohn and the Centre for Counter Fraud Studies at the University of Portsmouth shows that UK businesses typically lose around 5.6 per cent of their total expenditure to fraud.
Most fraud is high volume, low value and therefore difficult to detect and expensive to investigate. But as Jim Gee, head of forensic and counter fraud services at PKF Littlejohn and the report’s co-author, points out, companies that have been successful in reducing the cost of fraud have done so by focusing on pre-empting it by establishing stronger anti-fraud cultures and effective deterrence.
In some sectors, for example financial services, companies have developed robust processes around fraud prevention and made it part of their “business as usual” activities.
Elsewhere, firms are not recognising the benefits of mitigating fraud risk and react only when there has been a breach in their security.
John Smart, UK head of fraud investigation at EY, says: “Activities like launching a new product, entering a new overseas market or relocating parts of the business can expose firms to additional fraud risks, which they many fail to consider until it’s too late. Fraud prevention should be a key consideration at the start of any big corporate change project or any time a business is looking to do something different.”
Know your business
For effective fraud prevention you need to know who your employees and suppliers are, says Andrew Rogoyski, vice president, cyber security services at CGI UK.
“Background checking of new and temporary employees is essential for mitigating the risk of insider fraud. The same approach should be adopted when choosing business suppliers to determine their reliability as a business partner,” he says.
In taking a proactive stance on fraud, most businesses will face challenges. One is their lack of real-time visibility into their data, making it difficult to identify readily suspicious behaviour. Another, arguably the most damaging, is that fraud prevention has never been part of the company culture.
Creating a culture where fraud is frowned upon needs to be facilitated by the right technology, says Chris Baker, managing director of expenses management firm Concur.
“Expenses are a prime example and in many enterprises are the business process that time forgot,” he says. “If the way you manage expenses hasn’t moved on since the 1970s, the chances are that the culture of slipping in a receipt for Sunday lunch last weekend probably still prevails, too. Your company’s culture will only move forward if it is supported by the right technology and tools.”
Creating a fraud security-aware culture also comes down to having a clear best-practice policy, good governance and triangulating business systems in order to create the real-time visibility needed to spot any suspicious activity. Quite simply, preventing fraud has to be a “business as usual” process.
According to Phil Beckett, partner at forensic investigation specialist Proven Legal Technologies, the best way of achieving this is to invite the employees to brainstorm ways of defrauding the company and getting around the processes.
He says: “This will highlight any weaknesses that need to be fixed as soon as possible. This process needs regular attention to ensure nothing has changed or been adapted that could open up any risk.”
Overlooking the human element is the most common mistake companies make in preventing fraud
Enhanced monitoring schemes should be implemented to ensure nothing unusual is ignored or missed and that all leads are followed up. The output from this can then help enhance controls in place and everything should be formally documented into a fraud policy.
For this to happen, fraud needs to be an open topic of discussion, which some companies may not be comfortable with, their misconception being that talking about it will encourage more individuals to consider doing it.
However, broaching this taboo subject, says EY’s Mr Smart, will not only alert people to the issue and the ways in which fraud can present itself, it will also identify the most innovative ways of addressing new fraud threats.
There is an irony that people, deemed a company’s most valuable asset, can quite inadvertently be its biggest vulnerability in terms of security. Overlooking the human element is the most common mistake companies make in preventing fraud, says Robert Griffin, chief security architect at security risk solutions provider RSA, so the right training is essential.
“My advice would be to develop a generic security training programme and move on to role-based training as a next step,” he says. “Focus on the most valuable assets, and who has access to them, and ensure that your employees understand the importance of protecting them. Walking them through some real-life scenarios will show how a lack of awareness can lead to a security breach.”
A strategy of designing weaknesses out of processes and systems, and embedding a strong anti-fraud culture, will also give companies a competitive advantage in reducing their fraud losses.