A trend evident over the past few years is for more fraud to be uncovered during an internal or external audit. Companies should exercise management awareness as their first line of defence in preventing and detecting fraud – as by the time systems of control have already been breached and the damage done.
The current environment is conducive to fraud with a poor economy; working from home in the aftermath of Covid-19; rising unemployment and even inflation. But before all those justifications lies the motivation of poor internal controls. Nor is it restricted to lower-level employees, but equally to management and even top management. In the latter case it is more often some sort of conflict-of-interest scheme involving a business owned by a spouse or their friends and family benefitting from contracts.
Occupational fraud is a global problem. Though some findings differ slightly from country to country, most of the themes – of fraud schemes, perpetrator characteristics and anti-fraud controls – are similar regardless of where the fraud occurred.
A recent report, Occupational Fraud: A Report to the Nations, by the Association of Certified Fraud Examiners (ACFE) tabulated the cost of fraudulent schemes to organisations. The average loss caused by the survey of 2,110 occupational fraud cases across 133 countries was R32.1 million, and of those 21% of losses were at least R18 million per case. It found higher-level perpetrators do the most damage. In 2022 62% of cases were perpetrated by employees in higher levels of authority, compared to 54% in 2014.
Another significant trend emerging from the recent ACFE report is the high median loss attributed to ‘check and payment tampering’. One theme emerging from recent audits is payment fraud involving a change in bank accounts. From an occupational fraud perspective, employees change bank account details to divert funds either to their own bank account or to one related to them. A typical example would be payments made to an employee’s daughter’s account or related entities. The modus operandi would be for the transaction to be based on a fictitious invoice on which it is impossible to verify whether or not the goods or services were ever rendered.
Another common example is for an employee to use one of the client’s subsidiaries to divert payments into their own bank account and thereafter conceal it with sophisticated accounting and/or journal entries. Such instances can go on for a prolonged period: the Report to the Nations survey found that fraud schemes can continue for months or even years before they’re detected – the median lasting 18 months before being caught.
The basics of fraud do not vary with the particular scheme: an opportunistic incident may be based on, firstly, the pressures of difficult economic conditions; secondly, someone sees the opportunity from weak internal controls in an environment of, for example, working from home; and thirdly ‘rationalisation’ by some disgruntled employee who justifies their criminality by saying ‘I’ve given 10 years of my life to this organisation and have nothing to show for it’. That’s simply Fraud 101.
Rather than relying on the periodic audits, company management need to all year round redouble their efforts at identifying fraud risk indicators. Fraud only occurs where employers are not monitoring them sufficiently by paying more attention to the previously mentioned three factors critical to fraud. The basics of control include monitoring the red flags such as employees not taking leave; lifestyle changes; and bypassing of accepted policies and procedures – because this is where red flags are inherently to be found.
Corporates therefore need to go back-to-basics, review their controls to mitigate the risk of fraud – with heightened monitoring of the red flags in the organisation.
The best advice to any business in detecting occupational fraud is that such incidents are more likely to be exposed by a tip from a fellow employee than by any other method. More than 40% of all cases were detected by such a tip, according to the Report to the Nations.
Every corporate organisation in this country, whether listed or unlisted, should heed this advice. There’s currently far too much reliance on the reactive approach, whereas a back-to-basics attitude puts business owners back in the cockpit. There is sometimes a reluctance to do so when a company has already lost money and views any preventative action such as actively monitoring existing fraud policies and procedures as throwing good money after bad. Certainly, it might be time-consuming to test, perform additional checks and balances or supervision – but it need not come at a financial cost.
Furthermore, small businesses are not in the least immune to the scourge of fraud. In fact, the Report to the Nations shows they suffer disproportionately. It found that the smallest organisations in the study suffered a higher median loss than the overall median loss for fraud cases in the study. This is because such businesses typically implement fewer anti-fraud controls than their larger counterparts, increasing their vulnerability to fraud.
Keeran Madhav is director: forensic services at Mazars in South Africa.