Focus on Finance - Summer 2017
Fraud in your business—some things you need to know
Board members and management are responsible for ensuring that robust risk management systems, processes and procedures are in place within an organisation. Further, they need to ensure that these systems, processes and procedures change to meet the needs of the organisation as it changes. Not appropriately addressing the risk of fraud can lead to significant financial losses and in some cases reputational damage.
The findings of the Association of Certified Fraud Examiners (ACFE) in their “Report to the Nations on Occupational Fraud and Abuse” has again emphasised the need for directors, business owners and management to be vigilant when it comes to fraud and corruption.
Some of the more notable finding in the report from those surveyed included:
- Organisations lose 5% of revenues in a given year as a result of fraud;
- Asset misappropriation (cash, inventory and/or plant and machinery) was the most common type of fraud; and
- In over 94% of cases the offenders attempted to conceal the fraud by creating and altering documents.
Common weaknesses we have found when undertaking fraud investigations, and some of which were also observations made in the ACFE report, include:
- Insufficient segregation of duties;
- Lack of management review;
- Poor record keeping practices;
- Failure to sight original documents; and
- “Trust” being a main contributor to a breakdown in process - with trust being placed in employees and management without sufficient controls to prevent or detect fraud if that trust is breached.
It is therefore paramount that directors, business owners and management alike set the appropriate “tone” of their respective organisation. Firstly, through the implementation of policies which promote the values of the organisation and also provide effective internal controls and governance. Secondly, by demonstrating an adherence to those policies and appropriately investigating any ethical concerns raised by employees or suppliers.
The ACFE report also revealed that tips were the most common detection method of fraud. We believe that to further enhance good governance, due consideration should be given by directors, business owners and management in implementing mechanisms that will provide employees and suppliers an avenue to raise ethical concerns without fear of it negatively impacting either their employment or contractual arrangements. An independently run Whistle-blower Hotline service that allows concerns to be raised anonymously and/or confidentially is one such mechanism.
Whilst it is important to ensure that there are appropriate prevention and detection mechanisms in place to both deter and detect fraud it is equally as important that an organisation has a framework in place to respond to identified fraud issues once detected. Not responding to these matters effectively can lead to further losses (litigation, fair work costs) and may have a detrimental effect on the reputation of the organisation.
So, what does an organisation need to do to effectively respond to a fraud issue which has been detected? Some things to think about are listed below:
- Assess the situation—what type of fraud is it
- Seek support and guidance from experts
- Communication—only those within the organisation that need to know what has occurred should be informed. The number of people that need to know will change during the course of the investigation. However, too many people knowing about the issue can jeopardise the investigation.
- Make sure you develop an investigation plan that is consistent with your own Misconduct disciplinary policies and procedures and ensures that natural justice is observed.
- Ensure that evidence is collected in a manner which will give it the best chance to be admitted into evidence at a later date.
- Ensure that when interviewing any alleged perpetrator that your interviewers have the necessary skills to carry out that task—and always ensure that the alleged perpetrator is treated fairly and the principles of natural justice are applied.
Fraud is a risk that needs to be mitigated. Policies, processes and procedures need to change as an organisation changes to ensure that they meet the needs of the organisation. It is important to make sure that prevention, detection and response mechanisms are in place. Ultimately the responsibility for ensuring that this happens rests with directors and senior management. However, we should not forget that all personnel within an organisation have the responsibility to prevent fraud.