Internal Fraud and abuse: a genuine risk. Did you get your assessment yet?

Are you aware where your vulnerabilities and risks are?

Occupational fraud and abuse is one of the most serious threats to business nowadays and yet it is also the one most overlooked. The Association of Certified Fraud Examiners estimates the average losses to businesses running up to 7% of the revenues as a result of misappropriation of assets and corrupt activities such as kickbacks.  With a Gross Domestic Product figure of 180 billion for the year end March 2009 in New Zealand, we are talking about a potential of $12.6 billion that was lost on fraud if we translate these figures to New Zealand by those that are supposed to protect the bottom lines of business instead of threatening them. I have found no documents that could indicate that the situation would be any different in New Zealand. What does strike time and time again in reading these reports is that especially smaller sized businesses are extra vulnerable and that is exactly what the New Zealand market consists of for the most part: smaller businesses. Economic times have put many under pressure and it is noted that occupational fraud and abuse appear to be on the rise. With times hard enough as they are adequate protection should be maintained even though it does not directly contribute to the generation of revenues. There are several steps you could consider:

  • Establish a whistle blower facility through which anonymous tips can be forwarded by employees, customers and vendors. Tome and time again this has proven to be a valuable tool in the timely detection of potential fraudulent activity;
  • Implement a written fraud policy detailing what will happen in case occupational fraud or abuse are discovered;
  • Provide fraud awareness training which could start by communicating existing procedures clearly but after that consider the help of a professional to assist your staff in learning how to spot the signs and what to do when they do spot potential fraudulent activity;
  • Ensure that your information security is up to date, and I do not just mean keeping intruders out but ALSO internally;
  • Conduct proper pre-employment checks. In the end: you hired the fraudster;
  • Appoint someone to take responsibility;

What these steps indicate above all is to take a pro-active stance instead of a reactive one. Damages caused by fraud and abuse can very quickly run up to substantial amounts if they stay undetected. No system is 100% fraud resistant but there are ways to ensure that frauds are detected as quickly as possible. This is especially important for smaller businesses, taking into consideration that full recovery is seldom achieved and the damages may be harder to bear. You would not be the first small business that had to close its doors or had to fire innocent employees because of the damages cause by occupational fraud and abuse.

THE BEST DEFENSE IS A GOOD OFFENSE. This is why businesses bring in professional outsiders that can assist them in identifying the gaps or weak areas. Dierckx & Associates Ltd offers the possibililty of a Fraud Risk Assessment: a comprehensive analysis of the vulnerabilities and risk tolerances in your business, an examination of existing fraud policies and measures and a determination of the adequacy thereof. Typically  this will result in a detailed report with findings and recommendations in the form of actionable steps to create more effective fraud prevention an detection.


A typical reaction on post such as this one will be that “we don’t have the resources to implement the suggestions you are making.” I am very well aware of the budgetary restraints that come with small businesses. Many effective controls and measures can be implemented at very low to virtually no cost. It is also important to keep in mind that if your pro-active measures prevent only one fraud or employee theft your efforts and associated costs probably have earned themselves back.

Don’t wait until it is too late. Contact us so we can discuss what your needs may be and where we may be able to assist you.

This post was originally posted at Dierckx & Associates.

A Pro-active Approach to Occupational Fraud, Abuse and Employee Theft

Time and time again reports show that when it comes to fraud, the greatest threat is not from outsiders but from insiders. Organizations can be proactive in preventing, detecting, investigating and resolving employee theft and fraud. 

Senior management and business owners set the example for the organization’s employees. A non-consistent attitude toward rules and regulations by management will more than once be reflected in the attitude of employees. Every employee, regardless of their position, should be held accountable for their actions, so yes that includes top management.

And in all honesty, more than once we have found our initial client contact to be the involved party. It is often management that has the greatest access to fraudulent opportunities and it is more than once that same management that can get away with control overrides.

Create a positive work environment that encourages employees to follow established policies and procedures and act in the best interests of the organization.

Fair employment practices, written position descriptions, clear organizational structures, comprehensive policies and procedures, open lines of communication between management and employees, and positive employee recognition will all work to reduce the likelihood internal fraud and theft.

I see the importance in my daily practice. Once fraud and/or theft is established and a  perpetrator has been identified, more than once the issue of feeling not-recognized is at least part of the motive for stepping across the line.

INTERNAL CONTROLS– Internal controls are designed to ensure the effectiveness and efficiencies of operations, compliance with laws and regulations, safeguarding of assets, and accurate financial reporting (See for instance the COSO model).

The internal controls controls for safeguarding assets and financial reporting require policies and procedures that address amongst others:

  • Separation of Duties
    No employee should be responsible for both the recording and processing a transaction. I am aware that In New Zealand with a substantial percentage of very small businesses this is sometimes hard. However there are always options and more than once overriding this basic procedure for the sake of practicability has been disastrous.
  • Access Controls
    Access to physical and financial assets and information and accounting systems should be restricted to authorized employees and its use should be monitored on a regular basis.Start off with simple checks: just ask your employees out of the blue, I need the password of so and so who’s not here today, can anyone help me? You’ll be surprised, or check for the yellow post its on the bottom of the screen or the back of the computer.
    And where it comes to physical access: more than once actually today I could have nicked all the confidential assets of my client: the person I was supposed to meet was tucked away in the back of the building, the rest of the crew was at a seminar, and me I walked around and saw computers standing open, no one to receive me at the door and access to all offices. Not good.
  • Authorization Controls
    Policies and procedures addressing the controls to initiate, authorize, record, and review financial transactions.
    Internal controls will reduce the opportunity for fraud as a detterent factor and will enhance the efficiency and effectivity of your operations.

If you hire dishonest employees you run a risk. Honest employees are an asset to any organization, even one with poor internal controls. However, a dishonest employee will ignore management’s attempts to provide a positive work environment and search for ways to defeat even the most comprehensive internal controls to commit fraud.

It is good to realize upfront that no internal control system is  100% fail safe.

Therefore it is very important to keep dishonest applicants from becoming an employee. A thorough pre-employment background check should include:

  • Criminal history for crimes involving violence, theft, fraud, etc
  • Civil history for lawsuits involving collections, restraining orders, fraud, etc
  • A financial background check (Baynet)
  • Driver license for numerous or serious violations especially where driving is part of the job
  • Education verification to verify degrees from accredited institutions. By now I receive approximately 20 emails a day offering me different  degrees and certifications for sale. You can no longer afford to be just impressed with what you see. A check is a  requirement.
  • Employment verification to verify positions, length of employment, reason for leaving

Employees should receive information on the policies and procedures related to fraud, the internal controls in place to prevent fraud, the organisation’s code of conduct and ethics policies, and how violations of these policies will be disciplined.

Every employee should sign a form to verify the receipt of this material. On a periodical basis it is recommended that employees receive training on these subject matters.

And before I forget: referring new employees to the companies intranet for further advice without providing them a full package is not a good option top keep them updated. They are an important asset, make education something personal.

If anything, more than once I encounter witnesses saying that they “had this feeling all along that something was not ok. But I didn’t know where to go to to express my concerns and I didn’t want that colleague to become a suspect for nothing”

Every organization should provide a confidential reporting system for employees, vendors, and customers to anonymously report any violations of policies and procedure and even concerns.

Employers should promote and encourage the use of the reporting system. Not just from a reactive point of view but also pro-actively. More than once vices are involved or  signs are visible at an early stage, bosses don’t see, colleagues do: make sure they can communicate those concerns.

Random, unannounced financial audits and fraud assessments are important to identify new vulnerabilities and measure the effectiveness of the controls in place.

In addition to gathering important business intelligence through audits and assessments; it will deliver a strong message to employees that a pro-active stance in respect of fraud is a priority

A thorough and prompt investigation of policy and procedure violations, allegations of fraud, or the warning signs of fraud will provide management with the facts necessary to make informed decisions and reduce losses.

And again it send a strong message to the internal organization that these things are taken seriously.

Employees who are identified as committing fraud and theft should receive appropriate punishment for their misdeeds. A failure to do so leaves an impression that the only risk for this conduct is termination. At all times it is recommended that recovery of damages including the costs of investigation, litigation or prosecution is sought.

This post was previously posted at the Dierckx & Associates Blog. I believe, based on current experiences that it is still current.