INTRODUCTION
Employee fraud is now more or less present in every company of every industry. Companies have been reluctant to address this issue, therefore causing a 'black hole' in the companies performance.
Fraud has developed dramatically in the past five years, as employees get even more skilled, more cunning, and more devious.
The multinationals of 'Barings', 'BCCI', 'Pollypeck' and 'Sumitomo' have all experienced the full force of fraudulent behaviour and are all lessons to be learnt by other organisations.
But how do you prevent a fraudster from committing such acts, not only harming a company's reputation but by causing major losses.
This report aims to give an insight into the world of fraud, and how and why it exists in t he workplace.
WHAT IS FRAUD?
"All those activities involving dishonesty and deception that can drain value from a business, directly or indirectly, whether or not, there is personal benefit to the fraudster"
(Davies, D (2000) P. 2)
Basically, what the definition is saying is that fraud can be a whole range of activities from gross mismanagement involving an element of deception, unauthorised risk taking irregularities, manipulation and theft through to the major international frauds. There are of course legal provisions under which fraud is prosecuted. However, whether or not an incident qualifies for prosecution, is not the main focus of this report.
The key question is: does an incident impact value? If it does, then it concerns the board of a company and its shareholders.
Pressure
Pressure is often the root cause of fraud. Many cases are by overwhelming pressure. Types of these pressures could be either, business or personal related. Business related such as, to meet targets, to reach bonus thresholds, to keep one's job, to maintain a promotional path, or to prop up an ailing part of the business. There are also personal pressures such as financial problems, serious gambling habits, expensive divorce settlements or even extravagant lifestyles.
Some pressures are unavoidable, the prime step to take is to recognise and manage them. A company manager should ask him/herself, what pressures are employees under within the company? Where are the pressure points? Is the company creating pressures that will result in fraudulent manipulation? And finally, it will need to be looked into how to manage the pressures.
Escalation
Most frauds are some sort of 'spiral'. Meaning, they do not start from an intention to commit fraud. It is commonly known for a fraudulent incident to start as an error concealed, some minor form of unauthorised risk taking or bad business practice. Lie builds on lie, deception on deception. To cover up one lie, a person is forced to make another.
This trend of escalation has fundamental implications for fraud risk management. The challenge is to stop things in the early stages, ideally before the fraudster even joins the company. Recruitment screening is therefore essential. So too is fraud awareness, at all levels so that the early warning signs or fraud are identified. In a significant number of cases, someone knew or suspected what was going on but did not know who to talk to and/or did not feel that there were adequate protections for them as a whistle blower. Thus, it is important that there are reporting channels (procedures) and protections for those who have fraud suspicions.
Disasters Waiting To Happen
Frauds are often 'disasters waitng to happen'. It is only a matter of time before a disaster occurs. Some of the factors are to do with risk management and internal control. Others relate to the wider business environment such as the people, culture, ethics, management structures, reward structures and communications in a company.
2 WHY PEOPLE COMMIT FRAUD
In simple terms, a person commits fraud when a motive corresponds with an opportunity. These motives could be: greed, lack of cash, revenge, a sense of ownership of the stolen property or of having earned it. A possible reason why the opportunity may arise to commit a fraudulent action could be because there is little chance of discovery.
In most cases, the fraudster is a trusted manager who, for various reasons, becomes involved in dishonesty and deception.
2.1 Pressure To Perform
As already mentioned, pressure to perform is a key reason for fraud being present in the workplace. Here are a few examples:
* A managing director falsifies a company's financial position in order to obtain a rights issue.
* The chairman and finance director of a company inflates the company's worth in order to raise substantial equity and loan finance.
2.2 Beating The System
One would say, the most common image of a fraudster beating the system is that of a lonely and alienated hacker breaking into a company's computer system. However, the challenge to beat the system features in many other frauds. For example, a highly paid operations manager in a London bank fiddled his expense claims not because he needed the money but because he got satisfaction out of breaking the rules.
Greed is also a common motive but is usually driven by a secondary factor.
2.3 Boredom
Not all frauds involving large amounts of cash are motivated by greed, in one case, a fraudster who had recently been released from prison, embarked on a plan to deceive banks of £1 million. He did not smoke, drink, gamble or even own a car, despite having ten driving licenses. He created nine different identities with 11 banks and opened 90 accounts. For each identity he took a driving test to get his licence. The fraudster became known to the police as the 'pipe and slippers' fraudster.
2.4 Revenge
Revenge is a factor in certain types of fraud. It may be due to perceived exploitation of employees, frustrated ambition, demotion of individuals following a reorganisation or take-over or low morale due to a redundancy programme .
3 THE CAUSES OF FRAUD
This chapter of the report will be concentrating on the causes of fraud and what factors can influence fraudulent activities. To assist in identifying these causes the following model will be used.
Figure 3.1: The causes of fraud
Figure 3.1 above is a model used to analyse the causes of fraud. There are three dimensions to the model starting in the centre with the Business Strategy, which includes the Core Business Processes and the Support Processes, for example Finance, IT and Human Resources. The second dimension is Fraud Risk Management; this dimension is incorporated by using a range of measure to control the risk of fraud from inheriting the business strategies and processes. The final dimension is known as the Business Environment, which has a major impact on the implementation of the business strategy, the processes and the fraud risk management.
3.1 Business Strategy
The business strategy can be influenced greatly by wide external forces, like for example Globalisation, Technological change, etc. These forces are looked at later in the report.
If the business strategy is not implemented properly, then you may have delays in the programme and most importantly the staff may engage in fraudulent activities, due to neglect feelings. Indications of such activities include low morale, unusual behaviour or high staff turnover. A good business strategy should identified the following:
* What the company strategy is?
* How well it is formulated?
...
This is a preview of the whole essay
3.1 Business Strategy
The business strategy can be influenced greatly by wide external forces, like for example Globalisation, Technological change, etc. These forces are looked at later in the report.
If the business strategy is not implemented properly, then you may have delays in the programme and most importantly the staff may engage in fraudulent activities, due to neglect feelings. Indications of such activities include low morale, unusual behaviour or high staff turnover. A good business strategy should identified the following:
* What the company strategy is?
* How well it is formulated?
* How it is involved in devising it?
* How well it is communicated?
If these areas are not clarified then there is the chance of staff resulting to fraudulent activities.
3.2 The Fraud Risk Management
This dimension of the model concentrates on methods to measure and control the risk of fraud from interacting in business operations (strategies and processes), such as the Finance department.
An example of this dimension would be a business with fraud policies, which the staff have no acknowledge of, due to poorly define or not defining the policies clearly. In such situations the Fraud Risk Management has the responsibilities to make sure the policies or codes are clearly defined, monitored and implemented effectively.
Fraud Risk Management consists of the following areas, which are identified the figure 3.1
3.2.1 Anti-fraud Strategy
This strategy is not found in many businesses, but the one's who do, cover only certain aspects of fraud risk in the workplace. In other words a business may concentrate on one type of fraudulent activity and not another's. For example a car insurance company may have a strategy for identifying clients fraud (e.g. computer systems), but not for other fraudulent activity like, staff mis-leading information.
A good Anti-fraud Strategy should include aspects like.
* The businesses stance on fraud and other breaches of the ethical code.
* What is done and who deals with fraudulent or breaches of the codes.
* Ways of measuring, controlling and monitoring the effectiveness of the strategy.
3.2.2 Fraud risk assessment
Fraud risk assessment is simple assessing the risk of fraudulent activity occurring in business operations. It dose not just look at the business operation but also looks at the strategy approach used to prevent fraudulent activities.
Here are some reasons, which show the need of fraud risk assessment
* No systematic process to assess fraud risk in the first place.
* Overriding the trust of employees.
* Relying on risk management to assess all risks, as well as fraud risk, along with health and safety, insurance covers, fire risk, etc.
* The tendency to see fraud risk as an unlikely chance.
Fraud should be assessed separately to the other risks, as it can occur in any part of the business functions and if it succeeds it could result in huge financial risks to the business.
3.2.3 Performance measures
Another word used for performance measure is Key Performance Indicators (KPI). The idea of having KPI is to monitor the performance of the business, which is essential as it is used as an indicator to give a picture of the businesses progress. In order to paint the picture there is the need for data. This data can be questionable on its reliability; therefore KPI is used so that false perceptions of the data are not perceived. Fraudulent activity may be used to give these false perceptions.
Here are some fraudulent issues associated with KPI:
* Actual sales versus forecasts - the sales could be false or advance discounts may be given to customers, to make figures match.
* Supplier's quality performance - bribery may be given to the quality inspector, therefore KPI is needed to ensure the quality.
* Material usage versus planned - the quantity may be less due to inefficient usage or staff using materials for personal use.
3.2.4 Direct controls
Direct controls are concerned with the purchasing aspects of the business. For example, regards to the supplier used, he / she could be found teamed with management so that one can supply invoices and the other confirming them (shown on the records as a legitimate transaction) then splitting the money 50/50. Therefore direct controls have to be put into place to ensure such activities are not carried out at any level in the business.
3.2.5 Fraud responses
Here the concern is regarding the protection of whistle blower. In significant number of cases staff are aware of who has committed the fraudulent offence, but do not know whom they should talk to or the procedures to take. But the most important issue is the confidential protection of the whistle blower. Staff may be forced not to let, as they are not familiar with the protection they would receive. Businesses should meet the requirements of the Public Interest Disclosure Act, which ensures protection of whistle blowers.
3.3 The Business Environment
This is the last dimension in figure 3.1. It is concerned with the internal aspects of the business. This dimension has a huge influence on the other dimensions, which means it should be analysed carefully.
3.3.1 People
"People commit fraud, not business or systems"
(Davies. D (2000) P. 45)
People can disclosure a lot about the business, which may result in fraud risk, for example a finance staff members may disclose financial information to a sales staff, who can take the information as an opportunity to commit a fraudulent activity.
When looking at people as a cause of fraud, there are many aspects that have to be taken into account, shown as followed:
* Recruitment screening 1
* Career moves 2
* Morale issues 3
* Management styles 4
* High staff turnover 5
3.3.2 Culture & Ethics
The following quotation defines what cultures is in business terms:
"A company's values, how a company does business, its management style and how it treats its employees, customers, suppliers and the other stakeholders."
(Davies. D (2000) P. 53)
You then have national cultures in which groups (people) operate; the fusion between the two creates a vast and complex matrix of cultures. Businesses assume their cultures will be adopted by the host locations, this create the risk of fraud in the workplace.
"Defining what is acceptable and what is not."
"There are a thousand shades of grey."
(Davies. D (2000) P. 54)
Ethics and Culture has close links among each other. Therefore both areas should be considered equally when examining them. Within this area of the dimension there area several problems which businesses face, these are identified below:
* Cultural confusion 6
* Cultural pressures 7
* Poor ethical codes 8
3.3.3 Management structures
Management structures are the foundations to internal control of the business environment. Reorganising the structures reflect improvements to the structure, although the changes are not always seen as the best ones.
"The structure defines the roles, responsibilities and reporting lines on which controls are based"
(Davies. D (2000) P. 58)
Complex structural issues carry huge risks of fraud, the idea is to identify the risks before they inherent the business. The reason for such high risk, all come down to the complex structure, there may be too many levels in the structure which means the process of identifying fraud risks will costs and take time.
These are some key areas within the management structures:
* Matrix management 9
* Role definition 10
* Status of finance 11
3.3.4 Reward structures
When management set reward structures they must also make sure staff are made aware of the difference between the businesses strategies and the reward structures being offered.
"Where the reward structures and the business strategy are misaligned, serious problems can result."
(Davies. D (2000) P. 70-71)
Reward structures have to be implemented carefully with a clear objective, ensuring that they will benefit the business as well as the employees. Reward structures need only to be used, when the business is facing difficulties, like when the business is suffering financially.
The following are some examples of reward structures:
* Bonuses 12
* Earn-outs 13
3.3.5 Communication
It is important that both management and employees can communicate issues within the business, issues that may put staff under pressure to result to fraudulent activities.
"Effective communication can contribute to a successful operating environment."
(Davies. D (2000) P. 75)
The above statement clearly states in order to have effective operational environment, without the risk of fraud; there is the need for effective communication links.
The following are two example of communication, which can reduce the risk of fraud in the workplace:
* Poor organisational learning 14
* Communication of fraud and ethical polices 15
3.4 The forces influencing fraudulent activity
The following is a list of forces, which can influence the risk of fraud, occurring in the workplace:
* Globalisation
* Technological change
* Empowerment
* Downsizing and de-layering
* Matrix management
* Outsourcing
* Management style
* Change and discontinuity
4. WHAT HAPPENS
The world of fraud is made up of many individuals, with a fine array of skills and ideas and share one common belief 'I can beat the system'. This section looks at the type of frauds that have been taking place in today's workplace.
4.1 The scale of fraud
In the typical organisation fraud has a wide scale, this is largely dependent upon the fraudsters skills, capabilities, ideas, opportunities and ambitions.
On one end of the scale you may have the post room workers, who helps themselves to the companies stationery once in a while, whilst on the other end of the scale you got senior accountants fraudulently diverting millions of pounds into their accounts.
4.2 Types Of Fraud
There are many types of fraud being committed in today's workplace. Such frauds include:
* Theft
* Misuse of resources
* False claims of job applications
* Cheque fraud
* Card fraud
* Accounts manipulation
* Money laundering
This list is certainly not exhaustive, cases where employees commit fraud are not usually announced to the general public because it is a bad image for the company and may deter investors and customers. But when fraud is committed to a large scale such as the cases of BCCI and Robert Maxwell then keeping things under wraps becomes very difficult. The types of fraud that occur will vary from industry to industry and company to company.
For companies to gain an effective risk profile it is vital to look at the more common frauds. In this section we look at typical workplace fraud scenarios.
We begin with an area of fraud that is spreading rapidly across organisations that is:
4.3 Computer Fraud
New technology has opened new avenues for businesses and so too for the fraudster. The trend in today's organisation is that in terms of IT knowledge the gap between junior level employees and senior management is widening. IT skills are more abundant at the lower levels of the organisation. Senior management is still proud of the fact that they cannot even turn on a PC. The risks of this technology are somewhat underestimated by senior management.
Here is some common computer fraud scenarios, which take place in many organisations today:
4.4 Password
A payments clerk in a bank discovered his supervisors password which made it possible for him to prepare, authorise and send a payment instruction for £10 million. The attempted fraud was detected because staff at a receiving bank realised the instruction was unusual and queried it with the originating bank's management.
(Davies, D 2000, p103)
4.5 Credit
A data entry clerk processed valid credit notes twice to a particular customer. A friend of the customer would claimed a refund for the excess credit and forwarded a share of the refund to the clerk.
(Davies, D 2000, p105)
4.6 Busy Travel Agent
An employee of a large international hotel chain used his computer knowledge to devise a system where he could fool a networked computer booking system into thinking that hotel reservations all over the world had been made by a particular travel agent, who could then collect a 10% commission.
(Davies, D 2000, p107)
4.7 Cheque Fraud
Cheque fraud includes impersonation, giving false details, altering payee details, forging signatures and manufacturing copies of company cheques.
Colour Copiers
Four employees made near perfect copies of stolen blank cheques on a laser photocopier, They paid the bogus cheques into bank accounts under false names before withdrawing money from cash points. In 6 months the printed £100, 000 worth of cheques. The photocopiers were so accurate that only forensic tests could distinguish them from the real thing.
(Davies, D 2000, p238)
4.8 Electronic Payments Frauds
The largest frauds that have taken place have been with the abuse of money transfer systems. These types of frauds can only be discovered by chance rather than any controls.
Code Numbers Scrambled
An employee who worked in a computer systems department at a bank's headquarters stole customer data including code numbers. A collaborating computer engineer sent to the bank from a temporary personnel firm decoded the scramble on the code numbers.
However there was a variable code number, which changes with each transaction. The fraudsters were able to sneak through the security barriers. Using a PC the group trans transmitted a large amount from a customer account. The next day they transferred a similar amount from 3 bank branches to an account at another bank. An attempt to withdraw the funds all at once raised suspicion.
As was mentioned earlier, any fraud that occurs in an organisation is kept under wraps, any word of fraudulent behaviour could have adverse effects on the stakeholders but some cases are so adventurous or so severe that they are very difficult to keep quiet.
Let's take a look at two headline cases:
Barings- The unauthorised and concealed trading
Nick Leeson was perceived to be a "star performer" a Japanese broker quoted on Leeson "we all thought he was unbeatable", Daily Mail 28th Feb 1995.
Nick Leeson bought down the Barings bank by his persistent unauthorised trading through account 88888, by 31st December 1994 he had accumulated losses of some £208 million on that account, he represented that he was making a profit. The unauthorised trading by Leeson was concealed in falsified reports to London, misrepresentation of profitability of Barings trading and a number of false trading transactions and accounting entries. In 1995 Baring report, it was stated "management failed at various levels and in a variety of ways to institute a proper system of internal controls".
4.9 BCCI- A "Full Service" Banks
This indictment spells out the largest fraud in world history. BCCI was operated as a corrupt and criminal organisation throughout its 19-year history. It systematically falsified its records it knowingly allowed itself to be used to launder the illegal income of drug sellers and criminals. And it paid bribes and kickbacks to public officials.
(See Punch, M 1996, p9)
The following statement summarises BCCI's operations:
" We use to go round to BCCI and pick up a bag of money to pay someone off. I would go to 10 Leaden Hall Street (BCCI headquarters) and see a man called !!!!!!!, he would smile at me, sign this piece of paper. I would write 'Mickey Mouse' on a piece of tissue paper which was then threw away. He handed me a bag of money, which I would then take back and distribute".
(See Punch, M 1996, p12)
5. PREVENTION OF FRAUD IN THE WORKPLACE
The best possible way to prevent fraud is to be aware that it exists. West (1988, pg 103) made an excellent quote for the prevention of fraud by saying "the only sure way to prevent fraud is to be aware that it exists, that it can happen to you and to take positive action to minimise the risk".
If a person has this sort of attitude then fraud would be minimal in that organisation as they are aware of it. However a great number of people whom fraud do it because they are confident that they can get away with it. The main reason for fraud is the lack of security. As explained previously throughout the report and it may be anyone of the reasons mentioned. So having adequate management supervising employees is very important as the culprits may be overviewed.
5.1 Codes applied by Plc's
The code that applies to all Plc's - which is a part of the stock exchange listing rules and the implementation of this, is the responsibility of the directors.
) The board must maintain a sound system of internal control to safe guard the shareholders investments and the company's assets.
2) The board must at least annually, conduct a review of the effectiveness of the company's system of internal control and risk management.
(Price, pg 58, 2000)
This proves that most fraud is committed by an insider or as described by many as staff. So if staff are the root cause of this dilemma then the prevention process should begin from them as well. The way to ensure that staff are good is by finding out more about during the recruitment process.
5.2 Recruitment process
During the interview challenging questions should be raised to detect a true fraudster. For instance if the interviewer said 'why did you leave your last employment?', 'why did you have a gap during 19XX-19XX and most vital of all 'do you mind if we take up some references'. This is very important as the candidate if fake then may reveal the truth through body language etc. or as confusion. If you know about the employee who has committed a crime many years ago but has changed since and paid the penalty for the crime. Then you may consider to employ them on their honesty and experience of the consequences of the crime.
The prevention may begin well before the interviewing stage such as the application itself. If on the application it is stated that by ticking a box the applicant is giving the company authority to investigate the applicants criminal record. The other scenario is when stating that a test will have to be taken before the interview to ensure the applicant has the right skills and qualification for the vacant post. Such measure will only attract genuine applicants.
5.3 Employee Awareness
Another method is to ensure that the employees are aware of the consequences involved towards fraudsters. If employees are aware through the channels of company rules booklet, videos or even case studies then a criminal may become reluctant to commit a fraud as they are aware and in fear of the consequences.
An addition to that would be regular checks on the transactions and employees should be very much aware of this. Scrutiny of the system will show opportunities and improve overall security.
5.4 Monitoring Transactions
The main rule in the organisation that any-one person should not complete any transaction, and that several people should crosscheck it. Also the control of finances should not be given to a person, but cross checked and counter signed by different members of staff. The prime example is cheques. If a cheque is to be issued or any form of finance for that matter then it must be authorised by numerous amount of staff. This will prevent money going missing.
When amending or working on a file it should be referenced, showing who used it and at what time. This will be beneficial as others will be monitoring the progress of the file or transaction, and the culprit may be caught.
5.5 Suspicion
Suspicion should exist to prevent fraud from occurring. If an employee is having personal or financial problems then they may be seen more vulnerable to commit fraud. Any employee who takes great interest and seems reluctant to take time off may be in the process of fraud and may se time off as a problem as it may ruin their plan or they may get caught.
5.6 Files and Documents
These are the most vulnerable to fraud because majority of the information required to commit the fraud is available. So if there is a weakness or a gap in the system then it may be exploited.
For most humans if something is forbidden we seem to take more of an interest in it. For example if a document has confidential, private, important etc. on it then a fraudster would be attracted to it.
As files and documents are easy to get hold of in the workplace they are available for browsing, security measures should and are being enforced. The filing cabinet has been a revelation in general security for files. Files can now be locked and only authorized individuals have access to it, but what guarantee is there that they are not going to commit fraud? (Back to the recruitment process)
Nowadays safeguarding of files is through the computer system. Passwords are set so not everyone can access the files. Work can also be referenced and saved.
5.7 When staff leave
Sometimes fraud may be committed out of spite or for revenge. This may be in the form of ex-employees. As explained previously ex-employees may see an opportunity to strike and take full advantage of it. So organisations must ensure that they have no access to the system is very important or it may prove costly. Disabling access by taking away logins codes and other form's of entry will make the system much tough to abuse.
Summary of Security in general
Monitoring the system and awareness of fraud is important, but general prevention using simple methods should be analysed and introduced. For example question should be raised and discussed such as;
* How often are passwords changed?
* Who has access to transaction files?
* How is payment issued?
* How do you deal with staffs that are leaving?
All these questions have been answered throughout the report and should be taken into consideration by all organisations to prevent fraud.
CONCLUSION
There is no sure way of preventing fraud. While man can reason man can also rationalise, therefore the possibility of fraud or deception exist in all human interaction and will no doubt continue for some time to come. The workplace can only learn from experiences of itself or others. Guidelines have been set to follow but these are not a sure thing for preventing fraud.
As new technology is always being introduced into the workplace, new avenues are being opened for fraudsters, so how can you prevent a fraud that you do not know anything about yet?
Fraud today is not fraud tomorrow, and if there is more fraud today than yesterday it does not mean it is on the rise, but may well mean that our standards of truth and justice are greater. We expect more truth and justice than we did before.
There is only one piece of advice that we can give to a fraudster: "Every good thing comes to an end"
Fraudsters can be long-term trusted employees, who have resulted to commit fraud due to personal pressures. It is important to have tough screening processes, as most fraudsters join proclaiming they are fully trained, but only join to commit fraud.
2 Here we are concerned with staff being moved to positions where they have little experience, skills or training.
3 These can be fatal for the business as these are seen to be the foundations for committing fraud.
4 Autocratic management styles are known to have close links with staff committing fraud.
5 This indicates that staffs are not motivated, happy or interested in their work.
6 Cultural confusion occurs when changes are not implemented correctly, staff may not perform to standards and therefore seen under the eyes of management as not performing well, this can give employees the incentives to commit fraudulent activities.
7 Pressure is one of the factors, which provokes people to commit fraud. Cultural pressures can mean unrealistic targets.
8 The ethical code depend a lot on the company's culture, management style and business strategy. This code has to be communicated effectively in order for it to work and if not, then there is the risk of fraud.
9 Matrix management involves a range of different risks, the problem with this structure is, it is hard to recognise the risks.
0 Role definition sets the foundations of what control or authority a position or member of staff has. Some staff may not prefer this and see it as an incentive to commit fraud, as they do not have the authority.
1 If the status of finance is not healthy then there is the concern about poorly controlled function, this may give fraudsters the advantage for committing fraudulent activities.
2 Bonuses have to be realistic and reachable or staff may manipulate their authority to qualify for the bonus, increasing fraud risk.
3 This is concerned with playing with figures (manipulating accounts). The idea is to give a false picture of the performance of the business, which will result in staff getting rewards.
4 Businesses tend to be learning organisation, but they fail to make staff aware of fraud in the workplace. Therefore if staff is not made aware, they may be reluctant to commit fraudulent activities.
5 Majority of businesses have fraud and ethical policies, the problem is they are not communicated effectively; alternatively they may not be defined clearly.
Fraud In The Workplace