With recent surveys showing that instances of employee fraud are still on the increase, and HMRC showing regrettable lack of ability to safeguard personal data, eliminating poor security practices which make fraud easier is becoming even more important.
The following practices are not uncommon and create a significant risk of fraud:
Leaving signed blank cheques for use when the signatory is away. The risks inherent in this practice are clear. It is preferable to have a second signatory who is required to sign checks when another signatory is absent.
Rotating signatures. If a number of people can sign cheques, a fraudster can ‘rotate’ the signing of cheques, which makes the exercise of effective supervision very difficult. This is particularly common in frauds involving withdrawals of cash.
Electronic passwords and transfers. Access to any sensitive data, or any account, should be strictly controlled and a system of checks instituted to monitor inappropriate or otherwise suspicious activity. The absence of checks operated at the bank makes the need to have very tight security procedures over electronic transfers critical. Data security is crucial and the loss of data can lead to significant fines as well as commercial loss.
Similarly, and email purporting to come from a bank which concerns your account should be treated with great caution.
Internet banking scams. These are becoming increasingly frequent and increasingly sophisticated. Sometimes they involve a great deal of research into a company, which allows the scammers to create what look like genuine intra-company instructions to pay (typically a requirement to make a payment immediately when a key person in the chain is absent or their guard is down). For example, in one case, an e-mail was sent to the FD of a company - ostensibly form another senior employee - who was en route to Heathrow to go abroad. The email required payment that day of a substantial sum to a supplier (whose credentials had already been maliciously established) supplying false bank account details. Another common scam is to be contacted by the 'bank security department', who extract sufficient information to carry out fraudulent transfers.
Delegated authority without control. It is essential to have controls in place where certain areas of the business are under the sole control of one person. Check that all payments for services or goods received are correctly made and constitute proper value for money. One of the easiest employee frauds to get away with for year after year is the ‘kickback’ from a complicit supplier. Make sure that purchasing decisions are subject to periodic value for money testing and if the payments made are more than the market rate, find out why.
Employees who insist that all ‘their’ paperwork is left untouched until their return from holiday. This is a clear warning sign that they do not wish to have their work scrutinised by other people. Find out why.
Not counting noses. With the large number of people gaining employment temporarily in the UK, it may be a simple matter to continue to pay an employee who has left, who then shares the income with the employee facilitating the fraud. The number of names on the payroll should be the same as the number of people employed. Make sure it is.
Buying from and selling to the same firm. It may sound like good sense to deal with a customer that is also a supplier on a single account. It normally is – but one danger is the possibility of a fraud where purchases are either fictional or delivered elsewhere. Because there are entries on both sides of the account, they may go unchecked. The cheque written agrees with the total on the ledger account, but is that verified?
Concentrating on big items only. The essence of the most successful long-term fraud is that it does not attract attention. It is the smallness and regularity of the transaction which establishes it as ‘part of the furniture’ and makes detection less likely. Make sure that ‘small’ accounts are reviewed, at least on a test basis.
If any of the above practices go on in your organisation, it is time to take action to rectify them. Remember, most internal frauds are carried out by highly trusted employees.
The enterprising and corrupt employee has a great advantage over most criminals – a detailed knowledge of the control systems of the organisation which is being defrauded. Make sure you act to protect your business.
It is also worth mentioning that some insurance policies do not cover employee fraud, or offer minimal cover.