Ten Early Warning Signs Of Fraud In Organisations
1. Erratic reporting
Erratic, incomplete, late or excuse laden management reporting is often a classic sign that something is wrong. One of the possibilities is the existence of fraud. Further investigation will reveal common excuses used are often the frequent occurrence of IT failures, technology compatibility issues between different company systems or international systems. Act: Insist on up-to-date reporting. Wherever appropriate adopt an enterprise-wide approach to technology to help with systems issues.
2. Apparent Process Laziness
A weakening of anti-fraud and data security systems can happen naturally, over time; and is normal – especially when things get busy. However, with the seemingly right processes in place, top level management are often lulled into a false sense of security that they are actually being used, whilst the fraudster is busy at work getting around them. Act: Make sure you implement the suggestions of your internal compliance managers. Where systems/processes are under pressure when used in practise, introduce a review process – and then adapt them promptly.
3. Organisational change and the desire to dump data
A major indicator can be the act of deletion or pressure on staff to delete, remove or otherwise dump past records following a restructure. An excuse of, “oh I’m sorry those files were destroyed.” should be cause for alarm. Act: Take care to establish and log where paper documents are and when they should and should not be stored. Identify who is in control of the system processes and who is responsible for and has ownership of the records.
4. Data Inconsistencies
Whether it is archive data or cross reference checks that are missing or wrong; factual inconsistencies will also occur naturally. The cheats who seek to defraud an organization will use the possibility to explain such inconsistencies and hide their fraud. Act: Make sure that all files are electronically stored, with appropriate back-ups as part of your compliance systems and that no-one has the access to any files that include a DELETE capability.
5. Audit-Time Delays
Excuses, confusion or wild goose chases when disclosing to auditors, be they internal or external, can be a telltale sign too. We need to remember though that the audit team is not there to find fraud, rather to ensure that the correct processes are in place that will deliver appropriate protection. Act: Ensure that everyone treats audits as important and make sure that they are completed on time and properly, and with appropriate audit skills. Make sure that the business critical and financial exposure areas take a priority and act upon all failings both quickly and completely; with follow-up audits if necessary.
6. Behaviour Abnormalities
These can range from acute defensiveness and resistance to attending review meetings, through to blaming strategies or even aggression when specific questions are asked about processes or figures. Research shows that internal fraudsters are most likely to be either ‘youngsters who cut across the processes and systems’ or ‘middle aged executives with the authority and a gripe’. Act: Get HR more closely involved. Then if you still have concerns about such people upon closer inspection, all the relevant files need to be pulled and checked.
7. Gossip Mongers in overdrive
Staff whispers and rumours “that all is not right” should always be taken seriously. These are, however, so often overlooked by senior management. Act: Listen, take all such rumours seriously and investigate the reality.
8. Twitchy Non-Execs
Good non-execs provide a considered, independent and external perspective. Often they bring in specific expertise from outside the board’s immediate experience and their skills can vary from financial knowledge through to IT. When their comfort factor ‘goes south’ or when they have a ‘bee in the bonnet’ about something that does not add up or make sense, they often have good reason to worry. So must you. Act: It is always good for the business to maintain a fresh supply of new thinking, new approaches and new concerns. Thus if non-execs have concerns about particular issues, one should allow them to bring in the appropriate specialist experts that can investigate matters more deeply.
9. Unofficial IT Work
Technical staff working around the enterprise conducting unsupervised IT activity often outside normal hours, can also be a worrying sign, both from a risk and a cost perspective. Not every company is large enough to have a full IT department that might spot such issues through system audit trails. Act: Do the IT security staff look and think further than just password expiry issues? Make sure that someone is on the look out for data-theft, IPR theft, time theft (people spending all day on facebook etc.), or simple theft of IT assets. Make sure you have a proper asset register and IT audit system in place.
Where people are given a title but without actual responsibility, it can effectively cover up what is going on with those who do have responsibility or power in a situation. The fraudster’s hope is that should the balloon go up the scapegoat takes the blame, at least long enough for records to be destroyed and evidence removed. Act: Make sure that you have strong and cascaded accountabilities. Ensure that people know what they should be doing, and that they are doing what is required of them. Make sure that everyone is contributing to the business objectives. Make sure HR is involved in creating or reviewing job specifications.