You might have heard the statistic: in just about any size company, fraud claims between five and ten percent of annual revenue. Some fraudulent activity comes from external sources, such as cyber breaches or theft, but a good amount of fraud can come from within the ranks of the company itself. We take a closer look at how employees most often take advantage of internal systems for their own personal gain, and what organisations can do to reduce their exposure to these risks of fraud.
Most managers probably don’t think much about the likelihood of fraud being carried out by people on own their teams. They spend most of their time thinking about how to achieve their objectives and get the job done. Even the most demanding boss tends to trust the basic integrity of the people working with them and these are most likely among the many reasons employee fraud occurs, and often remains undiscovered.
So, what is some of the common types of fraud that managers and executives should bear in mind, and how do they to find out if fraudulent activities have occurred?
Corporate Credit or Purchasing Cards
The use of corporate credit cards or purchasing cards can make good business sense. They dramatically reduce the costs of the typical purchase order and payment cycle for smaller expense and procurement items. However, they are particularly prone to abuse by employees. Maybe that recent card purchase of a high-end large screen computer monitor was fully justified and helped improve the employee’s productivity, but what if the monitor ended up with the employee’s child who loved computer gaming? What about the R15,000 spent at Builders Warehouse for “office improvements” by the branch supervisor? Perhaps the supervisor now has a greatly improved recreation room. What about duplicate purchases? Was one valid and one for personal use?
Of course, all purchases and expenses made through a corporate provided card should be approved by an authorised manager. But that’s where the control weaknesses often appear. If a senior manager has to approve the monthly use of card for 50 or more employees, are they really going to spend the time to ensure every item was justified?
There is a relatively simple answer to this problem. Credit card companies provide detailed data for every transaction that takes place. The data can be analysed to identify many indicators of fraud. Merchant codes can be checked and anything that seems dubious can be highlighted for review. There have been cases where one employee used their corporate card to spend thousands on psychic readings, while another purchased a cow at an auction for their personal farm.
Travel and Entertainment (T&E) Expenses
The risks of fraud in corporate credit card systems can also be applied to travel and entertainment expenses. The opportunities for fraud are very similar in terms of expensing personal costs to the business. Additionally, duplicate charges may signal fraud; for example, multiple employees charge for the same lavish entertainment of a key client. Was that expensive trip to Cape Town for a “client meeting” really justified when it overlapped with public holidays?
Again, it is a relatively simple process to analyse data to find the red flags of duplicate charges and expense claims that just don’t seem right.
Vendors and the Purchase-to-Pay Process
Vendor systems and the purchase-to-pay process also pose several fraud risks. Employees can set up “phantom vendors” in order to process fraudulent invoices for non-existent goods and services, and then have payments made to bank accounts controlled by the employee.
Employees can also collude with vendors and approve the purchases of goods and services at grossly inflated prices. The vendors may express their appreciation by shipping some goods directly to the employee’s home.
There are various ways to check for these activities. For example, vendor addresses can be analysed to identify fictitious addresses or to see if they happen to match an employee address. Vendor prices for goods and services can be analysed in detail to find instances in which prices for specific items are far from the statistical norms.
Payroll fraud risks tend to increase in relation to the size of the organisation. It may be a simple job to keep watch over a department with only a hundred employees in one location. But what happens when there are hundreds, or thousands of employees spread across multiple locations? How do you know that every person on the payroll came to work and did their job? A lot of trust is typically put in departmental and regional management to ensure that individuals on the payroll are still valid, contributing employees.
Some supervisors may be tempted to set up friends and relatives as employees and share the payroll proceeds. Even if the employee does turn up for work, what if the supervisor generously approves very large bonuses and overtime payments?
One way to keep an eye on things is to analyse employee activity records, such as electronic access and security records. How often was the employee logged on to corporate systems? How often was a swipe card used to access corporate premises? How do records for overtime hours compare to login and physical access records?
When thinking of anti-fraud measures, people tend to focus on the expense side of things. But there are also plenty of opportunities for employee fraud on the income side. Say a sales executive pushes through a large sale at period end and picks up a nice commission and bonus payment. Then, after about a month, the sale is reversed, and a credit note is issued. What happens to the commission and bonus? Who makes sure that those are reversed as well?
The opportunities for collusion with customers tend to mirror those with vendors. A sales person may provide extremely generous pricing discounts in return for a kick-back, and somehow half of the goods shipped to the customer happen to make their way to the salesperson’s home.
Analyses of discounts, pricing, sales reversals and credit notes and terms can identify many indicators of fraud. These are the same analyses that can match shipping addresses with employee addresses.
Evading approval controls by managers
One of the key anti-fraud controls in almost any business process area is management approval. Managers are trusted to review and approve purchases and expenses in their areas—but only to a certain degree. There are approval limits depending on the level of manager and budget responsibility. The risk of a large fraudulent expense getting approved by a manager is presumably limited if, for example, they are only authorised to approve purchases up to R50,000. Yet, if a manager approves five purchases for R49,000 each, they might really be approving a fraudulent purchase of R245,000. Scrutinizing data for this form of “split” approvals is a simple but effective task.
An innovative way to see if the management approval process is working properly is to analyse the time stamp data for when a manager approves a monthly corporate card charge for employees. In one case, the analysis showed that a manager had approved a very large number of charges within about 80 seconds, not exactly reassuring that appropriate due diligence had taken place!
Whether it’s data analytics or forensic accounting, we encourage all companies, large and small, to use any and all available resources to stamp out fraud, reduce waste and optimize performance.