Harder financial times and a slowing economy are contributing to an increase in employee fraud in Australia.
In difficult economic times the typical fraudster is more easily able to rationalise their actions and are more motivated to engage in misconduct to maintain their own lifestyle requirements.
There is evidence that the range and types of fraud committed are increasing with the most common types of frauds including:
- Manipulation of source data including pay rates, new suppliers or employees and bank accounts;
- Falsifying invoices and expense claims;
- Electronically transferring funds into personal accounts;
- Receiving ‘kickbacks’ from suppliers;
- Creating unauthorised accounting adjustments to the financial statements; and
- Misappropriating company assets or inventories.
So what can businesses do to counteract this growing trend?
Businesses and those charged with governance are able to impact the level of opportunities available to employees to commit and engage in misconduct without the risk of being detected.
Evidence tells us that the typical fraud is committed by trusted long term employees who are acting alone, and the most significant factor in detecting committed fraud is the internal controls employed by an organisation.
The internal control environment and more specifically, segregation of duties amongst your employees is key to preventing or detecting fraud.
As an example, assume that your payroll officer is able to create new employee records within the accounting system, alter source data such as pay rates, process the weekly pay run and approve the physical EFT payment through the bank account.
There is a significant opportunity in the example above for the employee to adjust their own pay rate or create a false employee with their own bank account details to misappropriate funds of the business.
Now assume that in the example given above, the process is segregated and the creation of employee records and amendments of source data is only able to be completed by the human resource manager and the approval of the physical EFT payment is completed by the finance manager.
This reduces the opportunity available to misappropriate funds, involving more people within the process and effectively increasing the risk to the potential fraudster in being detected.
Typically segregation of duties is most effectively implemented through system access restrictions and authorisation processes such as:
- Ensuring that employees processing transactions such as payroll or creditor payments, are unable to access, create and amend source data within the system;
- Ensuring that employees processing transactions such as payroll or creditor payments, are unable to access and process physical payments;
- Ensuring that independent authorisation controls are in place, specifically around the bank reconciliation process, creditor payments process, credit note issuance and expense claims; and
- Ensuring physical restrictions are in place with regard to accessing cash, cheques and valuable assets or inventories.
Given the fact that adequate segregation of duties relies heavily on a larger accounting function, smaller clients often ask ‘what if we are unable to segregate our processes due to the size of our accounting function?’
The answer is that although it is not practical in some instances to implement system access restrictions within a small team due to back-up and support requirements, there are a number of detect type controls that can be implemented that effectively increase the chances of detecting fraud sooner and deter potential fraudsters.
These types of controls come down to authorisation and checking. Using the payroll processing function again as an example, an organisation would implement and communicate policies such as:
- Source data changes within the payroll system are required to be approved by an independent and more senior employee;
- Payroll EFT payments are independently approved with the underlying detail provided as part of this approval; and
- Higher level analytics are provided to senior management to review based on their expectations, with abnormalities being documented and followed up.
These controls are effective if they are operating throughout the period as expected, and given that they are more easily overridden than a system segregation, employers should include a process to verify that the controls have been followed. This can be facilitated by an internal audit function that can easily spot check compliance in this regard.
Controls that can be implemented within a small team to increase the chances of detecting fraud include:
- Ensuring that independent authorisation controls are in place, specifically around the bank reconciliation process, creditor payments process, credit note issuance, expense claims and journal processing;
- Ensuring physical restrictions are in place with regard to accessing cash, cheques and valuable assets or inventories;
- Running and reviewing a source data change report regularly;
- Having operational managers peruse and sign off on departmental staff details and supplier details on a regular basis;
- Ensuring timely management reports are being reviewed and analysed by Senior Management, with any discrepancies outside of expectations being followed up without exception;
- Utilising computer based audit techniques that are easily able to identify discrepancies within your accounting system and source data such as a creditor having the same bank account details as an employee; and
- Having an audit function that verifies compliance with authorisation and segregation policies throughout the year.
Finally, the foundations of any organisation need to be aligned with the internal control objectives. This includes:
- Having an appropriate code of conduct and communicating this to employees;
- Screening of new employees to gauge their fit within the organisation;
- Having a fraud policy that documents and communicates to employees what constitutes a fraud within the organisation and the measures that will be taken in the event that a fraud occurs;
- Providing relevant training to employees on integrity and values; and
- Ensuring that the leadership of the organisation are all aligned with the values communicated.
Grant Martinella is an Audit & Assurance Director with William Buck and can be contacted on 08 8409 4333 or. firstname.lastname@example.org
FOR MORE INFORMATION:
Ph: 08 8409 4333
M: 0419 811 760
William Buck is an association of independent firms, each trading under the name of William Buck across Australia and New Zealand with affiliated offices worldwide. Liability limited by a scheme approved under Professional Standards Legislation other than for acts or omissions of financial services licensees.
William Buck is an Associate member of Praxity, a global alliance of independent firms.