“Forty-five percent of respondents experienced at least one fraud in the (2 year) survey period……(yet) it is clear from the survey that many Australian and New Zealand organisations, including many that have suffered serious fraud loss, have yet to adopt even the most fundamental fraud prevention measures – measures that are usually simple and inexpensive, yet at the same time effective.”
KPMG Fraud Survey of 491 Aust. & NZ organisations, 2004
One of the key tasks for managers of organisations is to reduce the risk of events which will affect the ability of their organisation to achieve its goals. These include risks in the areas of occupational health and safety, finances, market and competitors, supply, compliance and regulatory, currency, professional, disaster and fraud. Managers are usually proactive in reducing all of these risks – except fraud. Why is this?
Reasons not to act
Some possible reasons are:
- Simple self delusion (“It won’t happen to me because I’m me – that sort of thing happens to others”).
- They do not understand the risk, or they underestimate it, and so do not accord it any priority.
- A belief that they are so in touch with the organisation and its processes and people that they would immediately detect any fraudulent act.
- They believe that their employees will naturally be working to reduce fraud risk as a function of their normal activities anyway (all without being specified in their job descriptions, appropriate training, management overview and management example!)
- A strong feeling of loyalty to the employees (“I trust my people. They are like family. They would not do a thing like that”.)
- Belief that a fraud risk reduction exercise would disrupt the running of the organisation, and upset the employees. Fear of unions and powerful entrenched groups of employees.
- A reliance on external auditors to proactively minimize and detect fraud (even though that role is specifically excluded from their responsibilities).
None of these are adequate reasons to neglect minimising the risk of employee fraud. Let’s look at a couple in more detail.
The omnipresent manager
Fraud statistics show that in most cases reason 3 (a belief that they would immediately detect any fraudulent act) does not apply – only 12% of uncovered frauds are detected by management (KPMG Fraud Survey, 2004). This is to be expected when you think about it – unless the organisation is very small, senior management does not become involved at the transactional level where fraud is noticed.
Furthermore, very few organisations have a management reporting system which has been developed to the necessary extent for fraud to be clearly signaled. As for being in touch with the people, yes, it is true that most fraud comes to management attention through employee tip-off. However, unless the organisational culture specifically encourages and protects whistleblowers, such tip-offs may take some time to occur – on average frauds in Australia run for 14 months before detection (KPMG Fraud Survey, 2004).
The comment given after reason 4 (employees will naturally be working to reduce fraud risk) basically says it all. Employees focus on what they are told (or assume) are their major priorities – the core tasks they are measured on. They will see little benefit in taking time to improve the systemic controls to make fraud more difficult, or to notice and report the unusual or the unexplained, unless they have been trained and encouraged to do so and they have the organisation’s best interests at heart (a cultural issue). This is not to say systems improvement and reporting of suspected fraud will not happen without management encouragement, but it will not be as timely or certain.
Reason 5 (a strong feeling of loyalty to the employees) seems to be quite prevalent, possibly because of the Australian tradition of mateship – your colleagues are your mates, and mates do not cheat one another. Unpalatable though it might seem, some employees are out to cheat you (as the manager, representing your organisation). This is reality, and needs to be faced – employee fraud is committed by employees, and is common. Very often it is committed by a longstanding, trusted member of staff who was liked and respected by all. It’s OK to trust employees in general, while being aware that some may not be worthy of that trust. Putting in place thorough pre-recruitment screening, good systemic controls and a strong culture will deter those who might seek to defraud, while improving the work environment for the trustworthy majority.
Don’t rock the boat
Often associated with the above reason is reason 6 (a fraud risk reduction exercise would upset the employees) – “the employees will think I don’t trust them if we conduct a fraud risk reduction exercise”. That’s an understandable fear, but should not hold one back from acting. A well conducted exercise is designed to allay such concerns by focusing employees on systems improvements rather than fraud specifically. Anti-fraud projects can be folded in with other changes designed to improve effectiveness, and any needed cultural improvements done over time, as culture cannot be changed overnight.
How do you measure up?
Have a look again at the seven reasons for not doing something to reduce the risk of employee fraud. Ask yourself honestly “Do any of these apply to me – even a little bit?”. If not – great. We hope you are right. However, if you can see a little of yourself in these reasons, it would be good to think about whether this has been holding you back from moving to address employee fraud risk like you should.
There is a lot you can do yourself to reduce the risk through systems and cultural improvements. However, if you are not sure where to start, have insufficient time, or feel that an outsider’s view will help clarify matters, we would be pleased to hear from you.