Mindy Jhittay of Bates Wells Braithwaite looks at what steps you can take if you’ve discovered fraud in your organisation – and what you can do to prevent it happening in the first place.
Insider fraud happens when a trusted colleague takes advantage of an opportunity to access money or information for their own benefit. The abuse of trust makes it particularly distressing and it’s a more common risk than you may think – a recent alert reveals that over 50% of charities have suffered an insider threat attack in the previous year. But insider fraud can affect all organisations, from commercial companies to not-for-profits – including professional and regulatory bodies.
Why does this happen, what should you do if it does, and how can you reduce the risk before things go wrong?
It normally takes place where there’s a combination of three different factors: financial pressure, rationalisation and opportunity. A classic example of financial pressure combined with rationalisation is someone who thinks, “I need to pay my bills… so I’ll just borrow some cash which I’ll repay after pay day”. If no-one ever notices that the money’s gone though, it’s easy enough to defer the intended repayment, and to start “borrowing” more and more as time goes on.
You won’t be vulnerable to insider fraud if you have robust processes in place to prevent or detect it. The opportunity occurs where controls aren’t good enough, including no segregation of financial duties or a culture of excessive trust in a senior person, which means they can’t be challenged.
Consider a scenario where your organisation’s payroll manager is away for two weeks. In her absence, another member of the finance team checks the data. They discover that some payments have been made to bank accounts which don’t match the recipient’s name – and this has been going on for some time… What does this mean, and what should you do?
First carry out an investigation – how were the funds diverted, when and by whom? How much money was lost? You could also consider an independent forensic financial audit. This will help you to identify how the problem occurred and at the same time, tell you how to prevent the same situation happening again, by reviewing and strengthening your charity’s financial controls and procedures.
Prevention is even better than cure. What are the warning signs? Is there anyone who seems to be having financial difficulties or who seems have had a financial windfall? Consider any noticeable changes in behaviour, lifestyle or performance. Is someone you work with apparently ‘living beyond their means’?
It’s also worth noting consistent patterns in a colleague’s behaviour. A person who is reluctant to take holiday, or who always stays late and arrives first, will have time at work where they are not monitored by others – so it’s more difficult to monitor what they have been up to.
Some suppliers might insist on consistently dealing with the same employee. This might simply be because they have built up a good relationship over the years. But it could be that they have devised a mutually beneficial arrangement at the expense of your organisation.
Always carry out standard background checks on candidates to verify what they have said, no matter how convincing their CV or interview is. There are a number of public bodies who appointed individuals to senior positions or positions in the finance team, only to later discover that they had employed a convicted fraudster! Nowadays basic checks are quick and easy to do online, just by searching for someone by name. A simple check could help you to avoid significant consequences.
If a new member of staff resigns shortly after joining, take time to consider why. Did they have access to particularly sensitive information? Were they in control of any processes or procedures, even if for a brief period of time?
Use unique ID and passwords, so you can track users’ activities within your computer systems and your premises and restrict and monitor access to confidential information about your organisation or information about its members.
Consider what processes you have for reconciling financial statements and introduce tiered authority and dual authorisation for payments. Make sure everyone in your organisation is aware of what is required and provide the information in a number of different formats – for example, via the employee handbook and staff training.
Despite the fact that insider fraud comes from within, it’s usually the case that your people are your best asset. At a cultural level, have a zero tolerance to fraud policy in place and get to know your people and what motivates them. Don’t let a bad apple spoil a good harvest!