Getting Tough On Internal Crime - Cut Fraud With Document Management
Published Wednesday, August 21, 2013 3:24 PM by Wearev1, Author
In this free white paper, we look at the growing problem of internal crime, and how your organisation can cut down on employee fraud through the use of intelligence, transparent finance document management.
The real cost of employee fraud
A business book about business fraud (A short guide to fraud risk, Gower Publishing, March 2010) defines fraud risk as “the chance of a perpetrator (or perpetrators) committing a fraud which has an impact on the organisation”, noting that instances of fraud can occur anywhere where there are people who are dishonest, or who become dishonest.
A fraud risk, the authors note, is defined chiefly by three elements:
- the method of fraud;
- the effectiveness of controls; and
- the degree of dishonesty and skill level of the perpetrator.
In the worst-case scenarios, organisations aren’t even aware of their exposure to internal fraud, because their existing systems don’t provide enough visibility across affected accounting processes.
This should be a cause for grave concern given the magnitude of losses UK organisations are falling victim to collectively. The UK National Fraud Authority’s latest Annual Fraud Indicator estimates that the loss to the UK economy from fraud is around £73 billion a year. Although this is an all-encompassing figure covering all types of personal, public sector and business fraud, the NFA’s March 2012 report notes that ‘insiders’ are responsible for some of the biggest fraud cases ever recorded. One of the most infamous cases is that of Nick Leeson, whose unauthorised trading -which lay undetected for years -resulted in the collapse of his employer, Barings Bank, in 1995.
In the private sector, fraud-based losses are worth in the region of 1.4% of turnover, according to the NFA. Across the UK that’s roughly equivalent to £45.5 billion a year – some £26.7 billion affecting large businesses, £18.9 billion suffered by SMEs.
Fraud in the public sector, meanwhile, is estimated by the NFA to be worth around £20.3 billion per year, and is costing charities 1.7% of their income, totalling some £1.1 billion. Among private sector organisations that had been a victim of fraud over the last year, 22.6% said they had suffered at least one insider-enabled fraud. Of the charities that had fallen prey to fraud over the last 12 months, 27% said at least one case had been insider related.
The NFA report also draws together a range of broader statistics which confirm that internal fraud is now a major and fast-growing source of financial losses to all sorts of organisations. For example 34% of UK respondents to PWC’s 2011 Global Economic Crime Survey said employees were responsible for their highest level of fraud detected last year, while globally two-thirds of public sector respondents said their largest fraud was perpetrated by an employee. Meanwhile Kroll Advisory Solutions’ 2012 Global Fraud Report – based on a survey of more than 1,200 senior executives worldwide -suggests that 60% of fraud globally, where the perpetrator is known, is insider fraud -up from 55% in 2011.
The findings are supported by the UK not-for-profit fraud prevention service, CIFAS, which has separately observed a 52% overall increase in the number of insider fraud recorded during the first half of 2012, compared with 2011, based on an analysis of fraud recorded on its Staff Fraud Database (CIFAS, August 2012).
And these are just the instances of fraud that are known about. Research by the Association of Certified Fraud Examiners in the US, across a wide range of industries, has repeatedly shown that fraud is a widespread problem that affects almost every type of business; and that the typical organisation loses 5–7 per cent of its annual revenues to fraud.
Who are the culprits?
The most disturbing crimes are those committed by the least expected sources. A survey by consultancy firm KPMG in 2011 (Who is the typical fraudster?, KPMG, June 2011) found that 50% of UK fraud now is down to senior management at board level, and that 60% of fraudsters have worked for the affected company for more than a decade. This makes crime even harder to detect, because of the chance of management manipulation during any review.
With echoes of the Nick Leeson case, a former UBS trader in London, Kweku Adoboli, is currently on trial, defending two charges of fraud and two of false accounting. Just months earlier, in New York, Russell Wasendorf Sr, founder and chief executive officer of Peregrine Financial Group, was charged in connection with an alleged $200 million fraud involving his futures trading company. He is accused of making false statements to the US Commodity Futures Trade Commission between 2010 and July 2012.
Even more extreme have been the cases of cricket entrepreneur Sir Allen Stanford who orchestrated a fraudulent, multi-billion dollar investment scheme, and Bernard Madoff, the former chairman of the Nasdaq stock market, arrested for running a hedge fund which allegedly racked up a staggering $50bn (£33.5bn) of fraudulent losses – the biggest case of its kind. Finally, who could forget the Enron scandal of a decade ago, which was brought about by all manner of financial cover-ups?
That trusted, senior executives within a company are just as likely as more junior staff to be the perpetrators of fraud means that organisations need watertight, systematic measures for identifying, monitoring and preventing such practices – measures that transcend the control of individuals.
Types of employee fraud
CIFAS applies the following definition to staff fraud:
- “Staff fraud occurs when a member of staff dishonestly makes false representation, or wrongfully fails to disclose information, or abuses a position of trust for personal gain, or causes loss to others. Fraudulent activity perpetrated by members of staff can range from compromising customer or payroll data to straightforward theft or the submission of inflated expenses. Staff fraud can be opportunistic – i.e. it can be a completely unplanned attack purely for personal financial gain. However, staff fraud can also be linked to a serious and organised criminal network or terrorist financing.”
- The most common crimes, and the easiest ones to guard against, are opportunistic attempts by employees to metaphorically ‘put their hand in the till’ – for example, making up their own financial shortfalls by inflating their expenses or overtime claims, or purchasing personal goods through the company.
- Expenses fiddles can seem harmless enough, but soon mount up. Common false claims include fictitious taxi rides; claims for un-receipted parking; adding mileage to journeys; and use of expenses claims to cover bar and restaurant bills.
- One study suggests that at least one in three UK employees routinely defrauds their employer by submitting inflated taxi expenses to top up their wages. The 2012 survey, conducted by expense management company Spendvision, found that 23% of staff admit to asking taxi drivers for a blank receipt so they can invent their own figure before submitting their expenses claim. Ten per cent of the 1,000 respondents admitted to also filling in claims for personal taxi journeys.
- Procurement fraud can be more sinister still. According to the NFA’s 2012 Annual Fraud Indicator, the UK public sector lost £2.3 billion in 2011 to fraudulent purchasing practices such as bid-rigging, price-fixing, the submission of multiple invoices for the same work, and diverted payments. False and ‘double-invoicing’, price-fixing, altering payment details and giving kickbacks to determine contract awards are among the examples cited.
Taking back control
The main reason many organisations have been so vulnerable to employee fraud is their over-reliance on personal relationships and mutual trust, and their lack of visibility across finance management processes and systems. Too little insight into potentially dubious trends has by default given financially-stretched and easily-tempted members of staff a licence to push their luck and for line-managers to give the benefit of the doubt or even turn a blind eye to questionable transactions.
As the ongoing financial crisis has taken its toll on procurement budgets and expenses allowances, vigilance has increased however. With no slack in the system, companies have had no choice but to rein in allowances and clampdown on suspicious spending.
Turning to technology
The more systematically financial transactions and administrative processes are managed, and the more visibility there is across supporting systems, the more control organisations will have over their spending – and the more readily they will be able to spot and address potential problems.
One of the benefits of using technology to manage and protect against fraud is that it depersonalises the situation, removing the awkwardness involved if a manager suspects and accuses a team member, peer or even a superior of underhand practices.
There are several different approaches organisations can take to tackle employee fraud through technology. Some take a forensic approach, using sensitive analytics to identify unusual patterns of spending. Electronic procurement solutions, meanwhile, enable closer monitoring of purchasing, enforcing approvals and matching individual invoices and payments to purchase orders so that anomalies can’t slip through the net – because everything is carefully accounted for. Such systems can be policed with a no-PO-no-payment approach, ensuring that no funds are issued without the requisite electronic ‘paperwork’.
Automated expense management systems apply similar rigour, not only reducing the administration burden around expenses claims but also ensuring that approvals processes are followed through and that claims can be properly traced and monitored electronically.
How paperless office systems can help
As soon as records are being kept electronically and can be interrogated easily – i.e. because the content is centrally archived and readily searchable -companies inherently have much more control over the information contained in these documents, whether these are expenses claims, procurement records or processed invoices.
Having a clear line of sight across related documentation and being able to call it up instantly is becoming increasingly important from a financial auditing and regulatory compliance perspective too.
Whatever measures are taken to perform the actual fraud detection and analysis, the underlying platform enabling sophisticated monitoring of employee behaviour is electronic document management and imaging. As long as procurement, purchase orders, invoices and expense claims are handled in a largely manual way, there is a limit to how vigilant companies can be in monitoring potentially suspicious behaviour – because they have no way of readily accessing and comparing the information.
The good news is that this situation can be turned around easily and affordably. For minimal outlay and yet with a rapid return on investment, organisations can automate routine finance management processes so that the detail contained in traditional paper documents is scanned straight into core business systems -where it can be tallied with related records and shared with other systems and users.
Investing in document management software technologies to prevent fraud
Electronic document management systems, tightly integrated into organisations’ accounting, enterprise resource planning (ERP) and HR systems, minimise the risk of fraud because documents such as invoices, purchase orders and personnel records are imaged (scanned and indexed) and then securely stored in an electronic archive.
These documents form a permanent record which cannot be destroyed or altered in any way, reducing the risk of an employee eliminating or manipulating evidence to cover their tracks -as Arthur Andersen staff did during the infamous Enron investigation in the US.
Following the 2001 scandal -in which $100bn revenue energy giant Enron was found to have sustained itself by means of institutional and systematic accounting fraud -Andersen’s alleged complicity as an auditor came under intense scrutiny. In June 2002 the accounting firm was convicted of obstruction of justice for shredding documents related to its audit of Enron.
Document management systems impose strict levels of document access and maintain audit trails so that it is clear who approved what and when, further thwarting attempts to hide suspicious activity.
As noted above, one of the biggest problems for organisations in leaving themselves open to fraud has been the fact that there have been easy pickings for those desperate enough or easily tempted to harvest them. In the current climate, it is vital that staff are not provided with the means to easily commit fraud. Systems enabling electronic document management reduce the risk of fraudulent activity and should form part of organisations’ cross-company security measures.
Choosing the right system
There are a number of fraud detection and prevention solutions on the market that come under the document management umbrella. Integrated with accounting/ERP and HR systems, these can become powerful tools in the fight against internal fraud.
The main component technologies include:
- Document archiving technology. Such systems electronically scan or ‘image’ and store all documents, so that essential documents such as contracts, invoices and HR/payroll documents cannot be lost or destroyed. Once these documents are securely stored and backed up, they cannot be conveniently ‘mislaid’, shredded or burnt for the benefit of a fraudster (such destruction being the undoing of Arthur Andersen staff during the Enron scandal). Nor can documents be altered for an individual’s own ends.
- Electronic document form creation and delivery software (e.g. output management and automated mail). These systems replace the paper-based distribution of documents, a process that lacks a formal audit trail. Documents that are created using an electronic form designer and delivered by email can be stored in the central document archive so that there is a permanent record of which documents have been sent to whom and when. This transparency is a significant aid in unearthing any suspicious correspondence.
- Purchase requisitioning software. This provides greater control over the procurement of goods, ensuring that any anomalies and maverick spending are spotted more easily. Ideally web-enabled, such solutions enable purchase orders to be raised, managed and authorised electronically, reducing administration costs, delivering greater procurement transparency and cutting rogue ordering of goods and services. Once approved the purchase order is generated or the requisition is automatically sent on for further levels of authorisation, depending on the controls put in place using the system’s customisable business rules. All approved purchase orders can be printed, faxed or emailed directly to suppliers.
- Electronic document authorisation software. This too can help prevent procurement fraud. Here, every invoice for payment can be routed for electronic authorisation, and there is an audit trail which records who has approved which invoice and when. This level of transparency makes it harder for staff to carry out fraudulent transactions.
- Secure cheque printing solutions & special fraud-resistant stationery. These tools can be used to ensure that no bank or cheque details are pre-printed and that details are altered only by those authorised to do so. Stationery can be numbered too, making it easier to trace. In fact every document in an electronic archive has its own distinct ‘electronic fingerprint’, with any activity relating to that document being logged. As it is impossible to delete any of these activity logs, the attempts of even the most ardent hacker to cover their tracks would be detected. Not every organisation will have the same set-up or the same priorities, so it is important to look for a modular range of solutions that allow the required functionality to be mixed and matched, and blended with existing systems. Systems should ideally be easy to integrate with core business software, and scalable enough to expand as use grows. The right supplier will be able to advise on the right technology combination for the given environment, taking into account possible future requirements in addition to current needs.
In the current economic climate, organisations are becoming as susceptible to internal fraud as they are to external threats to their financial resources and assets. This situation is unlikely to change either, unless the economy picks up significantly or companies get wise to rogue activity and clamp down on it using some simple yet powerfully effective controls.
Addressing potentially dubious activity can require delicate handling though, which places further emphasis on the need to use technology -to record the indisputable truth about what is going on as funds pass in and out of the company. Capturing everything systematically means no individual is seen to be singled out for special attention. Anomalies are simply highlighted as part of routine processes, because there is much more visibility in and across core business systems. For anyone involved in malpractice it means there is no longer anywhere to hide. For the business confronting the problem, there is detailed evidence of what went awry, when and in whose hands.
Prevention is far more effective than cure. Once staff are aware of the tighter controls this is likely to deter rogue activity, because the chances of being caught red-handed are so high.
Given the modest investment required to automate associated finance processes, and the additional benefits as related business activities are streamlined and archiving, backup and auditing are automated, the barriers to adopting document management solutions are negligible. Easy integration with existing business processes and systems, and rapid payback in the form of considerable associated cost and time savings as well as reduced vulnerability to internal fraud, make for a robust business case.
Even given the ongoing financial uncertainty, document management represents a solid investment to help prevent fraud. Given the potential damage to an organisation’s bottom line, as well as its reputation, if it falls prey to malicious activity, it makes for a prudent business decision. With a further increase in corporate fraud expected as the UK and much of the Western economy continues to lurch in and out of recession, there is no time like the present to spend a little to save a lot.
Sources & resources
- A short guide to fraud risk (Gower Publishing, March 2010)
- Who is the typical fraudster? (KPMG, June 2011)
- News article: Fraud trial jury for former UBS trader selected (Reuters, September 2012)
- News article: PFG founder Wasendorf arrested in fraud case (CNN Money, July 2012)
- News article: Procurement fraud costs public sector £2.3 billion (Supplymanagement.com, April 2012)
- News article: Staff expense fiddling tops 3.5 billion (HR Magazine, May 2010)
- Enron: Who’s accountable? (Time Magazine, January 2002)
- Document management to catch a thief (CRN/ChannelWeb, July 2011)