Section 2: Fraud detection
Question
- My organisation encourages staff to come forward if they see or suspect fraud or corruption.
- The culture at my organisation is such that that I would be willing to raise any concerns that I may have regarding fraud or corruption and I know that my concerns will be taken seriously and I would not suffer any retaliation.
- My organisation has a Protected Disclosures Policy (or similar).
- There is a whistleblower hotline at my organisation.
- When fraud or corruption risks are raised at my organisation, my organisation takes proactive steps to reduce the risk.
- Credit card expenditure is closely monitored.
- Staff expenses are closely monitored.
Fraud detection – having the right environment
The opportunity for fraud to be committed is usually a result of inadequate controls and/or non-compliance by staff with policy and procedures. Although organisations should be able to trust their employees to do the right thing, having trusted employees is not a fraud control. Many instances of fraud have been committed by trusted employees. Organisations need to be able to verify that their staff are complying with policies and procedures, and include fraud risk management as a component of business-as-usual risk management.
How is fraud being detected? Of the 22.5% of respondents who indicated being aware of one or more frauds having been committed against their organisation, 45% of respondents indicated the fraud was detected through internal controls, 25% by internal tip-off, 12.5% by external tip-off and 5.3% by accident.
Combating fraud is everyone’s responsibility. The prospect of being discovered is a strong deterrent for most people contemplating wrong-doing. There are a number of actions an organisation can take to reduce the risk of fraud. We outline below some of the actions that an organisation could consider:
- Having an environment that encourages staff to come forward if they suspect fraud. Pleasingly, 88% of respondents indicated that their organisation did have this. This appears to be reinforced by 95% of respondents indicating that the culture at their organisation is such that they also know their concerns will be taken seriously.
Respondents who said that the culture of their organisation is such that they would be willing to raise any concerns they have regarding fraud (and they know their concerns would be taken seriously and they would not suffer any retaliation) were significantly less likely to experience a fraud than those who said they didn’t have such a culture.
Although it is encouraging to know that organisations do encourage their staff to speak up about their concerns, the ongoing success will rest on the organisation’s response. - Having a Protected Disclosure Policy. This is not the same as having a proper whistleblower system, including a hotline, in place. There will be occasions when it might be appropriate for staff to make a protected disclosure if the staff member has a concern for their wellbeing. Public sector organisations must have a Protected Disclosures Policy that allows staff to raise concerns of serious wrongdoing, safely and without fear of retribution.
All staff, regardless of level, should know how and where to access an organisation’s protected disclosure/whistleblower regime. This survey’s results suggest otherwise. Although 71.2% of respondents said that their organisation had a Protected Disclosure Policy, the awareness was highest at the Chief Executive level (82%) and lowest at the operation staff level (53%). This awareness gap between management and general staff is something we frequently see in organisations and is often a symptom of ineffective internal communication. - Having a whistleblower hotline. Surprisingly, only 3.8% of fraud was detected through the organisations’ whistleblower systems. This may be explained by the fact that 74.7% of respondents (across all roles and sectors) said that their organisation did not have a whistleblower hotline and a further 13.7% did not know if their organisation had one.
We believe a well-communicated whistleblower system is one of the best tools that an organisation can employ to help mitigate the risks of fraud and other reputational harm. However, the success (or otherwise) of a whistleblower system depends to a large degree on how it is set up, operated, communicated and accepted by the organisation.
According to the Association of Certified Fraud Examiners’ 2010 Global Fraud Study, those organisations that have a whistleblower hotline in place had a 59% reduction in median fraud losses. - Being proactive. Organisations can be proactive in detecting fraud, for example, by ensuring that there is a high level of awareness of the potential for fraud to occur; having clear policies and statements and ensure these are known to all staff; conducting data analytics across financial systems and having a process for following up suspicious transactions; keeping staff safe by ensuring segregation of duties where appropriate; monitoring areas of potential fraud risk such as sensitive expenditure, use of credit cards, travel expenses, gifts and rewards.
Line managers need to have a good understanding of their role and responsibility in managing fraud risks, and know that they are accountable should fraud occur in their area.