Results for fraud management strategies – prevention, detection, incidents of fraud, and fraud response
Our survey focused on four main areas – fraud prevention, fraud detection, incidents of fraud, and fraud response. Other findings in each area were:
Preventing fraud – robust frameworks minimise the risk of fraud occurring
The elements that are generally recognised as helping an organisation to successfully prevent fraud are shown here with the percentage of “yes” answers, ordered from highest to lowest:
- have a staff Code of Conduct (91.6%);
- have managers who understand their responsibilities for preventing and detecting the risk of fraud (89.4%);
- have a fraud policy (79.0%);
- take a proactive approach to preventing fraud (77.2%);
- have employees who understand their responsibilities for preventing and detecting the risks of fraud (73.2%);
- have a clear policy on accepting gifts or services (71.2%);
- screen new employees, including criminal history checks (71.0%);
- communicate their staff Code of Conduct regularly – annually or biannually (69.7%);
- designate a person to be responsible for fraud risks, including investigation (67.7%);
- review fraud controls regularly – annually or biannually (67.0%);
- communicate their fraud policy regularly – annually or biannually (64.3%);
- carry out due diligence on new suppliers, including credit checks and checks for conflicts of interest (47.5%); and
- offer fraud awareness training (23.6%).
The results show that public entities are highly aware of fraud. Larger organisations, in particular, have mature and connected policies and approaches to mitigating the risk of fraud.
It is important to understand that policies and procedures alone won’t protect public entities from fraud. It is crucial to clearly communicate those policies and procedures to staff , and for management to be consistent with their messages and actions. The results show that although a large number of public entities have a Code of Conduct and a fraud policy, fewer communicate these to their staff regularly.
Only 23.6% of respondents have had fraud awareness training at their organisation. Fraud awareness training can teach staff what fraud is, how to recognise incidences of fraud, and how to act if they detect a fraud. Organisations with fraud training reported higher occurrences of fraud in the last two years than those that did not have such training (32.0% compared with 20.0%). This could be attributed to staff knowing how to recognise fraud and what to do when they suspect or observe fraud occurring, rather than more fraud actually having been committed in those organisations.
Detecting fraud – having the right environment
Detecting fraud generally relies on a range of actions, from providing awareness of ways in which staff can report suspicions to specific process checkpoints. Elements are shown here with the percentage of “yes” answers, ordered from highest to lowest.
To be able to detect fraud, public entities should:
- closely monitor staff expenses (96.8%);
- have a culture where staff would be willing to raise any concerns that they may have regarding fraud or corruption and know that their concerns will be taken seriously and that they would not suffer any retaliation (95.0%);
- closely monitor credit card expenditure (89.8%);
- encourage staff to come forward if they see or suspect fraud or corruption (88%);
- when fraud or corruption risks are raised, take proactive steps to reduce the risk (86.6%);
- have a whistleblower hotline (23.5%); and
- have a Protected Disclosure Policy (71.2%).
As mentioned above, it is critical for organisations to foster a culture where staff feel safe to come forward if they suspect that a fraud has occurred. A Protected Disclosure Policy that protects and provides ways for staff to express concerns is critical in these instances.
Although 71.2% of respondents said that their organisation had a Protected Disclosure Policy, awareness of such policies was high at management level, but relatively low at operational level. A policy can only be effective if staff are aware of it.
Incidents of fraud – how often does fraud occur in the public sector?
Overall, only 22.5% of respondents said that they were aware of at least one incident of fraud or corruption in their organisation in the last two years. These frauds tended to be of lower value, with more than 60% being less than $10,000.
Respondents who said they knew of a fraud or corruption incident in the last two years were asked for details of the most recent incident. In nearly 80% of these incidents, the perpetrator was internal and the incident was committed by one person acting alone.
Of the respondents who indicated that they were aware of at least one incident of fraud in their organisation in the last two years:
- 45.0% said that fraud was detected through internal controls;
- nearly 1% said that fraud was detected by external audit;
- 25.0% said that fraud was detected through internal tip-off ;
- 12.5% said that fraud was detected through external tip-off ; and
- 5.3% said that fraud was detected by accident.
The most common type of internal fraud was theft of cash, in more than a quarter of all known incidents. The following groups came in at around 10% of the incidents:
- theft of plant and equipment;
- theft of inventory;
- fraudulent expense claims;
- fraudulent misuse of a credit card;
- false invoicing; and
- payroll fraud.
The main reasons given for these incidents were that the perpetrator did not think they would be caught and that the intended controls were not followed.
Action taken in response to fraud detected
The survey shows that public entities tend to address matters of fraud internally. Only if there is sufficient materiality or evidence available do they refer the matter to the appropriate agency, usually the Police. Only 23.0% of known frauds in our survey resulted in the person being dismissed and a report being made to Police.
Organisations are often reluctant to bring criminal charges against employees because of the time and costs of developing a case, the time it takes for matters to be resolved in the Courts, and the perception that fraud is a lower priority for the Police.
However, this means that employees suspected of fraudulent activities may move on to other public sector organisations and continue their behaviour – we are aware of this having occurred. The lack of visible action may also suggest to other staff that management tolerates such behaviour, creating a sense of failure to live up to the values promoted by the organisation.
page top