Counting down to November, but not for the facial hair!
This year, International Fraud Awareness Week runs from 11 to 17 November. It’s also the month of Movember, but the reasons I’m focusing more on the first cause aren’t connected to my inability to produce a decent moustache.
I’m a champion of Fraud Awareness Week because of the deep and ongoing harm that public sector fraud can bring about.
At the Office of the Auditor-General, we’ve seen the aftermath of fraud, and it’s ugly. Fraud is significantly more damaging than the monetary loss (which, on its own, can be significant). The other damage arises from the significant amount of time that staff have to spend helping with investigating the incident, preparing evidence for a prosecution, and any on-going work to recover stolen property or funds.
The colleagues and managers of fraudsters are often left with feelings of anger, shame, humiliation, guilt by association, or doubt about their own competence or judgment. All of this harm can create a sense of isolation and damage workplace relationships. Fraud incidents can also discredit the good work done by the organisation or seriously chip away at its reputation.
Fraud Awareness Week is the perfect opportunity for all public organisations to review the systems and controls that help to protect the public money and resources that they’re responsible for.
Regular training, such as reminders about the most common types and indicators of fraud and refresher courses on controls, policies, and procedures, can help to deter fraudsters. I’m encouraging all managers to consider providing specific training for staff during Fraud Awareness Week. There are some great training and guidance resources on the Fraud Awareness Week website.
As well as training, the tone set at the top is enormously important. Bosses really need to be telling their staff, often, about the systems and controls that prevent fraud, that fraud is not tolerated and people will be prosecuted, and that it’s everyone’s job to keep an eye out and feel safe (and authorised) to ask questions when things don’t look quite right.
We’re pretty fortunate here in Aotearoa – on the whole, people do the right thing and our systems and controls work well. But fraud is, as we reported back in 2012, a fact of business life. It does happen, despite the nation’s best efforts.
Recently, we’ve seen a steady increase in cyber-related fraud. That’s something everyone might want to specifically consider in October and November. Do you have cyber incident response plans? What would you do if your systems were held to ransom or otherwise compromised? Are your plans prepared? Are they up to date?
We continue to see whaling scams, where the perpetrator uses an email address that appears to be from a senior employee to authorise a payment without proper supporting documentation. In this situation, the payment goes to the perpetrator who is also masquerading as a legitimate supplier.
We also see incidents ofphishing, where the perpetrator tries to get sensitive information (like usernames, passwords, and credit card details) by masquerading as a trustworthy organisation (such as a bank) in an email.
We’ve also seen some incidents where fraudsters intercept a legitimate email exchange between the organisation and a supplier, and then send a legitimate-looking email or document about a change in the supplier’s bank account details. The organisation then pays the fraudster because it changed its master-file without separately contacting the supplier to confirm the changes. That sort of fraud is really frustrating, because the time taken to simply make a phone call to the supplier would have avoided the loss.
So, while you're thinking ahead to Movember and pondering whether to grow a mo’ or support the men around you who choose to do so, please spare a moment to think about the other important November event. What are you doing for Fraud Awareness Week?
Do something. Go on. As we said in our blog about Māori language week, he waka eke noa. We’re all in this together.