Twenty-first century crime is more sophisticated than ever before. And employee fraud can often manifest itself in cybersecurity risk: one of the key areas of concern for organizations today.
Cyber and Sophisticated: The New Face of Fraud
KPMG identifies cyber risk as one of the major risks that organizations, such as private equity firms, face today. Attacks from employees, whether they are direct attacks to the organization’s systems, or the passing of sensitive customer data to third parties, are becoming more common. Sophisticated cyber attacks can be carried out by dishonest employees—computer and Internet technology has given dishonest workers new ways to steal money, sensitive information and even hard assets from credit unions, and other financial organizations.
With sophisticated fraud on the rise, don’t think traditional employee fraud has diminished. Employees continue to commit crimes such as embezzlement, check fraud, falsification of financial statements, collusion with corrupt vendors, and, as recently highlighted by the FBI, “business email compromise” schemes. Our recent post on combating accounts payable fraud highlights an annual survey that found more than 75 percent of companies with less than 250 employees and more than 91 percent of companies with more than 5,000 employees experienced a fraud attempt in 2016.
Organizations must be prepared to contend with and combat today’s versions of employee fraud with more integrated, multi-dimensional and comprehensive strategies.
Understanding the Risks to Organizations
Financial services organizations often find themselves dealing with instances of employee fraud, which, while not newsworthy – multiple incidents on a small magnitude – nevertheless have a large impact on organizations, according to EY.
Employee fraud can lead to business failure and destroyed careers in extreme cases, notes a report from CPA Australia. Apart from the direct cost of fraud, employee morale is impacted, and good employees may no longer want to work with an organization where fraud is widespread or not investigated and acted upon. The reputation of the business may also be damaged in the eyes of vendors, associates, customers and others, especially as information travels quickly today.
Businesses that experience employee fraud may become overly internally focused in response to a fraud, but organizations should not become so focused on reducing risk that business objectives are compromised, according to the report. The best course is to “balance their desire to minimize such risks with the business needs.”
One way to do so is to make sure efforts to create and enforce robust controls that will eliminate opportunities for fraud are also aligned with core strategies and can be synergized to yield efficiencies and better returns.
Employee Fraud: A Crime of Opportunity
Employee fraud is usually a crime of opportunity based on internal and external pressures on employees or due to rationalization on the part of the employee. Misplaced trust, ineffective internal controls and inadequate hiring and supervision policies create an environment where employees find opportunities to commit fraud, according to CPA Australia. EY further reiterates that “the relative ease of committing fraud and remaining undetected is inversely proportional to the strength of the safeguards/frameworks put in place around fraud prevention and detection.”
Organizations must commit to reducing the opportunities afforded to employees through the implementation of strong and effective internal controls. However, this is not enough. While rigorous controls do reduce opportunities for fraud, sufficiently determined employees can find their way around these controls, and EY recommends a “three-pronged approach” for preventing employee fraud which focuses on:
- Organizational policy
- Organizational incentive processes
- Organization culture
A Multi-Dimensional Approach to Organizational Best Practices
Organizational policies are key to creating an environment that deters employee fraud: These should be intensive and unambiguous. Every employee, regardless of seniority, should adhere to policies and procedures, which in turn should specify “zero tolerance” of breaches and form part of the conditions of employment, according to CPA Australia.
Organizational policies should be focused on prevention, detection and management, suggests EY, including employee background checks, restrictions on access to sensitive data, conflicts of interest and employee personal investments, whistleblower protection, internal investigation, disciplinary actions and more. Separation of duties—where no employee is responsible for a transaction from start to finish—is recommended by CPA Australia for large organizations, and close supervision of employees handling financial or sensitive data in small organizations.
Organizational incentives must balance between short-term targets and long-term goals. “Stretch” targets set at unreasonable levels are likely to tempt employees to take shortcuts and “the over aggressive attitude of management towards profitability and performance can lead to an environment that is ripe for fraud,” explains EY. Thorough investigations into every incidence of fraud, and an effective whistleblowing policy that does not compromise the whistleblower must be implemented swiftly, uniformly and consistently across the organization—in fact it should be the pervasive culture of the organization.
An organization culture focused on integrity, transparency and accountability is likely to reduce the risk of fraud. All employees, regardless of their seniority, should be held up to the same policies and be held accountable for their actions, notes CPA Australia. And EY adds that while “a clearly articulated organizational value statement and a code of ethics/ conduct are hygiene factors, their actual daily observance within an organization is the real differentiator.” In other words, how leaders, managers conduct themselves and are perceived to be rewarded by the organization affects the choices that employees make.
The bottom line? A clear code of conduct that specifies zero tolerance towards fraud, and a public image for integrity are essential for inspiring employees towards honest behavior.
A Practical Approach to Eliminating Employee Fraud
Apart from the internal controls and best practices that organizations should have in place, they must be able to detect and understand some of the specific schemes against organizations in their industry. Fraud prevention consultant Peter Goldmann discusses critical tools and techniques for fraud detection in “Detecting and Preventing 21st-Century Employee Fraud,” a webinar with Eli Financial. Goldmann discusses how to identify the red flags of fraud and explains how to use critical tools and techniques for fraud detection. He explores the use of software tools to detect fraud and best practices for developing and implementing anti-fraud controls.