Research has shown in excess of 80% of serious frauds committed against an organisation are perpetrated by an employee, either alone or in collusion with other employees. It is important to know the perpetrator when trying to understand why they commit these frauds against their employers. Many fraudsters are motivated by financial benefit either through greed or through desperation. The current economic climate has left many individuals cash strapped and in financial turmoil. The Association of Certified Fraud Examiners found that occupational fraud is undeniable and extensive. The most commonly reported fraud in their 2012 Report to the Nations was Asset Misappropriation, comprising 87% of all the cases reported, where the perpetrator steals an organization's assets by evading whatever controls the organization may have in place, often through such actions as false billing and invoicing schemes, and cash skimming schemes. This report also highlighted that the most significant decreases in the cost and duration of occupational fraud schemes correlated notably with the implementation and presence of anti-fraud controls.
Despite the gross magnitude of frauds perpetrated by employees against their employers, occupational fraud can be prevented before suffering significant reputational and financial damage and is largely dependent on the proactive, as opposed to the reactive processes of the organisation. Preventative procedures and controls are vital when trying to reduce the incidences of fraud. These should be designed to address opportunities and minimise rationalizations to commit fraud. Conducting regular fraud risk assessments has been extensively promoted and driven through research, media and regulators, for many years; however the failure to identify and address the risk of fraud by implementing effective policies, procedures and systems controls, still plagues South African organisations today. Whether its Government officials who commit fraud against their own departments, or business people defrauding their own organisations, occupational fraud continues to be significant and rife in South Africa and throughout the world.
A recent case study demonstrates exactly this problem. A long-time and trusted employee was able to manipulate and exploit her employer's already weak systems to effectively misappropriate R5 million in less than 3 years.
By definition, cash skimming involves the theft of incoming cash before it is entered into the accounting records and therefore known as an off-book scheme. These types of frauds are extremely difficult to detect due to the lack of direct documentary evidence and typically perpetrated by employees who are directly associated with the selling of goods and services and collection of subsequent payment.
As the cash clerk responsible for receiving, receipting and banking cash paid in by various individuals, the employee in this case took full advantage of the fact that there was little to no oversight of her work which provided her with the perfect opportunity to skim cash before it was recorded in the organisation's financial system. The employee realised there were significant loop holes in the system established to receipt income generated through sales.
She would receive cash paid directly to her; would pocket a portion of this and receipt the difference on a daily basis. You might wonder how or why this was never detected. The simple answer is no adequate reconciliations, no threat assessment and ultimately no control. A forensic review of the cash receipting scenario at this organisation revealed that there was:
- No policies or written procedures in place;
- Little to no oversight;
- Poor segregation of duties;
- Inadequate systems integration and reconciliations; and
- Little to no generation of receipts and no receipts provided customers.
The supervisor's role was limited to (a.) confirming the amount of cash receipted on the financial system at the end of the day and (b.) occasionally reconciling this figure to the amount depicted on the deposit slip prepared for the bank. The employee also bypassed the generation and supplying of receipts, by providing an explanation that due to time constraints, cash could only be receipted once a day, at the end of the day, after closing time. Instead, individual payers were presented with a signed document acknowledging that their payment had been received. This placed considerable pressure on these individuals to maintain each and every signed note to prove that payment had been made. The lack of data systems integration meant reconciliations between the sales figures and the receipt figures of these systems were difficult, if not impossible and therefore never performed.
In many instances, the employee was also responsible for reconciling the cash receipted and the cash banked. A number of cancelled receipts, with no recorded explanations for the cancellation, provided another perfect opportunity to legitimately receipt a payment and later cancel this receipt and pocket the money. Despite being in a position of extreme trust, the employee was in a perfect position to selectively receipt the cash she received.
Assessing the problem
A proactive approach is more important than ever in South Africa's declining economic climate, where individuals are finding it difficult to pay bills and maintain their lifestyles. In this specific case, a fraud risk assessment would have identified the cash receipting process as a high risk area and may have detected this scheme early on; preventing the enormous loss suffered by this organisation. The lack of formal written policies, procedures and job descriptions made the internal disciplinary process particularly difficult for this organisation. Trying to assign blame to a particular employee was exceptionally difficult given the lack of documentary evidence and reliance had to be placed on the record keeping efforts of individual payers.
Such an assessment does not need to be a costly and drawn out process and would have alerted the organisation to the lack of and insufficient controls in place to avoid such an easy opportunity to misappropriate its assets.
Interviews with employees at all levels of the organisation, reviews of the current control processes and an examination of the organisation's financial documentation can easily be performed to ensure the organisation is proactive in its management of its fraud risk.
The responsibility to ensure that the appropriate action is taken to minimise and effectively deal with organisational risk is ultimately that of the Board of Directors, audit committees and management structures of the organisation. Performing regular and updated risk assessments makes good business sense and is essential to good corporate governance requirements. These efforts will also improve the communication and awareness of anti-fraud controls and processes and will help an organisation to know where it is most vulnerable to fraud in particular.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.