Often organisations focus on external fraud threats with limited focus on the insider threat. This International Fraud Awareness Week (17-23 November 2024), we are shining a light on internal fraud – how it happens, why it happens and how organisations should best mitigate and manage this risk.
When investigating internal fraud for our clients, we are often told the employee was trusted and in the role for a number of years. Trust, however, is not a control and the employee's tenure has allowed them to determine how to best circumvent organisation controls and hide their tracks. The fraud is often discovered years later, when the damage to the organisation's reputation and/or the quantum misappropriated is significant.
How Does Internal Fraud Happen?
Employee fraud typically occurs through procurement, expense reimbursement, payroll or misappropriation of inventory or company assets. Financial misstatement is another internal fraud type we see. For example, to game key performance indicators ('KPIs') to meet performance expectations, falsify the existence of underlying assets and rates of return, cost misallocations to come within budget and fake bank accounts without customers' knowledge to name a few. In these cases, controls haven't been sufficiently designed or tested to prevent internal fraud from occurring and detect internal fraud in a timely manner.
Why Does Internal Fraud Happen?
We often see internal fraud occur more as a result of gambling addiction or greed/ a desire to impress others through material possessions rather than due to financial hardship. In significant Australian cases, employees have gone on spending sprees at high-end stores, bought property and art, and put private school fees and personal travel through company expenses. In some cases, they even fled the country with funds sent offshore.
How Should Organisations Best Mitigate and Manage the Risk of Internal Fraud?
- Prevention - Have a robust fraud and corruption control framework, with internal fraud risk typologies mapped to controls on your risk register.
- Detection - Run proactive, targeted fraud analytics regularly to help identify suspicious transactions and relationships.
- Response - When there is a suspicion of fraud or corruption, it is important not to taint evidence that later may need to be court admissible. Make sure the evidence is obtained and preserved appropriately.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.