More than 50% of UK businesses have been defrauded by an employee or contractor in the past 12 months, according to the National Fraud Intelligence Bureau. And while many business owners feel threatened by online fraud and hackers, the figures of the NFIB show that a greater risk comes from within the organisation.
One of the main issues of insider fraud? Organisations are placing too much trust in individuals on financial matters without adequate oversight, according to Julian Beressi, managing partner at KJG Chartered Accountants and specialist forensic accountant.
“When you hire someone to your accounts team or contract out your bookkeeping, it is natural that you want to trust them,” he said. “But what sort of background checks have been done? And what kind of controls are put in place as they work?
Beressi: “All too often we see cases where insiders who are eventually caught defrauding the company they work for have simply been left to their own devices, with no checks and balances in place. The first step towards fraud is opportunity, and opportunity arises when there is too much trust placed in individuals from the top.”
Small opportunities can eventually lead to large amounts of fraud
Insider fraud can go on for months, even years, due to a lack of checks and oversight. It mostly starts small: employees manipulating (invoice) records and siphoning off small amounts of money. Whether consciously or not, it’s a test (or confirmation) if they can get away with it. Not only do these small sums add up, but the fraudster can become bold and try to hide larger amounts. It’s mostly when the fraudster becomes overly confident that people notice and the fraudster is caught.
Don’t hide behind trust
Beressi recommends company directors and owners not to hide behind trust, but use oversight to prevent internal fraud. “Oversight does not have to mean a culture of suspicion and finger-pointing,” he said. “It means putting in place basic controls, especially at the point where money is leaving the company accounts, i.e. authorisation of payments. Not having some sort of review system in place to check where money is going leaves you exposed to unnecessary risk.”
User access management
One of these basic controls is user access management, especially for companies switching to digital accounting systems. Which employee or group of employees can do which actions? What is their level of authorisation? A strong protocol – again, not for a culture of suspicion, but for internal review – prevents unauthorised employees from finding sensitive records, and editing them.
Another type of semi-internal fraud may start with poor password and authentication policies. In most cases, former employees or contractors still have access to sensitive records long after they have left.
The advice of Beressi: set policies and procedures in place, to remove temptation and to set strong controls, especially when it comes to money. A forensic accountant will look for anomalies in your financial records to keep your business safe and secure.