During the course of 2017, a record $340 million was reported lost by victims of Australian fraud schemes, the Australian Competition and Consumer Commission (ACCC) reports. And that's just individuals. Fraud and corruption also remain very real threats for businesses across the country.
At BDO, our forensic services department investigates serious fraud cases on a regular basis. Here are five that we've encountered recently, and the lessons that can be learnt from them.
1) Line Manager
In our first case study, a line manager who had no formal access to the business's accounting system or online banking had managed to take $4.5 million over three years. They were a very highly regarded and long-term employee, but because they were responsible for approving various contractors, they were able to set up 'Ghost Creditors' to approve payments.
There were key warning signs that weren't picked up:
- There was an increase in turnover but cash flow and profitability remained poor.
- The alleged perpetrator was very protective about contractor relationships.
- They also appeared to be living beyond their means.
Businesses should know to spot these signs in future, and also create sufficient controls around contractor vetting and approval processes if they are to avoid this type of fraud.
2) Training officer
Our next example involves a training officer who, again, had no access to the business's accounting system or online banking. The alleged perpetrator would take client calls, make bookings and provide training services.
They managed to take $250,000 over two years by issuing fake invoices with the perpetrator's own bank account details listed. As the sale was never processed in the system, no cash was ever marked as missing.
The perpetrator was only caught because the client analysed the issued training certificates, and identified a large number where no corresponding sales were recorded in the accounting system.
The business was aware of variances in training certificates but assumed it was a system fault. This highlights that anything that seems like a routine error should still be investigated in order to check nothing untoward is occurring. The business also sacked the perpetrator but didn't obtain legal advice first, which led to an unfair dismissal claim - showing the importance of gaining legal advice before taking action.
In this example, the CFO had sole access to the business's accounting system. They were very highly regarded and had the Board's complete trust. The CFO managed to take $3.5 million over nine years by processing "fake creditors" and paying these to the CFO's own bank account. The fraudulent transactions were processed outside of business hours and from a different IP address, which raised a red flag.
Other warning signs the business should have spotted were:
- The CFO didn't provide financial reports on a timely basis.
- They wouldn't allow anyone to see the company's bank statements.
- They loaned money to the company to help pay staff wages during tough times.
Businesses should watch out for this red flag behaviour, and ensure that no-one has sole access to systems and accounts.
4) Accounts Payable Officer
The APO was a long term employee. Although they weren't part of the payment approval process, they were responsible for entering invoices and creating .aba files. They took $1.2 million over three years by altering .aba files post-approval and before uploading to the company's online banking system. Invoices had been duplicated to ensure the creditors were eventually paid.
Red flags included:
- The perpetrator wouldn't take any annual leave because they had to be at work to field calls from creditors requesting payment.
- They were the first to arrive and last to leave.
- They were getting round duplicated invoices by processing as a -1 or inserting a space.
The example shows the importance of recognising small details like these early.
5) Payroll Officer
The payroll officer in this example had administration access to the payroll system. They were a long term employee who was very well-respected and known for their volunteer work. They managed to take $1.9 million over three and a half years by changing terminated employees bank account details to alternative bank accounts and then continuing to make the payments.
A cross check between HR and payroll files identified significant issues, as well as the multiple changes to employee bank accounts. This highlights the importance of frequently reviewing this type of system and documentation to ensure no fraud is taking place.
What can be done?
Stopping fraud involves three different stages:
- Prevention: This starts with governance culture, and encompasses aspects like the company's code of conduct, fraud control policy, training and awareness programmes and employment screening.
- Detection: Including post-transactional reviews, data analytics, and hiring both external and internal auditors. Having a whisteblower programme is also important.
- Response: This involves creating a fraud recovery plan, conducting investigations, taking disciplinary action, obtaining civil recovery and taking corrective action.
Fraud is in many places, but with the right fraud prevention and detection programme, you can stop it occurring at your organisation. For more information on BDO's forensic services, contact your adviser.