A concept shot of fraud
Fraud is so common nowadays that anyone and any business can be a target of fraud. Fraud can come from strangers living in another country, suppliers from another continent, customers in the same city to even employees who work alongside you.
Fraud committed by employees within the company is on the rise and usually, the more senior the employee, the more serious the damage caused to the company. In this article, our workplace investigations team at H & H Associates looks specifically at employee fraud and discusses:
- The eight types of employee fraud
- Why employee fraud happens
- The effects of employee fraud
- Strategies to minimise the risk of employee fraud
- What to do once fraud is detected
8 types of employee fraud
On the Action Fraud website, there is a list of approximately six types of fraud that can be committed by an employee. Our workplace investigations team has uncovered far more types and they are apparent at all levels – from C-level executives to managers and ordinary workers.
- Payment fraud
An employee may illegally transfer payments from the company to themselves through:
- Self-authorising payments
- Creating a fake or ‘ghost’ employee or supplier record, using company funds to pay the ghost
- Creating fake information to support a fraudulent claim
- Faking time sheet
- Altering a payment detail and then attempting to cash it
- Processing false claims by accomplices
- Procurement fraud
Procurement fraud can happen before and after a contract is awarded. Two common examples of fraud that can happen in the pre-contract award phase include suppliers working together in price fixing, and a staff member is biased towards one of the suppliers and uses his/her power to influence the decision, thereby making personal gain.
On the other hand, fraud in the post-contract award phase is all about payment. If one of your employees looks to abuse your trust, then you are likely to see fake invoices or fraudulent submission of duplicate. In some instances, you may find that an employee has colluded with suppliers to commit fraud in return for kickbacks or bribes. We consider this as corruption and will discuss in point 8 below.
- Misappropriation of assets
Company assets – cash, data, vehicles, inventory, intellectual property – are items of value. Misappropriation of assets may include:
- Stealing cash and inventory
- Cheque forgery
- Credit card abuse (using a company card for personal purchases)
- Vehicle abuse (using a company vehicle for personal use)
- Providing discounted or free goods or services to friends
In addition, fraudsters are after sensitive data like customer information which can be downloaded and then sold multiple times in the dark web. They also desire intellectual property as it commands a premium.
- Manipulation of financial data
A type of accounting fraud, manipulation of financial data refers to an employee altering sales records, income statements, cash flow statements or balance sheets. This type of fraud may be linked to bonus fraud which we will discuss in the next point below.
Some examples of manipulation of financial data include:
- Recording fictitious revenues
- Recording an incorrect level of inventory
- Recording reduced liabilities
- Moving current expenses or revenues to an earlier or later period
- Bonus fraud
Many companies today run a performance-based system for its C-level executives, meaning an employee’s compensation is largely tied to the financial performance of a company. While the original intention is to motivate employees, it has unfortunately led to abuses when staff choose to alter the numbers to enlarge their personal compensation.
- Personal management fraud
This Action Fraud page list a few examples of personal management fraud and they include:
- Staff on sick leave but working elsewhere
- Abuses of flexible working time systems
- Misuse of official time, like abusing a company’s computer misuse policy
- Deceit or misrepresentation for the employee’s advantage, like false references or false qualifications used to secure employment
At Blackhawk Intelligence, our surveillance team has handled a few cases involving staff on sick leave but working elsewhere. We also share a few points in this article.
- Travel and subsistence fraud
Travel and subsistence are expenses incurred during business travel, accommodation, meals and entertainment. When an employee makes travel and subsistence expenses despite not making the journey, it is considered fraud.
- Corruption (Bid rigging, kickback, and bribery)
Bid rigging means a group of suppliers form a cartel and agree the prices they will bid when quoting for contracts.
Kickback and bribery happen when an employee receives money (or other items of value) in exchange for business advantages. The difference between them is when the reward occurs – before or after a contract is being awarded. Bribery tends to happen before a work is done or a contract is rewarded so staff can influence the outcome, whereas kickback is usually paid to the employee involved after a sum of money has been received by a third-party.
Man, with money
Why employee fraud happens
Understanding the circumstances surrounding employee fraud can be approached in a similar manner to a detective solving a crime and considering the three main aspects of a case – motive, means and opportunity.
In the case of employee fraud, motive and opportunity are intricately linked, as an employee may be predisposed to engaging in criminal activity and once, they see an opportunity, they are ready to strike.
Employees who take advantage of flaws in company systems and procedures tend to stand out after a while. Ill-gotten gains may well change in their lifestyle habits and circumstances, which is usually visible to others. For example, they may drive expensive cars or take frequent holidays.
On the other hand, an employee may have fallen upon hard times and driven to fraud as a way of alleviating financial pressure. Their motive is self-preservation. They may not live beyond their means, but it is still relatively easy to spot.
In short, reasons as to why an employee commit fraud against a company that employs them include:
- Personal greed
- Coercion and blackmail
- Opportunistic theft facilitated by the trust the company has placed upon them
- Expensive addiction like gambling or drug use
- Getting revenge on the employers particularly if they feel under-appreciated
The work of Donald R Cressey
A few decades ago, a renowned criminologist called Donald R Cressey developed a framework for understanding the circumstances behind occupational fraud temptation. This is called the “Fraud Triangle”.
More scholarly in nature, his work looks in more detail at the three necessary conditions that lead someone to commit fraud: pressure (an emotion felt by the fraudster), opportunity (lack of internal controls) and rationalisation (the ability to justify one’s actions). Cressey’s work focuses on the fraudster and identifies how improving organisational (internal) control can be an effective fraud-deterrent measure.
Here’s a quick look at each of the elements:
- Opportunity: if an organisation lacks adequate internal controls and puts too much trust in the employees, then fraudsters are likely to take advantage of the situations.
- Pressure: fraudsters seek more money or rewards because they may be greedy, have an addiction, have debts, and/or want to meet certain expectations.
- Rationalisation: this is about the fraudster’s justification for committing a crime. This can range from “I don’t get paid for what I’m worth”, “nobody will miss the money”, to “I intended to pay it back someday”.
At Blackhawk Intelligence, our workplace investigations team combines the theory of the Fraud Triangle with a keen analytical view to provide a more complete picture in each of employee fraud case that we handle. Consequently, we help organisations to take a positive stance in fighting against employee fraud.
The effects of employee fraud
Employee fraud can have a wide-ranging impact on a business. Isolated cases may be dealt with discretely, like investigating an employee and terminating the person as a result. However, more complex cases can have damaging consequences. Here are six common impacts.
- Trust and confidence
Fraud often occurs when an individual takes criminal advantage of an opportunity presented to them. This could be because they are part of a team where trust is implicit – like processing payments or accessing sensitive data is part of the job. A single fraudulent activity in the team can quickly tarnish the whole team’s reputation and trust within the company and ultimately undermine confidence in the department they work for.
- Staff turnover
Good employees do not want to work for an organisation where fraud is widespread and toxic personnel are plentiful. For example, if certain employees repeatedly misuse their position to sell out-of-date or scrapped stock for financial gain, colleagues with higher morals and ethics tend to leave unless management is active in clamping down on such activity.
- Reputational damage
Bad news, especially scandals, travel fast as discontented employees talk. This narrative may propagate up and down the supply chain and within the concerned company’s industry and peer groups.
Damage to a company’s reputation caused by internal employee fraud can have a lasting impact on the company’s business prospects. In more extreme cases, it can even lead to business failure, especially when the company’s executive leadership is implicated.
- Fines or criminal proceedings
Stealing data and selling them to the criminal underworld does not just lead to loss of trust or the business’s financial impairment, it may lead to criminal charges being made against the company.
In Europe, the list of companies being fined for violating the rules under GDPR is also growing as we speak. It will be a silly mistake to treat GDPR lightly and think fines will not happen to your company.
If a company has been impacted by employee fraud, it may lead to the company’s management tightening controls across a broader range of its activities. While laced with good intentions, it could increase the difficulty for employees doing their jobs. In some instances, it may be detrimental to individual performance.
The degree to which a company tightens its controls can directly affect staff morale, which ultimately could lead to the best employees leaving the company or the company finding that it cannot function effectively, damaging its operational capabilities.
- Overall effectiveness
Don’t underestimate the impact of employee fraud on company processes and employees. Whatever actions a company takes in reducing or recovering from employee fraud, it has to be balanced and proportional, otherwise, the cure could be worse than the disease.
Five strategies to minimise the risk of employee fraud
Fraud in any business arises because of a lack of controls or failure of processes. This can happen over time as systems and processes age, while technology, often the means through which fraud is perpetrated nowadays, continues to advance in sophistication.
To help understand how a company can reduce the risks of internally perpetrated fraud by employees, we have grouped fraud reduction strategies into five main areas:
- Policy & Process
- Management & Accountability
- Actions a company’s leadership can take to mitigate fraud
While everyone in a company should adhere to policies and be accountable for their actions, the CEO should make it clear that he or she is leading by example and ensuring everyone understands the negative impacts of employee frauds.
Ideally, a good CEO should possess the following qualifies to mitigate fraud:
- Foster a culture that promotes trust and honesty
- A willingness to speak up when wrongdoing is identified
- Remain aware of the challenges throughout
- Make sure a clear set of policy exists for the company (or even every department)
- Lead by example
- Educating staff on company fraud and how to spot it
When Cressey created the Fraud Triangle (as mentioned above), it was during a time when technology did not quite permeate as it is today. Now, sophisticated technology pervades almost all aspects of our working lives – and it is this technology that often provides the means for fraudsters to perpetrate fraud.
Let us be clear – we are not saying that good old procedures should be cast aside; they remain relevant. What we are saying is to update your fraud training to include how technology can assist in a criminal activity. Make sure that your employees receive a good understanding as to how fraud can be committed. For examples, leaving the door of your warehouse unlocked at night and leaving a computer unlocked when the person is away from the desk are equally unacceptable.
Depending on the expertise level of the employee and the sophistication of the role they perform, fraud prevention training can be tailored accordingly, and this is something that our team at H & H Associates can assist too.
- Developing policies and processes that keep one step ahead of the growing sophistication in employee fraud methods
All too often, company policies can be seen on a dusty shelf while practices are taken for granted, leading to employee fraud. Beware that watertight policies or operating practices can become obsolete once they fail to take account of the rapid changes occurring in today’s business world. As a business leader, you must ensure that your management has a proactive campaign that measures the performance of a practice or policy against the environment within which the policy is enacted.
In other words, all policies and practices should be regularly reviewed considering the growing sophistication of fraud.
- Implementing and maintaining controls that are effective in combatting employee fraud
While having an effective set of policies and procedures is critical to any functioning business, they are essentially useless without controls. Controls here are not referring to the ‘who does what’ aspect of a business, but rather ‘how much somebody can do’ without triggering some form of oversight or due diligence check.
A typical example is cash expenditure – how much an employee can sign for. Another example is contract negotiations – how much financial commitment an employee can make on behalf of the company. Both examples represent routes for potential fraud if no controls are in place.
Most organisations have tighter controls within the purchasing department. Without proper controls, an employee could find themselves in a position where they are responsible for both issuing new purchase agreements and deciding who the suppliers should be. This situation could easily lead to corrupt practices involving bribery and supply chain fraud.
A company should be especially diligent in ensuring that no individual has absolute controls over a process that can cause serious harm to a company. On the other hand, employees should be allowed to carry out their duties and responsibilities effectively. In other words, controls should not impinge upon the role, but should mean a series of considerate checks and balances that trigger appropriate warnings.
To assist employees, understand how these systems work and who is responsible for what activity or function, a company should publish an organisational chart that explains the chain of command for the various roles in the company. If this type of information can cause harm if fallen into the wrong hands, then the company directors and managers should only make it clear to employees who need to know, thereby minimising damage should such information leak.
Overall, areas that a company should ensure adequate controls are in place may include:
- Separation of duties and segregation of tasks
- Clear authorisation levels
- Procedural checks and balances, and appropriate alarm triggers
- Organisation chart showing chain of command
- Physical access controls to IT systems, physical filing systems or other sensitive areas
- Use of surveillance
- Regular accounting reconciliations, anything from payroll reconciliations to variances between budget and actual
- Clear policies pertaining to RFQ, tenders and supply chain management
- Supplier due diligence checks
- Payroll / Employee validation
- Financial statement reviews – credit cards, expense accounts, bank accounts
- Management & accountability
Managing routine tasks can quickly become too easy for an employee, so much so that they may risk diminishing their attention to the job and the associated controls. For a would-be employee fraudster, seeing a colleague becoming complacent is a sign that an opportunity to commit fraud may soon present itself.
To improve the corporate environment, here are four actions management can take:
Foster a culture of accountability
Culture change within an organisation is notoriously difficult. To be successful in fostering a culture of accountability, your best bet may involve identifying a few internal champions – specifically middle managers who are keen to make decisions and take the risk that comes along. Let them hold accountable for their actions and the actions of those who report into them. Once they start to see the benefits, they will inspire others to follow suit.
An effective culture of accountability is about striking a healthy balance of oversight and flexibility. You do not want management that is oppressive and restrictive, equally, you do not want them to be easy-going or turn a blind eye. Also, having a culture of accountability does not mean not having adequate rules. If something goes wrong, the person must understand that there are repercussions.
Whistleblowing is a valuable corporate governance tool as it empowers employees to report any unlawful or unethical activity. The key is to have a system whereby employees can communicate their concerns anonymously and securely, without having to fear any negative consequences. For example, having a hotline where employees can leave a voice message tends to work well in combating employee fraud.
Not every employee is comfortable with whistleblowing, particularly when a real sense of comradery is a defining characteristic of your organisation culture. If this is the case, reiterate the dangers of employee fraud and emphasise how whistleblowing can lead to fraud detection quickly, thereby minimising the risk of lost revenue and other damages.
Know your employees
Beware that manager overseeing a large department or team tend to be impersonal. Not knowing your employees means you are likely to miss the chance to spot changes in behaviour or other trends that may suggest a looming security problem.
Here is a case which we came across: employee A worked late into the night and even showed up to work during weekends. The finance director thought she was a hardworking and diligent employee. But, she misappropriated signed company cheques intended for suppliers when she was working alone. Also, in a couple of occasions, employee A deceived the finance director who was a signatory into signing blank cheques which she would then cash. After an extended period, employee A became confident that no one would know her dishonest tricks. She began to plaster social media accounts with expensive cars and luxury holidays abroad. But thanks to an observant colleague, suspicion was soon raised. Our workplace investigations team and accounting fraud teams soon got involved in helping uncover that employee A had siphoned off more than a million from her employer.
Minimising employee fraud starts with the hiring process
Most CVs today are peppered with inaccuracies and lies. The three most common lies job seekers tell are education embellishments, date deception and skill stretching.
It is natural to assume that candidate who lies on the CV is more likely to cause harm to your company. This is why our specialist background check experts work closely with companies across the UK performing essential pre-employment screening.
Checks may include:
- Verifying educational qualifications
- Verifying employment in the last 10 years
- Checking for criminal record
- Analysing any corporate affiliations
- Conducting a media and internet review
- Checking for any litigation action
- Conducting discreet human source enquiries
- Identifying any political red flags
Promoting a culture of accountability can help to reduce the risk of employee fraud
What can you do when employee fraud is detected?
Following the discovery of employee fraud, action taken by the management can make or break the case. If you confront the suspect without giving them an opportunity to consider, seek advice and respond, you risk breaking the employment laws and giving them an opportunity to take action against you later (such as unfair dismissal). Also, you may unknowingly enable them to destroy the evidence. Here are three steps that you should take:
- Make sure that you have sufficient evidence
Do not attempt to confront the employee the moment fraud is discovered. In fact, do not even alert the fraudster and give them (or their accomplice) a chance to temper with any incriminating evidence. Call our workplace investigations team so we can start to gather evidence for you. Time is money, our specialist team will work quickly and discreetly to investigate and preserve the evidence in a format that is acceptable in a court of law.
- Suspend the employee
Once you have enough evidence, suspend the employee to stop fraud continuing and stop the person from destroying the evidence.
- Consider your legal options
Once our team has gathered enough evidence to support the allegation of fraud, you can consider your legal options which can range from terminating the employee to bringing a civil claim against the person. Please note that before any termination, the employee must have an opportunity to respond to the allegations. A legal representative will advise you the right procedures so your company can avoid any unfair dismissal claim later.