This article was originally published 20 August 2018.
During the course of 2021, Australians lost a record $2 billion to scams, as reported by the Australian Competition and Consumer Commission (ACCC) reports. And that's just individuals. Fraud and corruption also remain very real threats for businesses across the country.
Alarmingly, BDO’s Global Mid-Market Corporate Fraud Landscape Report reported that 46 per cent of participants consider their organisation partially prepared or not prepared at all in their efforts to prevent, detect and respond to fraud, with 10 per cent unsure whether their company may be prepared or not.
At BDO, our forensic services department investigates serious fraud cases on a regular basis. Here are five lessons that can be learned from them.
1. Line Manager
In our first case study, a line manager who had no formal access to the organisation’s accounting system or online banking had managed to take $4.5 million over three years. They were a very highly regarded and long-term employee, but because they were responsible for approving various contractors, they were able to set up 'Ghost Creditors' to approve payments.
There were key warning signs that weren't picked up:
- There was an increase in turnover but cash flow and profitability remained poor
- The alleged perpetrator was very protective about contractor relationships
- They appeared to be living beyond their means.
Your organisation should know to spot the signs in future, and ensure sufficient controls around contractor vetting and approval processes have been created to avoid this type of fraud.
2. Training officer
A training officer who, again, had no access to the organisation’s accounting system or online banking. The alleged perpetrator would take client calls, make bookings and provide training services.
They managed to take $250,000 over two years by issuing fake invoices with the perpetrator's own bank account details listed. As the sale was never processed in the system, no cash was ever marked as missing.
The perpetrator was only caught because the client analysed the issued training certificates, and identified a large number where no corresponding sales were recorded in the accounting system. The organisation was aware of variances in training certificates but assumed it was a system fault.
We suggest your organisation ensures that routine errors are still investigated to confirm that nothing untoward is occurring. The business also sacked the perpetrator but didn't obtain legal advice first, which led to an unfair dismissal claim - showing the importance of gaining legal advice before taking action.
3. CFO
The Chief Financial Officer (CFO) had sole access to the organisation’s accounting system. They were very highly regarded and had the board's complete trust. The CFO managed to take $3.5 million over nine years by processing ‘fake creditors’ and paying these to the CFO's own bank account. The fraudulent transactions were processed outside of business hours and from a different IP address, raising a red flag.
Other warning signs the organisation should have spotted, included:
- The CFO not providing financial reports on a timely basis
- The CFO not allowing anyone to see the company's bank statements
- The CFO loaned money to the company to help pay staff wages during tough times.
We suggest your organisation monitors for this red flag behaviour, and ensures no one has sole access to systems and accounts.
4. Accounts Payable Officer
The Accounts Payable Officer (APO) was a long-term employee. Although they weren't part of the payment approval process, they were responsible for entering invoices and creating .aba files. They took $1.2 million over three years by altering .aba files post-approval before uploading them to the company's online banking system. Invoices had been duplicated to ensure the creditors were eventually paid.
The red flags included:
- The perpetrator not taking any annual leave because they had to be at work to field calls from creditors requesting payment
- The perpetrator being first to arrive and last to leave
- The perpetrator getting around duplicated invoices by processing them as a -1 or inserting a space.
This example shows the importance of recognising small details like these early.
5. Payroll Officer
The payroll officer had administration access to the payroll system. They were a long-term employee who was very well-respected and known for their volunteer work. They managed to take $1.9 million over three and a half years by changing terminated employees bank account details to alternative bank accounts and then continuing to make the payments.
A cross check between the human resources department and payroll files identified significant issues, as well as the multiple changes to employee bank accounts.
We suggest organisations frequent review this type of system and documentation to ensure no fraud is taking place.
What can be done?
BDO’s Forensic Services experts have identified the three stages which may assist in stopping fraudulent activity.
- Prevention: This starts with governance culture, and encompasses aspects like the company's code of conduct, fraud control policy, training and awareness programmes and employment screening.
- Detection: Including post-transactional reviews, data analytics, and hiring both external and internal auditors. Having a whisteblower programme is also important.
- Response: This involves creating a fraud recovery plan, conducting investigations, taking disciplinary action, obtaining civil recovery and taking corrective action.
Fraud is in many places, but with the right fraud prevention and detection programme, you can stop it occurring at your organisation. For more information on BDO's Forensic Services, contact your local adviser.