Three-quarters of African countries scored less than three out of 10 on the Transparency International Corruption Perception Index for 2014. South Africa ranked 67th. Unfortunately this corruption is not only apparent in the more high-profile employment categories, but filters down to the lower levels and is most apparent where people are in positions of financial trust. Hi-Tech Security Solutions spoke to two industry professionals about the endemic fraud issues and possible counter-measures organisations can take.
Steven Powell, a forensic lawyer and director of forensics at ENSafrica, says that fraud occurs when three factors converge. Employees who are generally under pressure identify the opportunity to commit fraud, assuming there is a low risk of detection. The employee then justifies the commitment of these fraudulent acts by rationalising their behaviour, by relabelling it to remove the moral stigma that occurs with fraud.
He says that procurement and tender irregularities feature high on the list of common fraudulent behaviours and are committed in a number of ways:
1. Electronic funds transfer (EFT) payment manipulation.
2. Overpayment to legitimate suppliers (refunds directed to private accounts).
3. Fictitious suppliers/supplies.
4. Unethical procurement staff taking bribes to award contracts/tenders.
Kyle Condon, MD of D&K Management Consultants adds two others to this list:
1. Stolen company stationery (such as letterheads and stamps).
2. Ghost customer scams.
Powell says that external sources generally struggle to gain access to sensitive organisational information and therefore recruit employees to collude with them and defraud the company. Criminal syndicates either bribe or threaten employees to gain access to company/client information in order to then create false change of bank account or payment requests, often involving a form of identity theft.
One of the most prevalent frauds in the marketplace at present is EFT (electronic funds transfer) fraud which happens in two ways: creation of an alternative vendor profile which is then selected to perform illicit transactions; or substitution of supplier bank details with those of the employee or a third-party bank account number.
The key control factor here is to prevent any amendments to the bank details being allowed without rigorous multiple authorisations. This calls for a segregation of duties and intensive management control, with the appointment of more than one signatory to a company bank account.
Abuse of trust
Another form of fraud is where the employee deliberately overpays a legitimate supplier, waits for the funds to be credited to the supplier’s account then calls them to say that an overpayment was made. They then ask the supplier to quickly make a reimbursement payment into a third-party account which the supplier is led to believe belongs to the company. Since they deal with the accounts employee on a regular basis, they have generally built up a relationship of mutual trust and therefore do not query the request.
Kickbacks and inducements form part of procurement and tender frauds. In addition, bid fixing occurs whereby tenders are opened early or prices provided by one supplier are made available to another one, which then allows the second bidder to lower or raise their bid to their advantage. Other tender irregularities include instances where management or directors have a direct undisclosed interest in an entity or transaction.
Kickbacks also occur where fictitious invoices are submitted by a supplier who is colluding with an employee. The corrupt employee approves payment for the invoice and once payment has been received by the supplier, the employee receives a kickback. Undelivered goods are allocated to negligent departments.
The development of ghost customers or suppliers is another rampant type of fraud. With respect to ghost customers, an employee will tip off an outside party on what stock the company holds and what the legitimate ordering process is. The paperwork for a sale is then processed and the ghost customer collects the goods in his vehicle with payment for the goods taking place on collection. Funds will later be declared as insufficient, but only after the collection has taken place.
In the instance of a ghost supplier, a letterhead is designed and a bank account is opened in the name of a supplier. The corrupt employee then signs off requisition payments for a company which does not actually exist and payments are made to this entity, which is usually the employee’s, a family member’s or a friend’s account. Obviously, no services or goods are supplied.
Powell cites an example where a financial manager in the Stellenbosch area had defrauded R4,2 million from her company over an eight-year period using three different schemes. She overpaid suppliers then asked for refunds; she paid R1,3 million on her house by generating a false credit on the accounts payable system at the company, which then prompted her company’s system to pay the money to the conveyancing attorneys; and she placed personal stop orders on the company’s main bank account. Judgement in the case was that the perpetrator had acted out of greed, not need and she was found guilty of 699 counts of fraud and sentenced to 12 years imprisonment with four years thereof suspended.
Fraudster profile
The exact cost of fraud to the country’s business sector will never truly be known for two reasons: often fraud goes undetected; and some companies choose to sweep fraud under the carpet due to embarrassment or concern for the reputation of the perpetrator.
So is there a typical profile for employees who commit fraud? And how can organisations identify possible perpetrators?
Trigger events to fraud include divorce, extramarital affairs and medical emergencies. Powell points out a number of red flags that help management to recognise corrupt employees, but cautions that checks and audits need to be done on a regular basis, covering:
• Lifestyle costs that exceed income.
• Problems with excessive gambling, alcohol or drug use.
• Employees who constantly claim they are underpaid.
• Close relationship with suppliers.
• Favouring just one supplier.
• Poor credit rating.
• Poor communication and reports.
• Indulging in affairs.
• Not taking leave.
• Refusal of promotion.
• Excessive and unexplained overtime.
• Criminal record.
Is it fraud?
Determining whether fraud is taking place requires effort and time. Often, fraud is only discovered when fraudsters become careless or excessively greedy. In addition, fraud may be uncovered when a disgruntled mistress or ex-wife decides to blow the whistle on the errant partner.
Condon says that management needs to look out for duplicate payments, low sequential invoice numbers, duplicated invoice numbers, and rounded-off amounts on invoices.
Fraudsters often bypass the payment system by conducting a manual payment override which they justify by saying the automatic payment system has an issue.
Stopping them in their tracks
At the outset, Condon says, an employee contract should be designed to ensure that the organisation is fully protected. Therefore, a pre-employment and ongoing strategy whereby polygraph testing is implemented and lifestyle checks are customary should be created. In conjunction with this, awareness campaigns should be instituted in companies to provide fellow employees with the tools to recognise when fraud is being conducted by their colleagues.
Finally, a whistle-blower hotline must be implemented to allow the reporting of any misconduct in a non-judgemental and anonymous manner.
Powell says that it is a good idea to introduce exception reports and conduct regular internal audits to check that bank account numbers are legitimate and that staff bank account numbers do not match the bank account numbers of supposed suppliers. SAP, for example, has a number of anti-fraud controls which users simply need to activate.
A lifestyle audit will look at elements within an employee’s personal life such as the type of car they drive and house they own, as well as any expensive clothing purchased or holidays taken. Powell points out that while the Credit Act restricts the access to private account information, Section 18 allows companies to use the information to detect or prevent a fraud in cases where it is suspected there may be intent to commit fraud.
Property ownership information is in the public domain so companies can determine how many properties employees own. Multiple property acquisitions are often an indication of fraud being perpetrated, especially where income is insufficient to cover purchase or mortgage costs.
Social media can provide great insight into the personal life of employees, including their known associates and information on where they are socialising, taking holidays and spending money.
Organisations can use the CIPC to check the registration of businesses in the names of employees to determine conflicts of interest. This is valuable when investigating tender irregularities. Powell says that it is good business practice to ask all employees to divulge their personal business interests at an early stage of employment and to ensure that any updates on this status are shared.
Conclusion
While some fraud may go undetected, it is critical that companies conduct due diligence with regard to both their employees as well as suppliers to determine misappropriation of funds. A policy of zero tolerance needs to be adopted to discourage similar behaviour by other employees and would include following the relevant prosecutory processes to bring the employee to task. Protection of passwords needs to be strongly encouraged as many fraudulent events may occur without the awareness of the password holder, due to carelessness.
It is always advisable to employ the services of a reputable service provider that has a long history of successfully implementing anti-fraud campaigns and bringing fraudsters to task.
Section 43 of the regulations to the Companies Act requires companies to put measures in place to prevent corruption risks. The anti-corruption controls regulate good corporate governance, which also assists in managing fraud risks. All state-owned and public-listed companies have to establish social and ethics committees, which monitors management’s implementation of compliance initiatives, such as the implementation of programmes that measure compliance through a system of financial and accounting procedures that include internal controls. Any identified risks should be regularly monitored and reassessed to ensure that the programme’s controls remain effective.
Fraud prevention is better than cure; companies have to be proactive in managing fraud and corruption risks.
© Technews Publishing (Pty) Ltd. | All Rights Reserved.
printer friendly version