William Black and Kare Johnstone: Don't give fraud the office space

The "good" news for organisations is that most fraud is preventable. Photo / 123RF

• William Black and Kare Johnstone are Partners at McGrathNicol, an independent advisory firm specialising in advisory, forensic, transactions, restructuring and insolvency. More information on the firm is available at mcgrathnicol.com

Rarely a month goes by without news of another organisation being impacted by fraud or corruption. The victims of fraud range from small owner-managed businesses to large multinationals and on occasion can even include those who have raised concerns — the whistleblowers.

Recent high-profile cases in New Zealand include the Auckland Transport corruption case in which two of the perpetrators were sentenced to jail terms of about five years. This month the Court of Appeal dismissed an appeal against the sentences.

In another high-profile case, a former general manager at the Ministry of Transport, Joanne Harrison, defrauded it of more than $700,000 and is serving three years. A subsequent investigation by the State Services Commission found that four ministry staff who raised concerns about Ms Harrison's behaviour had lost their jobs. State Services Commissioner Peter Hughes apologised to them for the treatment they received for raising "genuine and well-founded concerns".

No organisation is immune to the possibility of fraud. Being alert to suspicious activity, robust internal controls, and an environment in which people have a channel to freely voice concerns are essential to detecting and preventing fraud. Even then the risk of fraud remains.

The results of recent fraud surveys conducted by global professional services firms across their worldwide client databases contain some interesting insights. For example, one recent survey highlighted that the typical fraudster profile was male, aged 36 to 55, with more than six years' service and in a management or executive position. Another survey, which focused on New Zealand specifically, noted that 40 per cent of surveyed organisations had experienced a fraud, with asset misappropriation (theft) being the most significant.

This is a startling finding, considering that international benchmarking surveys, such as that by Transparency International, consistently rank New Zealand as one of the least corrupt countries.

As forensic accountants, these statistics do not surprise us. We have undertaken many fraud investigations, for listed companies through to small owner-managed entities.

Regardless of organisation size, the underlying hallmarks of a fraud are usually similar. A determination on the part of the fraudster, often driven by a sense of "entitlement", matched with a gap or weakness in an organisation's controls — an environment ripe for exploitation.

Numerous studies have been done on the motivation of fraudsters and some fraudsters have become household names. Nick Leeson, the derivatives trader whose fraud resulted in the collapse of the iconic UK investment bank, Barings, in the mid-90s, is one example. Closer to home, Equiticorp, Fortex and AIC Corporation all collapsed, with fraud prosecutions a feature in each case. While these represent examples of high-profile misdemeanours, in our experience most fraud goes unreported by the media and organisations are usually able to recover from the impact of fraud without collapsing.

The "good" news for organisations is that most fraud is preventable, with the right controls in place and with the internal controls properly monitored. Recent cases we have investigated have shown that the fraud committed was in part a result of too much responsibility being placed on certain individuals, without a sufficient segregation of duties. While trust and integrity are qualities all reputable organisations want to inculcate in their management and staff, these qualities alone are insufficient to prevent fraud. Robust internal controls need to be incorporated into standard operating procedures.

Many of the controls required are not onerous. For example, one of the most common frauds we see is the perpetrator having the ability to change a payee bank account and/or submit a false invoice for payment. Stricter controls over bank authorities and invoice approvals would in most cases deter the fraudster. Requiring employees to take annual leave rather than allowing large leave balances to accumulate is important. Frauds are frequently identified once an employee has taken leave and a colleague subsequently discovers something in their absence. Instilling a strong organisational culture of integrity and honesty and matching this with the "tone from the top" is essential.

In addition, acting quickly to review and investigate suspicious activity is important. Regular and comprehensive fraud risk assessments ensure the focus remains on prevention and detection. Many organisations adopt specific whistleblowing procedures and reporting lines which allow employees to raise concerns, anonymously if necessary. This month Zespri used its whistleblower line to dismiss an employee for "multiple breaches of company policy".

Former US Federal Reserve chairman Alan Greenspan once said, "corruption, embezzlement and fraud are all characteristics which exist everywhere. It is regrettably the way human nature functions, whether we like it or not."

Without wanting to sound alarmist, whenever we have been engaged by a client to investigate suspicious activity, a fraud has been identified and confirmed. All businesses should be prepared.

Taking steps to ensure your organisation is not the target of a fraud should be a key focus for directors and senior executives, regardless of the size of the business.