Workplace betrayers often most trusted

By ALISON HORWOOD

Workplace fraud is alive and well. Chances are, it is being carried out by your most trusted and respected staff.

It's also very likely that managers aren't doing enough to curb it.

"We believe companies continue to bury their heads in the sand and ignore the fraud warning signs," says Ben Palmer, a business risk expert with professional services company Ernst & Young.

"As companies become more sophisticated in their approach to business, so should their approach to the management of risk."

An international survey last year by Ernst & Young shows that employees are responsible for 82 per cent of fraudulent activity.

Nearly half those caught siphoning funds had been with their organisation more than five years, and almost a quarter for more than 10 years.

Fraudsters are often long-term employees who are trusted with banking or transferring funds and know the systems in place as well as any loopholes.

No matter how well a company is managed, or how large scale the internal checks are, fraud continues to be a persistent problem.

Example: Titirangi accounts clerk Telesia Fonoimoana, 27, was convicted in July last year on a representative charge of using a document with the intent to defraud - on 352 occasions.

To pay for her gambling habit and spending sprees, she stole $1.3 million from her employer, making out blank cheques to herself and concealing the amounts as payments to creditors in the company's accounts.

The fraud - described in court as a "disaster" for the company, whose name was suppressed - was revealed after Fonoimoana's resignation, when her successor noted just how many cheques had been written. Fonoimoana was sentenced to four years' imprisonment.

In many ways it was a stunningly average case of fraud, in that it was done by someone working in the traditional high-risk areas of payroll, vendor fraud and treasury.

While it may be the large-scale scams that reach the headlines - think Barings Bank's Nick Leeson or, more recently, the accusations levelled at Allied Irish Bank's John Rusnak - most fraud is a series of small but regular incidents which go undetected for a while but soon accumulate.

The most common types are theft by employees and third parties, breach of bank mandates, including cheques and the use of false accounts, forgery, collusion with suppliers or customers, commission payments or kickbacks, counterfeiting documents and altering debtor and creditor balances to cover up fraud, computer or funds transfer fraud by third parties, and extortion.

Evidence for the Ernst & Young survey, The Unmanaged Risk, was gathered from senior executives in 739 organisations from 15 countries.

More than 60 per cent of New Zealand participants had suffered a fraud in the previous 12 months. Five per cent of those had suffered more than 50 incidences.

The total bill from fraud in New Zealand, depending on which research is being canvassed, is up to $2.7 billion annually - yet only a third of New Zealand respondents believe they do enough to protect their organisation.

Ben Palmer says the Kiwi attitude of "she'll be right and it won't happen to me" prevails. He says local companies are not doing enough to manage the risk of fraud.

Only 58 per cent of international respondents to the survey had a named person for staff to report a fraud to, while just 38 per cent were reminded on a regular basis of that person's identity.

"Fraud won't go away," says Palmer. "Companies must learn from their mistakes and address the issue now before it costs them later."

Insurance against fraudulent activity, which can be broadly classified as traditional fidelity and broadform fidelity cover, was bought by 42 per cent of respondents, compared with 36 per cent in 1998.

Guidelines for managing fraud risk can include a well-documented policy, responsibility structure, risk assessments, fraud reporting systems, investigation standards, external notification procedures, conduct and disciplinary standards and employee and customer awareness.

But Anne Knowles, executive director of Business New Zealand - a merger of the Employers Federation and the Manufacturers Federation - says almost all New Zealand organisations do have systems in place.

While many may not have clear fraud-risk management policies, basic principles such as double-signing cheques and payments, and annual checks by an accountant, act as a safeguard. Because 93.4 per cent of New Zealand businesses employ 10 people or less, insurance against fraud is not necessarily cost effective, she says.

Employers must not be complacent, she says. There should be checks and balances for all staff who come into contact with money, from the receptionist who opens the mail to the person who does the banking.

David Bradshaw, director of the Serious Fraud Office, which normally steps in when an alleged fraud involves more than $500,000, fields around 100 complaints a year.

"There are a few where you wonder why the company didn't ask a few more questions," he says.

"But more often than not, the person who committed the fraud had access to, or the ability to, defeat the company's system."