Are you in control of your controls?
In this article, Emma Webster, a manager in our Forensic Accounting & Investigations team, discusses fraud and highlights the importance of having robust, fit for purpose, controls within organisations that are adhered to and regularly updated.
For a while, it seemed like a day didn’t go by without a random bank sending a text or email asking you to log in via a suspicious link, Royal Mail texting to request payment for release of a mystery parcel, or strangers offering, by unsolicited email, the opportunity to earn a 200% return on teak tree investments. Spam filters seem to have tempered the barrage somewhat, but the proliferation of fraud and scams has been staggering in recent years. Trying to keep up with the weird and wonderful methods has also proved difficult; Action Fraud’s website lists 43 types of fraud within its Fraud A-Z, and still manages to exclude Furlough payment and bounce back loan fraud, which are reported to have reached £5billion+ in value. With fraud accounting for 39% of all crime in 2020/21, it’s no surprise that the Victims’ Commissioner for England and Wales has termed fraud the ‘volume crime of our times’.
In trying to keep up with the evolving fraud landscape, are we perhaps at risk of forgetting the more traditional methods? The spike in home working during lockdown may have caused some to believe opportunities for business fraud would decrease. However, according to PwC’s UK Economic Crime Survey 2022, 64% of UK companies experienced fraud or economic crime in the last two years, up from 56% in 2020, and 50% in 2018. The UK’s rate is also well above the global rate of 46% for the same period. Whilst external fraud against companies has largely driven the increase, the report identifies that 49% of frauds against companies involved internal perpetrators, or internal perpetrators acting in collusion with external parties.
What are the main fraud threats facing companies?
According to a 2022 study by the Association of Certified Fraud Examiners, the three primary categories of occupational fraud are:
- Asset misappropriation – The report found this to be the most common category of occupational fraud, with a median loss of USD 100,000.
- Corruption – An element of corruption was found to have occurred in 50% of reported cases, with a median loss of USD 150,000.
- Financial statement fraud schemes – Fraud in which the perpetrator intentionally causes a material misstatement or omission in the organisation’s financial statements, usually in respect of the performance, financial position, and cash flows, was found to be the least common of the three, but the costliest with a median loss of USD 593,000.
This year, we have seen a spike in the number of investigations relating to embezzlement and financial statement fraud schemes. Whilst the methods vary, at the root of the problem is almost always
- a lack of controls, challenge and oversight
- out of date or poorly applied controls
- the failure to promote and follow existing controls and policies
The line between a breach of controls and outright fraud can sometimes be a difficult one to establish. What might start off as a slight deviation from controls, with little perceived financial impact, can very quickly become fraud. We often work with businesses who have taken the time to set up and document a strong system of controls, only for these to be ignored, forgotten about, or become obsolete over time – which gives fraud an open door.
As well as financial losses, the identification of fraud all too often leads to a breakdown of trust within a workforce, meaning the effects continue to be felt long after the issue is identified and addressed. The importance of robust, fit for purpose controls within an organisation cannot therefore be overstated.
Whilst we provide forensic investigation services to support criminal, civil or internal fraud actions, we think it pays to be proactive. Quantuma’s Forensic Accounting & Investigations team can assist your business in identifying and addressing weaknesses in fraud controls, meaning it doesn’t become part of the statistics.