5 Things You Can do Today to Help Deter and Detect Fraud in your Organization
How Much Fraud is in Your Supply Chain or Sale Channel? (part 2 of 2)
5 things you can do today to help deter and detect fraud in your organization
Mr. Healey is an expert in supply chain financial and operational performance, fraud education, detection and prevention. In the area of fraud he has investigated and provided evidence for the prosecution of occupational fraud . He is a Member of the Business Advisory Board of Syracuse University Lubin School of Accounting, a guest lecturer on Procurement Fraud and Merger and Acquisition Fraud for the Whitman School of Management. He is quoted in CFO Magazine, Industrial Distribution Magazine and Modern Distribution Magazine.
As you read this article there is a high probability that there is fraud somewhere in your sales channel or supply chain. A bold statement, but one backed up in the most recent Report to the Nation by the Association of Certified Fraud Examiners – that globally, companies lose on average 5% of their revenues to fraud. The highest frequency of these frauds is found in the supply chain or sales channel of organizations.
In part one of our series we discussed ‘corruption’- defined as “the wrongful use of influence in a business dealing to procure a benefit for the actor or another person, contrary to the duty or rights of others.” Most frequently corruption is in the form of a ‘bribe or kickback’- schemes which involve collusion between employees and suppliers.
We will discuss in this article, the latest detection techniques, what to do if (when) you discover fraud in your business and 5 things you can do today to help deter and detect fraud in your organization
Companies spend billions of dollars each year combatting fraud in their enterprises. Public companies spend thousands of labor-hours on Sarbanes-Oxley (SOX) internal control documentation and testing. Many large private companies also mirror these types of controls under the banner of ‘best practices’. But these controls do not specifically address supply chain/sales channel fraud and more important, do little to detect any operational fraud. These tests are designed to detect financial statement fraud: that the financial statements are correct ‘in all material respects’; language only an auditor can love. The fraud can be an amount large enough to buy a Lamborghini, but if you have a billion dollar balance sheet, $250,000 is not material. Few business executives or their Board members feel this way. In fact, it was not until June of 2013 that the framework used to perform the internal control assessments was modified to strengthen fraud prevention and detection (these changes will take place in 2015).
How do we detect fraud today?
Most frauds are discovered by tips, by so called ‘whistle blowers’, or as fraud examiners refer to them as ‘corporate sentinels’- people who see something and say something. Under SOX, companies were required to install Ethics Hotlines. These are phone lines which company employees or in some case customers/suppliers can call to report unethical behavior, either with attribution or anonymously. As CFO of a public company I received many of these calls over my career. Most were human resource related and normally directed towards another employee. But some were fraud related, and in all of these instances, was the method an employee used to report fraudulent activity perpetrated by their superior. Dodd-Frank allowed sentinels to bypass the company and go directly to the SEC for a cash bounty, effectively making it harder for companies to monitor their own compliance lapses.
While tip lines are effective; more and more companies today are using ‘big data’ and predictive analytics to help ferret out fraud. They do this by looking at ‘structured data’ and ‘unstructured’ data.
Structured data includes internal data bases regarding: sales, purchasing, employee master lists, accounts payable, accounts receivable, customer files, vendor lists. Unstructured data includes: corporate email and personal email flowing through corporate servers, social media (Facebook, LinkedIn, Twitter), Dun & Bradstreet, State and County business, licensed data bases and even video and surveillance cameras.
Companies design analytic relationships, and develop keyword searches to spot anomalies. By looking at only structured data bases companies can develop – in a short period of time – ‘red flag’ systems. For example, a salesperson’s download of the company’s master customer list would cause a ‘red flag’ generated to multiple members of management. Note that flag warnings go to more than one person in an organization, since collusion requires more than one person!
Another common red flag is generated when the employee master file is compared to the vendor accounts payable master to compare addresses and names. This is a source of phantom vendors, or undisclosed related party transactions. Best practice dictates that all employee expenses and reimbursement be made through payroll systems and not through vendor payments. If your company disburses expense checks through your accounts payable system- Stop! You are impeding a basic fraud detection technique.
Red flags, although helpful are reactive, not predictive. Dr. Cressey, the foremost expert on white collar criminal behavior, stated that there were three basic reasons why people will commit fraud:
- Opportunity – They have the means to perpetrate the fraud and not get caught.
- Rationalization – They have justified this behavior –‘I only need the money for a short period of time and I will return it’; or ‘they owe me’ when a raise was not forthcoming.
- Pressure – unrealistic sales goals, cost reductions, earnings expectations – or even a demanding spouse, troubled home life. (Walter White in Breaking Bad)
By using unstructured data, such as email, companies can run programs for the ‘tone’ of email. These programs then plot the emails by person and you can identify people who are consistently angry, hostile or search for phrases that would give rise to concern such as ‘you owe me’, ‘revenue enhancement’, ‘ is this legal?’ and numerous other phrases.
By linking corporate ownership records through D&B and licensing records, you can find if two or more of your vendors are owned by the same parent company. As CFO of a highly acquisitive company, it was not uncommon for us to own two or more companies in the same market and have these companies bid for the same work. Our customers, and many times our own sales people, were not aware that we had more than one opportunity to win the business.
By linking email and employee records to social media, companies can easily search for actions and phrases which may be of concern. Many companies search for their corporate name, but with big data tools they can look for disgruntled employees, illegal activity and other issues. The relationships made with structured and unstructured data when combined with other indicators could be the lead required to predict fraudulent behavior.
What do you do if suspect fraud in your business?
First, if something does not appear right to you, trust your instincts. Many frauds have gone on far longer than they should have because people wanted to not believe their intuition. After all, most people believe others are honest, it takes training to think like a fraudster.
If you are an employee report it to the CEO, CFO, Internal audit or the appropriate level of your company. If you reside in the ‘C ‘suite and you receive a concern or know of an actual fraud it is extremely important that you utilize third parties who are experienced at fraud investigations. Just as not all doctors are surgeons, not all accountants or lawyers are trained and experienced in fraud investigations. Issues including chain of evidence, discoverable evidence and unintended consequences have thwarted successful fraud investigations.
- Your IT department seizes the suspects’ laptop and examines the hard drive eliminates the ability for a 3rd party expert to testify in court as to its original content.
- You hire your accountant to investigate a kickback scheme and his written report includes evidence that a Board member was made aware of the scheme and did not stop it. This opens your company to more liability and perhaps denial of coverage by your insurance carrier. But had your attorney hired the accountant, and he gave a verbal report to the attorney, your Board member’s poor judgment would not be discoverable under client attorney privilege.
- An unintended consequence, when you bring the suspect in your office and close the door and say ‘you’re not leaving until we get to the bottom of this’, could leave you susceptible to ‘unlawful restraint’ criminal charges and deem his confession inadmissible since it was given under duress.
What are the 5 things you can do today?
1.Train your Executives, Managers, Employees and Board members on fraud indicators. The training should be tailored for these groups. Invite key customers and suppliers to be part of this training. The training should be conducted by an expert in the field of occupational fraud.
2.Examine your Company’s employee hand book for a strong ethics and value statement and have statements of how unethical/illegal behavior will be dealt with (hint: termination and prosecution).
3.Install a ‘tip line’- these are very affordable; tip lines should be in multiple languages and cover all countries in which you do business, including with key suppliers. Make certain all employees, customers and suppliers are aware of the tip line. Test the line for language issues, and send out notices annually.
4.Conduct random employee surveys administered by independent 3rd parties for ethics and fraud related issues. Assure anonymity and include questions regarding pressure to perform and adequate resources.
5.Retain a qualified certified fraud examiner to conduct an evaluation of operational fraud risk including your sales channel and supply chain for fraud susceptibility. Remember, your accountants are focused on financial statement fraud, not operational fraud.
If you follow these simple steps you will greatly reduce your chances of being a victim of supply chain and sales channel fraud.