The threat of fraud in a complex and sophisticated business environment is real. Financial systems become more complex over time to fulfil the quest for information from their owners.
Accordingly, opportunities are inherently created for fraudsters to thrive. For this reason, fraud is constantly evolving: new scams and patterns evolve as new opportunities emerge and fraudsters find ways around detection and prevention measures.
Still, many types of fraud and schemes occur again and again, across different geographies, business types, and industry sectors. In this blog, we’ll cover:
- Internal fraud, including embezzlement and fraudulent payments, and
- External fraud, such as hackers, supplier fraud, and customer fraud.
Let’s delve a little deeper into the most common types of fraudsters and how best to respond to them with internal or external audits to help protect you and your business.
Fraudsters From Within
Internal fraud is any criminal act committed by someone associated with a business. This could be a staff member, a member of management, or a member of governance. Also known as occupational fraud, this could look like an employee making deposits into their account, or paying personal expenses on the corporate account.
This type of internal fraud is also referred to as ‘occupational fraud’. It’s among the most damaging types of fraud businesses face since employees can exploit their position within a company to commit acts of theft and embezzlement. In many cases, this kind of fraud goes undetected for long periods.
To better understand internal fraud, we can categorise it into four distinct types.
Embezzlement is when someone connected to a business steals funds, typically money or amounts in the corporate bank account.
Importantly, embezzlement is not as straightforward as theft. This is because there is usually a manner in which the fraud is concealed in order to avoid detection.
Fraudulent payments fraud is when someone connected to a business establishes a payment to themselves or a third party.
Typically, this type of fraud takes three forms:
- Invoice fraud: When an employee sets up fake invoices to pay themselves or a third party from the company’s accounts.
- Wage fraud: When an employee creates ‘ghost employees’ on a company’s payroll, listing them as offering ‘third-party services’ when in reality they’re fake and the employee can access the monies paid.
- Expenses fraud: When an employee manipulates expense documents, forging declarations and signatures to receive reimbursement for fabricated expense requests.
As you might expect, fraudulent payments are difficult to detect since they’re often carefully masterminded and concealed in genuine payment and invoice requests.
Data is one of the most valuable assets of a business, and data fraud is quickly becoming one of the biggest threats to modern companies. Certain major Australian companies may spring to mind when thinking about recent data breaches, some of which were nationwide, affecting millions of people and businesses.
Data theft by staff can potentially be on-sold or used as leverage, for instance, in a bribery scenario. Businesses face the risk of severe reputational damage when their data and assets are improperly used by current or outgoing employees.
In efforts to keep track of data breaches and respond to them swiftly, the Notifiable Data Breach (NDB) scheme was instated in 2018. The scheme dictates that data breaches occurring to Australian companies with an annual turnover of $3 million or more report such breaches to the Australian Information Commissioner (OAIC).
Financial Statement Fraud Schemes
Financial statement fraud schemes involve intentional actions by individuals to cause material misstatements or omissions in an organisation’s financial statements. These schemes are a form of white-collar crime where the perpetrating party manipulates financial records for personal gain or to deceive stakeholders.
The motives behind financial statement fraud can vary, ranging from inflating profits to meet financial targets, concealing poor performance, or attempting to boost stock prices. Perpetrators may employ various techniques, such as inflating revenues, understating expenses, or manipulating accounting entries to present a false financial picture.
This type of fraud can have severe consequences for investors, creditors, and other stakeholders, eroding trust and damaging the financial health of the affected organisation.
Responding to Internal Fraud
When it comes to internal fraud, prevention is better than cure. At Bishop Collins, we offer clients practical tips on how to reduce their risk of internal fraud – check them out below:
Segregation of Duties
It’s rarely a good idea to leave one person in charge of your business’ accounting and finances. Instead, split management between two or more parties to improve accountability and make things more difficult for would-be fraudsters.
We also recommend segregating the initiation, review, approval, recording, and disbursement functions between different roles to not only promote transparency and accountability but also to lessen the likelihood of collusion.
Review and Update Access Controls
Who has access to what systems and platforms within your business? Access privileges should be assigned with care and due diligence and make a note of who controls what. This is also referred to as access on a need-to-know basis.
Regularly Audit Your Accounts
Regular accounts auditing is one of the most effective ways to spot anomalies that could signal fraud is taking place.
External audits are mandatorily required by many businesses, but others elect to undertake these voluntarily. Importantly, an internal audit can also help identify anomalies and irregularities.
At Bishop Collins, we specialise in conducting industry-customised company audits to help you identify pain points and safeguard your company.
Screen Your Employees
Business owners need to vet all prospective employees to reduce the risk of falling victim to internal fraud. That means always following through on references, conducting background checks, reviewing social media, and a comprehensive interview process.
External fraud is when a business is the victim of someone outside of its organisation. We commonly hear of hackers sending phishing emails, suppliers who lie about the work they did or services provided, and sadly, customers who attempt to return imitated or stolen products.
We can categorise external fraudsters into three main types.
Unless you’ve been living under a rock, you will not need an introduction to hackers and the effect they have on businesses. Hackers target not only large, listed entities but also smaller enterprises and government agencies.
Recent examples include an Australian personal loan and financial service provider, affected by a data breach that impacted 14 million customers in Australia and New Zealand. The data breach was initiated after the credentials of an employee were stolen.
Similarly, a large telecommunications company and health insurance company fell victim to hackers through ineffective credential management of users and multi-factor authentication.
In both of these cases, the hackers sought a ransom from the companies that fell victim to the theft of customer data. For this reason, keeping up with strict and active cybersecurity efforts is paramount.
Another type of fraudster from outside the business can be in the form of a supplier (vendor) to the business. This applies to new and existing suppliers of the business.
Vendor fraud is a type of malpractice used by fraudsters to scam a company’s accounts payable department into paying a vendor, or sometimes multiple vendors, for amounts not rightfully earned.
Sometimes, the fraudulent activity is orchestrated by a vendor acting alone. Other times, sadly, it is carried out with the assistance of an employee.
Supplier fraud takes many forms, some of the most common including:
- Fictitious supplier: In this arrangement, an employee submits a payment request from a non-existent supplier or an actual supplier that never delivered any goods or services.
- Duplicate invoice payments: This happens when an employee duplicates invoices from a legitimate vendor, with the plan of diverting payments to an account under their control.
- Over-billing: An over-billing fraud scheme occurs when a vendor inflates the price or quantity of items on an invoice by adding items they never delivered or higher prices of delivered goods.
- Bid-rigging: Bid rigging is a fraud scheme that involves a supplier offering compensation (or financial benefit) to an employee with a strong influence to secure a contract and supplier payment.
- Price-fixing: Price-fixing happens when two or more vendors conspire to fix the cost of a contract at a price higher than normal. The business is left with no choice but to work with an inflated cost.
One of the most common types of fraudsters, and one you may have seen in day-to-day life, are customer fraudsters. When a customer returns an item to a business to get a refund or credit, this is referred to as return fraud.
Return fraud encompasses a variety of fraudulent return practices, such as wardrobing or renting, counterfeit returns, price tag flipping, and returning stolen goods.
- When a buyer buys something with the idea of using it just once and then returning it for a refund, this is known as wardrobing or renting.
- Exchanging price tags is considered as returning counterfeit goods while returning fake products falls under the returning counterfeit commodities category.
- Returning items that have been stolen from a retailer is referred to as returning stolen goods.
These frauds have a significant financial cost to businesses, particularly those in the retail sector. While customer fraud can often be easier to catch or detect than other types of fraud, it’s still a sticky situation when dealing with Australian Consumer Law and the old adage of ‘the customer is always right’!
Responding to External Fraud
Concerning external fraud, the emphasis lies on proactive prevention rather than reactive solutions – the same as internal fraud. Luckily, we have several actionable insights to minimise your susceptibility to external fraudulent activities.
Implement a supplier management platform or protocol. Supplier management is the process of supporting and empowering vendors through establishing and nurturing long-term relationships.
This includes finding and choosing the right vendor for the company’s needs, controlling the costs and supplier risks, and paying for the services and goods consumed.
We said it before, and we’ll say it again – it’s rarely a good idea to leave one person in charge of your business’ internal controls. Segregate the initiation, review, approval, recording, and disbursement functions between different roles.
Importantly, implementing supplier matching protocols reduces the likelihood of fraud. This is achieved by matching supplier invoices to other documents such as purchase orders, payment receipts, inspection slips, delivery dockets, and so on. This is also referred to as ‘the three-way match’.
Screen Employees and Conduct Employee Training
It’s important to run background checks to identify relationships between employers and suppliers. Similarly, businesses should ensure employees are aware of policies, procedures, and protocols.
Ensuring documentation is produced and reviewed and not entering into transactions with incomplete or inconsistent information. This applies to both working with suppliers and serving clients and customers.
Protect Your Business Against Fraud
Fraud arising from dishonest behaviour not only undermines profits, operating efficiencies and reliability, but it can also severely damage an organisation’s reputation. Fraud may be on the increase, but with the right management and approach, you can reduce the likelihood of your business falling prey to fraudsters.
An external or internal audit certainly helps deter fraudsters. Used in conjunction with a carefully designed and effectively operating internal control environment offers greater protection for a business against fraud.
For an obligation-free chat, get in touch with the Bishop Collins team. We can assist you with audit and assurance services, during which our experts will provide advice and guidance on how to protect your business against fraud, or how to deal with any fraudulent activity you suspect.
Remember, prevention is key – don’t wait to safeguard your company until it’s too late!