When fraud occurs, it doesn’t normally just involve small amounts of money. An organization may suffer not only heavy material losses but also damage to its reputation. Hence anti-fraud policies are increasingly important in ensuring a safe organization with secure working practices. What is an effective anti-fraud strategy and how do you best manage fraud detection, management and prevention?
We spoke to Lode Barrezeele, partner at i-Force and lecturer in our Fraud Audit Master Class. “These days, we are asked to advise organizations on how to detect fraud. In the past, we were only asked for advice when the fraud had already taken place.”
A common mistake beginners make is trying too hard to impress their employer. “That is why findings are often magnified or misplaced in a different context. Moreover, it is remarkable that auditors who are educated in double-entry bookkeeping will continue to search for fraud in the bookkeeping rather than in the payment files.” For example, the account number to which a payment has been transferred will always be in the bookkeeping.
"It is remarkable that auditors will continue to search for fraud in the bookkeeping rather than in the payment files."
“This is how I once, in the space of just an hour, noticed in a file that hundreds of payments of 1.5 million euros had been transferred to the private account of a staff member. This was, however, not noticed by the auditor. Because debit and credit were always equal during the transfers, the sums did not stand out. It was labelled as ‘sloppy’, but not as evidence of fraud. It took us another three weeks to determine the accounting process of each payment to the private account.”
The impact of fraud
The impact of fraud on an organization extends beyond the financial dimension. Even the most charismatic CEOs feel exposed to ridicule whenever they are seen to be vulnerable to fraud. The emotional dimension is further amplified when the fraud involves a family business with only a handful of loyal employees. “I always carry a shock remedy in my briefcase, because most of the time the fraudster appears to be someone you would stake your life on.”
The most memorable experiences are the reactions of a client when a large fraud is exposed, where two years before you could not confirm an alleged fraud because of a lack of factual evidence. “If you say that both files have been investigated in the same way with the same tools, the client’s abashed expression will say it all.”
“I always carry a shock remedy in my briefcase, because most of the time the fraudster appears to be someone you would stake your life on.”
What is interesting is that the size of the sum is much less important. “The victim of a ten-thousand-euro fraud may react exactly the same way as the victim of a 4.5-million-euro fraud.”
Digitization now plays a pivotal role in the workings of fraud. Now that all of an organization’s data can be copied and put on a USB stick in the space of a few seconds, many employees often leave for a new employer, often a competitor, with considerable extra baggage. This can cause a lot of damage. In addition, the new GDPR-legislation ensures that if a company’s data is not maintained carefully and ends up in the public domain, the costs can quickly mount up, even if it happens without malicious intent.
"What people often overlook is the fact that the fraudster will already know these procedures and can thus bypass them."
Anti-fraud strategies are still at a very early stage. “People hope that fraud will be detected by their many internal control procedures. However, they overlook the fact that the fraudster will already know these procedures and can thus bypass them. They simply need to think up something original that will pass unnoticed, which is how they get away with it.” Thanks to the ACFE (Association of Fraud Examiners), there is now a special fraud-risk management guide available to help organizations focus on specific anti-fraud measures, according to the well-known COSO Approach.
i-Force specializes in fraud audit and has investigated over 1000 fraud files. “It is based on these cases, drawn from my own real-life experiences, that I teach at AMS. If we didn’t share these cases and could not learn from them, the program would be useless. Fraud is not something that inherently runs according to some kind of model.”
"Vroeg of laat wordt elke auditor weleens geconfronteerd met fraude en dan zal hij of zij moeten weten hoe deze het best wordt aangepakt."
Our Fraud Audit Master Class is tailor-made for any auditor, internal or external, interested in the concept of fraud. “Sooner or later every auditor will be confronted with fraud, and he or she will have to know how best to tackle it. Where does one find evidence? How does one organise fraud research? And crucially: could fraud have been prevented or could the extent of the fraud have been limited if it had been detected sooner?” The Fraud Audit Master Class focuses on a few ‘out-of-the-box’ tests that can detect fraud as quickly as possible. “The practical exercises ensure that every course participant experiences real fraud; dropping the participants in the middle of a fraud drives them to carry out their own research and to question the fraudster.”
“Elke deelnemer beleeft echte fraude aan de hand van praktische oefeningen waarvoor je zelf het onderzoek moet doen en de "fraudeur" moet ondervragen."
Through the sheer range of different backgrounds, the course participants also learn a lot from each other. “I notice that during breaks, the students enthusiastically exchange stories about their own experiences. Because of the unique nature of every fraud, I cannot help but learn from those cases too.” As previously mentioned, there is no “fraudster’s handbook”. Hence, experience is important, but the exchange of experience is the most vital of all. “It would be quite foolish not to learn from other people’s mistakes.”
“It would be quite foolish not to learn from other people’s mistakes.”