Fraud costs the UK an incredible £190 billion a year. Sadly for businesses, they bear a significant proportion of this cost with £140bn of these losses being attributed to them.

What’s even more worrying is the 2019 Fraudscape report which provides statistics for fraud committed by employees. The report read:

“Dishonest action by staff to obtain a benefit by theft or deception was the most common type of internal fraud in 2018, accounting for 46%. The most prevalent form of dishonest action during the year was theft of cash from the employer.”

It continued:

“The second most common fraud type was theft of cash from a customer, which rose to 22% in 2018 compared to 17% in 2017.”

For businesses struggling to manage cashflow, fraud can have a devastating impact. Below we discuss what fraud is and how to identify and prevent it.

 

What is fraud?

What makes fraud different from mere theft is deception. A mugger may use violence to rob a victim of cash whereas a fraudster will achieve the same ends by quietly manipulating the system. As a result, fraud might take months or even years to detect.

Some of the most common types of fraud carried out by employees include:

Inventory skimming – taking items from stock for resale or personal use. For example, a bartender may take a good bottle of rum and replace it with a bottle refilled with a cheaper brand, or chalking it up as wastage.

Expenses fraud – claiming for taxi rides never taken using a handful of blank receipts provided by an obliging driver, or for meals never eaten by altering the date on an old restaurant bill.

Fake invoices – submitting invoices with the name of a supplier, or of a completely fabricated one, but with the fraudster’s own bank details, or those of an accomplice.

Procurement – awarding contracts not on the basis of suitability or value for money but to members of their own household, or to business contacts in return for a cut.

Credit cards – buying personal items with the company card, such as fuel, food or personal items.

These schemes rely on the employee having the chance and the employer lacking suitable controls and oversight. The good news is that with some common sense and good practice, fraud can be tackled.

 

Reducing the risk of fraud

There are some general principles which can help to reduce the risk of fraud in your business.

First, there’s the concept of ‘separation of duties’ which states that nobody should be in a position to, for example, raise a purchase order, sign off an invoice and authorise payment. At some point in that chain, somebody else ought to be involved, sense-checking the payment and scrutinising the details.

There’s also a point about culture: it needs to be established that nobody is above being questioned or challenged. If something doesn’t look right, your staff need to feel confident asking the finance director or any other board member to provide the necessary paperwork. This means overcoming the urge to growl at members of your accounts team when they ask awkward questions at awkward moments.

It’s also a good idea to think about how you might empower whistle-blowers in your firm. The Cifas report recorded an increase in fraud reported by staff, from 11% in 2017 to 17%.

If you give your employees a clear, easy route to blow the whistle on dishonest behaviour by their colleagues, many will.

Another important principle is the importance of documentation. This has become easier than ever in the age of cloud accounting and digital invoicing. It does however mean that every expenses claim needs a receipt, every payment needs an invoice and the decision to award any contract should be documented.

Finally, careful and constant monitoring of cashflow, frequent account reconciliation and sound financial reporting will give you the best possible chance of spotting anything amiss.

Owner-operators shouldn’t be shy about asking hard questions, or demanding to see evidence, especially where the numbers don’t look as they might expect.

 

Internal controls

Cifas claimed that the majority (54%) of fraudulent conduct by employees was detected by internal controls and audit.

Thinking about the specific types of fraud listed previously, how might systems and controls help?

In the case of inventory fraud, a regular stocktake by an experienced manager or expert freelancer should probably detect patterns (vodka is always down, but never whisky) or other indicators, such as broken seals on bottles or boxes.

Expenses fraud can be trickier to detect but you can automate certain checks. For example, you might have your accounts system highlight duplicate payments – how likely is it that two taxi journeys in one month would each cost exactly £13.18?

You might also want to flag round payments, which can indicate excessive rounding-up of tips.

At policy level, you can also make it compulsory for expenses to have detailed and specific descriptions – claims for ‘miscellaneous’ should always be eyed with suspicion.

Fake invoices can be detected through separation of duties, but it’s also good to insist that all invoices include a postal address, a phone number and details of any services supplied.

You may also consider automatically reviewing invoices over a certain threshold value, which is not only a way of detecting fraud but might also act as a deterrent.

Procurement fraud can again be tackled through separation of duties. No individual should be able to award a contract without oversight of colleagues.

In general, look out for instances of the same supplier frequently winning work and suppliers who share the same surname or address as the individual managing the tendering process.

Company credit card fraud can be avoided by moving to an expenses system and by scrutinising bills. Payments made over the weekend or during holiday periods are a particular red flag.

Another might be where an employee spends significantly more on fuel for their company vehicle than their peers.

The most important thing is to mitigate the risk of fraud in a systematic way – think about it, talk about it and if you have one, put it on your risk register.

 

Threats from outside

Employees aren’t the only risk to your business. With technology continuing to advance, cyber criminals are a huge threat to any organisation.

There are many different types of fraud doing the rounds including emails claiming to be from HMRC. These often look official and like they’ve come from a government email address which makes them very easy to fall victim to.

They often state that you’re due a tax rebate or that you haven’t paid your taxes in full. The aim is to steal your bank details or infect your computers with spyware, malware or ransomware.

If you’re ever in doubt about any communication you’ve received from HMRC, contact them by phone before giving away any details. Please only ever use the phone number on the official HMRC website.

There are also fake invoices which are dispatched to lots of businesses in the hope that a handful will be too busy or careless to check before paying.

Scams like this are best countered through awareness, staff training and IT policies – read up on the latest scams, talk them through with your team and make sure your system has up-to-date malware and virus protection. You can also have a read of our blog, ‘Tax investigations: the chances of HMRC choosing your business.

To read news and blogs from Steve Greehy, click here >>