In view of the recent data breach at Bupa, where an employee tried to sell the details of 547,000 clients on the dark web, Dave Kearns, MD of Expert Investigations, urges directors to protect their firms against internal fraud and theft
It’s time to face up to the hard fact that there will never be an end to internal fraud and theft as long as employees have the opportunity, the financial motive and the ability to rationalise their misdeeds.
The median loss from a single case of fraud for a company with more than 100 employees between January 2016 and October 2017 was $104,000 (£78,000), according to the latest Global Study on Occupational Fraud and Abuse by the US Association of Certified Fraud Examiners (AFCE). For firms with fewer than 100 employees, the figure was nearly double that: $200,000.
The incalculable reputational damage caused by employee dishonesty makes the risk to the bottom line even bigger. Despite this, the issue isn’t high on the boardroom agenda. Directors assume that all the people they recruit are honest – and that theft and fraud only happen in other businesses.
Smaller firms don’t have sufficient controls in place, according to the ACFE. It claims that only 20 per cent of SMEs have conducted fraud audits, which can cut the number of incidents by half. In short, their senior management teams are burying their heads in the sand.
Businesses tend not to be keen for fraud or theft to become public knowledge and will typically let a dishonest employee go quietly if they are caught. This approach doesn’t tackle the issue directly. Directors need to get a grip by making the necessary changes to prevent, detect and disrupt the internal threat.
The fraud triangle
The US criminologist Donald Cressey devised the fraud triangle in the 1950s to explain the reasons behind workplace fraud. His theory endures today, but its principles have been adapted to encompass all the elements of employee dishonesty, which range from absenteeism to bullying.
According to Cressey, three clear factors lead to fraudulent behaviour at work when they come together: opportunity, rationalisation and financial motivation. Employees may act dishonestly when they are given the opportunity, are able to rationalise their actions and are motivated by financial gain. Certain people will commit numerous dishonest acts in different organisations.
Getting a grip on internal fraud and theft
Employee dishonesty is a significant issue for SMEs, then, but preventing, detecting and disrupting the internal threat is a challenge for time-strapped directors. The first step involves recognising that there may be a problem and pushing it up the boardroom agenda. In this way, the risks can be considered, policies established and action plans created.
Once the penny has dropped, an effective way to deal with the financial and reputational risks is to adopt a practical three-tier approach:
* Have a specialist raise awareness of employee dishonesty among colleagues to put the issue firmly on the radar. Directors can then consider the problem in its fullness and introduce measures that will protect the company.
* Ensure that a professional vulnerability assessment is conducted, detailing the company’s weaknesses and highlighting how preventive measures can shut down opportunities.
* Ensure that staff members who are responsible for dealing with employee dishonesty are trained in how to interview suspects and present evidence that could be used to effect a dismissal or create a file for the police.
It’s also crucial to understand the range of lawful investigative actions that can be taken. These may include:
* Using surveillance, including covert vehicle tracking, to gather evidence.
* Obtaining statements of evidence and interviewing witnesses and suspects to confirm or disprove allegations.
* Using computer forensics or retrieving data from a suspect’s devices to discover whether they have stolen data, have altered files fraudulently or have been running their own business on company time, for instance.
* Running checks on job applicants’ social media profiles as well as business checks on employees who may be selling company property.
When directors understand the internal threat to their company and proactively manage this, they will reduce the opportunity for dishonest employees and so lessen the risk of a financial and reputational hit. Any preventive or disruptive methods they introduce will also help to make the detection process more effective and serve as a deterrent to potential fraudsters.
For further information about Dave Kearns and his work in fighting employee dishonesty, visit davekearns.co.uk