An overview of the fraud threat to business, including the particular threat posed by electronic funds transfer fraud

Similar documents
Identity theft and abuse of information in fraud and corruption

Anti-Fraud Policy. Version: 8.0 Approval Status: Approved. Document Owner: Graham Feek. Review Date: 07/12/2018

INTERSERVE PLC POLICY ON FRAUD

University Fraud Policy

Anti-Fraud Policy Date: Version: Review Date:

Revenue Scotland Counter-Fraud Policy

POLICY: FRAUD PREVENTION. October 2017

Fraud Control Framework

The University has no tolerance of bribery and fraud and will take appropriate action to prevent it in respect of its activities.

This document sets out the University s position on Fraud and Bribery and its framework for addressing the Bribery Act Scope

EXHIBIT A IDENTITY THEFT PREVENTION PROGRAM

FRASER & NEAVE HOLDINGS BHD

Circular to All Securities Dealers Segregation of Duties

University of Connecticut IDENTITY THEFT PREVENTION PROGRAM

Middlebury Institute of International Studies Identity Theft Prevention Program

THE KEMNAL ACADEMIES TRUST. Gifts and Hospitality Policy (including fraud, bribery and corruption)

Fraud, Bribery and Corruption Control Policy

Good From The Inside Out. Saturday, April 8, 2017

ANTI BRIBERY FRAUD AND CORRUPTION. RES-CG-003-V02 Anti Bribary, Fraud and Corruption If printed this document is uncontrolled

ANTI FRAUD, BRIBERY AND CORRUPTION POLICY

Whistle-Blowing Policy

Middlebury College Identity Theft Prevention Program

ANTI FRAUD POLICY AND FRAUD RESPONSE PLAN

HUMAN CAPITAL FRAUD AND CORRUPTION PREVENTION

Crime Coverage Section Application (Large Public Company > $1B revenues)

Technical factsheet Matters of material significance reportable to charity regulators

ANTI-BRIBERY & CORRUPTION POLICY

A Review of Actual Fraud Cases in 2017 FRAUD REVIEW

Last Updated: 1 February 2018 To be reviewed: Annually

Internal Audit Report

Describe Fraud in the Context of Financial

ANTI-FACILITATION OF TAX EVASION POLICY

Fraud and corruption prevention and control policy of the International Federation of Red Cross and Red Crescent Societies

City of Burleson, Texas PROCUREMENT CARD POLICY

APPLICATION FOR FINANCIAL INSTITUTION BOND FOR INVESTMENT FIRMS NON-CUSTODIAL INVESTMENT ADVISORS (FIRST PARTY)

POLICY: FRAUD INVESTIGATION. October 2017

The Interagency Guidelines on Identity Theft Detection, Prevention and. Mitigation, commonly referred to as the Red Flag Rules, require each financial

FRAUD & THEFT POLICY & RESPONSE PLAN

Proper management of your account will safeguard both your finances and those of the wider community

ANTI-FRAUD AND CORRUPTION POLICY

Financial Procedures and Controls

Whistle-Blowing Policy

JOSEPH GALLAGHER LTD CRIMINAL FINANCES ACT (ANTI-TAX EVASION) POLICY. Introduction

Identity Theft Prevention Program

Delivering Confidence PAGE 1

Anti-facilitation of Tax Evasion Policy

B. The College is considered a "creditor" under the Red Flags Rule because it defers payment for services rendered.

Identity Theft Prevention Program. Approved by the Board of Trustees on February 20, 2009

Guide for Effectively Managing Trust Safety Risk

Approval version. G l o b a l P o l i c y : F r a u d R e s p o n s e a n d W h i s t l e b l o w i n g P o l i c y. Board of Directors.

MMAAA Annual Meeting. Conducting an Investigative Audit June 13, Presented by: John J. Sullivan, CFE Melanson Heath

ACQUISITIONS AND PAYMENTS CYCLE

Anti-Bribery and Corruption Policy. Viva Energy Group Limited (ACN )

November 2017 ICPAK FORENSIC AUDIT SEMINAR

Internal Audit Report DOLLIS JUNIOR SCHOOL 27 March 2017

The Co-operative Academies Trust Anti-Fraud and Anti-Bribery Policy. Approved by the Trust Board on 21 April 2016 Implementation from 22 April 2016

Heerema Marine Contractors

Templeton Municipal Light and Water Plant

Clarion University Identity Theft Prevention Program

Financial Institutions Bond Application Form 15 for Mortgage Bankers and Finance Companies New Business Application

Anti-fraud and Corruption Policy

FRAUD POLICY. Fraud is a serious matter and the Trust is committed to investigating all cases of suspected fraud.

ANTI-FRAUD, BRIBERY AND CORRUPTION POLICY AND STRATEGY THE VIEW TRUST

HOW TO SPOT AND MITIGATE FRAUDULENT ACTIVITIES

FRAUD PREVENTION POLICY

POLICY APPLICATION for COMMERCIAL and GOVERNMENTAL ENTITIES

Anti-fraud Policy. 1. Introduction

Asset Misappropriation. Peter N. Munachewa, CICA, CFIP, CFE

British Council s Counter Fraud Cases *

(No., Street) Present Crime Insurance Program: (Include primary AND excess, if applicable) If not applicable, please check here:

Anti-Money Laundering and Counter Terrorism

ANTI-MONEY LAUNDERING AND COUNTER TERRORISM FINANCING PROCEDURE MANUAL. Fcorp Services Ltd

FRAUD ALERT! Cyber-Crime Impact on IDENTITY THEFT ACCOUNT FRAUD. n Minimize Risk n Vigilance Works n Fraud Prevention Tools

Last updated 14 June, Internal Financial Controls Guidelines for Charities

Financial Transactions and Fraud Schemes

Identity Theft Prevention Program Lake Forest College Revision 1.0

Financial Regulations Manual

THE CORPORATION OF THE CITY OF WINDSOR POLICY

Conditions of Use and Credit Guide

California State University Bakersfield Identity Theft Prevention ( Red Flag ) Implementation Plan

Global Policy on Anti-Bribery and Anti-Corruption

POLICY: Identity Theft Red Flag Prevention

ANTI-FRAUD STRATEGY INTERREG IPA CBC PROGRAMMES BULGARIA SERBIA BULGARIA THE FORMER YUGOSLAV REPUBLIC OF MACEDONIA BULGARIA TURKEY

Investment Funds Transfer Audit. October 03, 2008

Identity theft detection, prevention and mitigation policy. (a) : policies and procedure for student records;

NON-PERSONAL SAVINGS ACCOUNT CONDITIONS. Effective from 13th January 2018.

SOMERVILLE HOUSING AUTHORITY ANTI- FRAUD POLICY. April 3, 2013

TITLE II ADMINISTRATIVE REGULATIONS IDENTITY THEFT PREVENTION PROGRAM

FINANCIAL STATEMENT FRAUD: DETAILED LOOK AT UNCOVERING CREATIVE ACCOUNTING FRAUD: P R E S E N T E D B Y : J O H N E K A D A H

SAFEGUARDING YOUR CHILD S FUTURE. Child Identity Theft. Protecting Your Child s Identity

Financial Regulations

CHAPTER XII INTERNATIONAL OFFICE & STAFF

Presentation for: Counter Fraud Training Session. Friday 26 th April 2013

Data Protection Policy. Newbury Academy Trust

Sample Fraud Policy. Statements

NEVADA SYSTEM OF HIGHER EDUCATION PROCEDURES AND GUIDELINES MANUAL CHAPTER 13 IDENTITY THEFT PREVENTION PROGRAM (RED FLAG RULES)

16 CFR Duties regarding the detection, prevention, and mitigation of identity theft.

Policies and Procedures. Code of Ethics Policy

October 19, Board of School Directors North Hero School District c/o Grand Isle Supervisory Union 5038 US Route 2 North Hero, Vermont 05474

CSU. ICSUAM Section 6000 Financing, Treasury, and Risk Management

Transcription:

An overview of the fraud threat to business, including the particular threat posed by electronic funds transfer fraud Every business is susceptible to fraud But some are more susceptible than others. That s because many business owners have weak accounting and financial skills, which means that they delegate control over the procurement and accounts payable functions to secretarial and accounting personnel. On top of that - whereas some companies are well aware of the risks posed by fraud and theft to their businesses and have strong anti-fraud measures and controls in place, including well-demarcated segregation of duties, independent reconciliations, and regular oversight and review - many companies rely heavily on trusted individuals, and there is often poor or non-existent segregation of duties and a complete absence of independent review over accounts and reconciliations. This makes it easy for dishonest personnel in companies to not only misappropriate funds, but to also cover their tracks and avoid detection. It s difficult to quantify the extent of fraud and theft in the business world for a number of reasons. In some cases the plundering of company funds goes totally undetected, in others it simply goes unreported. This non-reporting of fraud and theft may, of course, be down to the stigma and reputational harm that goes with admitting that internal systems and controls have been breached. Companies are, understandably, reluctant to disclose the fact that their own funds, as well as those of their customers and clients, are potentially at risk. Yet the failure on the part of directors, executives and managers of companies that have experienced fraud or theft to report certain criminal offences can amount to a criminal offence. In terms of Section 34 of the Prevention and Combating of Corrupt Activities Act (Act 12 of 2004), any person who is in a position of authority and who knows, or ought reasonably to have known, or even suspects that an act of fraud, theft, extortion, forgery & uttering or corruption involving an amount exceeding R100,000.00 has occurred, must report such knowledge or suspicion to the SA Police Services. But despite this criminalisation of nonreporting, what often happens when fraud is detected is that the accounting or secretarial personnel implicated in the irregularity are simply dismissed or asked to leave. This can, of course, have terrible consequences for the wider business world, as the dishonest employees may simply move on to other companies. Where they are very likely to do the same thing. Companies must therefore properly check the criminal histories of employment candidates (with the consent of the applicant) prior to their appointment to positions of trust. They must also do proper reference checks to ensure that they are not inheriting dishonest staff. It is equally important for companies to know that their accounting and/or secretarial staff members who may well have access to company or customer/client funds - are not experiencing extreme financial pressure. Regular proactive credit vetting, which is permissible

2 to address the fraud risk in terms of the regulations to the National Credit Act of 2005, is therefore imperative. A checklist comprising possible red flags to look out for and best practices to prevent fraud appears below. The checklist is particularly relevant to small and medium-sized businesses, where there is no segregation of duties, little oversight, and where accounting responsibilities may be concentrated in the hands of a small number of individuals. Companies that deal with trust or other client funds are particularly susceptible to fraud and dishonesty, and they need to be ultra vigilant.

3 The psychological process behind fraud Before fraud takes place there is usually a convergence of a number of factors. These factors are described as pressure and opportunity, followed by a process of rationalisation. Consider the following checklist when evaluating staff: PHASE ONE: PRESSURE TO COMMIT FRAUD Fraud risk indicators or red flags Yes (Give Details) No Does the company screen all new employees for criminal history or bad credit record? Ensure that employment application forms ask questions relating to criminal record and bad debt. The form should warn applicants that the company will verify information and that submission of false information may lead to dismissal. Do staff members enjoy lifestyles that are not commensurate with their income? expensive cars, luxurious houses or holiday homes, private schooling for children, frequent or extravagant holidays. Are staff members financially stressed? Has the company noted creditor s demand letters being delivered? Are there regular telephone calls or messages to particular staff members from debt collectors? Are there a large number of emolument attachment orders on payroll? (Garnishee orders)?

4 Are there employees whose personal circumstances may place them under financial pressure? Are there employees who have recently divorced? Are there employees who are involved in extra-marital affairs? Are there staff members with dependency problems? Gambling, Alcohol, or Drug problems. PHASE TWO: OPPORTUNITY TO COMMIT FRAUD Internal controls Do many people have transactional authority? Are these authorities consistent with job descriptions and/or requirements? Is there appropriate segregation of duties as well as independent oversight regarding payments and reconciliations? Are accounting staff properly trained to service the internal accounting needs of the business? Are payments streamlined? Can the staff member processing EFT payments access supplier banking details? Are they able to amend banking details without director/management authorisation? Is the person who creates the invoices the same person who attends to the credit notes? Do all staff members declare their interests? (external business links and/or directorships) Are the activities of all staff reviewed regardless of seniority?

5 PHASE THREE: RATIONALISATIONS FOR COMMITTING FRAUD Are there staff members who are disgruntled with the business? staff members who verbalise that they are worth more than the company is paying them, staff overlooked for promotion, staff who have not had an annual salary increase, staff under performance management. Are regular performance assessments held where these issues are addressed? Fraud syndicates have discovered that many businesses are soft targets for fraud Many businesses have been targeted by fraud syndicates who will intercept an invoice in the post and then forward an adapted invoice with amended banking details to the customer. The customer will then make payment to an account that has just been created for fraudulent purposes. The fraudulent invoice is usually sent per facsimile to the customer and followed up with phone calls demanding immediate payment. Because the syndicate has intercepted the original invoice, the details of the amount owed and the goods supplied or work performed are completely accurate, making the fraudulent invoice appear legitimate. By the time company s own credit controllers query the nonpayment of the amount owed by the customer (at which point the fraud is discovered), the funds in the fraudulent bank account have been withdrawn and the syndicate has moved on. Consider the following checklist when evaluating your internal controls. The external EFT syndicate threat Check Comments Are customers notified that the company has not amended its banking details? Are customers supplied with key contacts with whom to liaise to verify account details and check payment requests?

6 Are customers notified that genuine company invoices are only distributed in a certain format; customers will not ordinarily be sent facsimiles or photocopies? Are authorised signatories attached to relevant documents? For large transactions, are two authorised signatories required from directors/management in different departments? Are spot checks conducted on company payments? Are random spot checks done where original invoices are viewed in order to ensure expenses are allocated correctly? Are electronic signatures verified with sample signatory lists (electronic signature scanners)? Are customer s banking details confirmed with cancelled cheques or a stamped letter from the bank? Are matters closely controlled by directors/management? Are there alerts in place indicating when a matter is linked to an entity in which a staff member has an interest?

7 EFT fraud is the latest threat to businesses in SA Electronic funds transfer (EFT) fraud is a recent phenomenon that has caused huge problems for South African businesses. EFT fraud is essentially the illicit electronic diversion of funds from the company s bank account to third parties to whom the funds are not due, usually involving manipulation of the accounting software programmes that are used to pay suppliers or service providers. When electronic funds transfers are made, banking systems in South Africa rely only on the account numbers to remit funds to the intended destination - the name of the entity being paid is not a critical factor. This creates opportunities for corrupt staff to create the illusion that they are paying legitimate suppliers, whereas in fact they are transferring funds to themselves or friends and family. In larger companies the risk is that small amounts can easily be concealed amongst numerous daily transactions. In smaller companies the risk is that the accounting and procurement functions often reside in a single employee or a handful of employees, which makes the manipulation easier. Fictitious vendors can be created for services that are to be expected and, as long as the amount requisitioned for payment is consistent with the expected charge, directors or managers will ordinarily authorise the payment. Consider the following checklist when evaluating your internal controls. Check Comments Are payment requisitions supported by vouchers and invoices? Is there a confirmation procedure in place for goods or services that have been rendered? Does someone other than the party requesting payment, independently confirm proof of delivery or rendition of services? Is the sharing of passwords in the company a dismissible offence? (particularly applicable to passwords to the company s accounting system). Is there a regular system- generated password change?

8 Do staff safeguard their passwords? (Not written down in diaries or readily accessible to third parties). Are staff members educated on the risk of password abuse? Do staff members agree in writing that they will not compromise their passwords? Are compromised passwords immediately changed? Changes to supplier banking information should require director authorization Check Comments Is senior management/director authorisation a prerequisite for the amendment of any supplier bank account information on the system? Are software service providers consulted to ensure that a built-in early warning system for bank account changes is implemented? Is there sufficient confirmation information when registering a new vendor? (Note: cancelled cheque coupled to an invoice which reflects the banking and company registration information is not sufficient to prevent fraud.) Audit changes to bank account details at least once a quarter

9 Check Comments Does internal audit/finance management - in conjunction with the information technology department - audit changes to the banking system periodically? Is there a clear audit trail identifying users who have implemented changes to bank account details? If not, consult your IT service provider to create the requisite trail. Are amendments to banking details verified with the service provider and bank in question? The company should be able to insist on confirmation that the name of the account holder on their system matches the bank account number which has been adjusted) The vendor database must be cleaned Check Comments Are vendors screened before they are registered as suppliers to the company? The company should perform checks on suppliers to ensure that they are genuine and are not linked to staff members, and further that they have competence in their professed area of expertise.

10 Are there duplicate vendors on your supplier database? Duplicate vendors must be removed from the system as the duplicates are often manipulated for fraudulent purposes. Stringent checks on duplicate databases before removing them to ensure that there is no link to staff members Does your system automatically detect duplicate invoice numbers and amounts? Consult IT service provider to automate this check, or Perform manual checks. Are frequent and random reviews on EFT payments conducted? Be aware that often additional payments are slipped into the payment process without any paperwork. Questionable false invoices as well as previously paid invoices are used to make the fraudulent invoice look legitimate. Has an independent review of the company s anti-fraud controls ever been performed? If not, consult fraud experts for advice on additional proactive measures.

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback