SYS-CON MEDIA Authors: Pat Romanski, Liz McMillan, Yeshim Deniz, Elizabeth White, Courtney Abud

Blog Feed Post

Ten Early Warning Signs Of Fraud In Organisations

Anti-fraud consultancy UKFraud.co.uk (www.ukfraud.co.uk) has published a list of ten common early warning signs which could alert management that fraud may be occurring in their organisation. The list draws upon UKFRAUD.co.uk's substantial experience across an international client base, ranging from major financial institutions, public sector bodies and corporations to SMEs and non-profit making organisations. The list works on the assumption that whatever tools they use, be it IT based cons and false accounting or other traditional scams, the warning signs are often the same. As UKFraud.co.uk believes that awareness of the signs and a sound approach to countering them can often deter many opportunistic incidents of fraud, they have published the list here to help executives benchmark their own operations. In the list suggested actions that can be taken to counter the risk of fraud are given following each sign. The early warning signs can include:

1. ERRATIC REPORTING: This sign is just as applicable to suppliers and contractors as it is to internal departments and functions within the organisation. Erratic, incomplete, late or excuse laden management reporting is often a classic sign that something is wrong. One of the possibilities is the existence of fraud. Further investigation will reveal that lip service and increasingly tenuous explanations are given assertively to thwart follow up activity. Common excuses used are often the frequent occurrence of IT failures, technology compatibility issues between different company systems or international systems. It is also often the case that once reports are complete; there are typically delays in them reaching those who need to review the data.

ACTION: Insist on up-to-date reporting, within a set timetable and then build this into the internal GRC (Governance Risk and Compliance) systems. Wherever appropriate adopt an enterprise-wide approach to technology to help with systems issues.

2. APPARENT PROCESS LAZINESS: A weakening of anti-fraud and data security systems can happen naturally, over time; and is normal - especially when things get busy. This occurs where the sage precautions and risk-avoidance measures get by-passed or ignored in practice as time goes by. This could just be the natural adjustment of systems to the practicalities of working life and busy peaks or it could be deliberate and sinister. However, with the seemingly right processes in place, top level management are often lulled into a false sense of security that they are actually being used, whilst the fraudster is busy at work getting around them.

ACTION: Make sure you implement the suggestions of your internal compliance managers and organise appropriate training to reinforce attitudes and practise. Ensure that the control processes, especially in tendering, purchasing, invoicing and customer controls and identifications are ALWAYS kept strong, managed and regularly reviewed. Where systems/processes are under pressure when used in practise, introduce a review process - and then adapt them promptly.

3. ORGANISATIONAL CHANGE AND THE DESIRE TO DUMP DATA: A major indicator can be the act of deletion or pressure on staff to delete, remove or otherwise dump past records following a restructure, a new division launch, a JV or acquisition. An excuse of, "oh I'm sorry those files were destroyed." should be cause for alarm. It will be an even bigger problem where international operations are involved as it's far harder to find or recreate evidence in a foreign territory.

ACTION: Take care to establish and log where paper documents are and when they should and should not be stored. Identify who is in control of the system processes and who is responsible for and has ownership of the records. They are not always the same person of course. Ensure that scanning, and indexing works properly and that no-one can intercept/edit documents. Also ensure that storage capacity is enough and controlled properly. Where acquisitions and mergers are concerned, ensure that all documents are available and stored appropriately and securely, especially those that relate to IP protection, IP development records, audit trails and staff contracts. In particular, if you are acquiring a business make sure that you have indemnities/penalty clauses built into the acquisition agreements that relate to the availability of data, logs, audit trails and so forth.

4. DATA INCONSISTENCIES OR ABSENSE IN THE ARCHIVES: Whether it is archive data or cross reference checks that are missing or wrong; factual inconsistencies will also occur naturally. The cheats who seek to defraud an organization will use the possibility to explain such inconsistencies and hide their fraud.

ACTION: Make sure that all files are electronically stored, with appropriate back-ups as part of your compliance systems and that no-one has the access to any files that include a DELETE capability. It is also worth having internal or external auditors sample check key files from time to time as a part of the audit programme. In addition arrange for the HR department to make it a gross misconduct issue to destroy data without recorded approval from above. This may not deter the fraudster but if nobody else is doing it the fraudster is more likely to be spotted at an early stage.

5. AUDIT-TIME DELAYS: Excuses, confusion or wild goose chases when disclosing to auditors, be they internal or external, can be a telltale sign too. We need to remember though that the audit team is not there to find fraud, rather to ensure that the correct processes are in place that will deliver appropriate protection.

ACTION: Ensure that everyone treats audits as important and make sure that they are completed on time and properly, and with appropriate audit skills. Where there have been delays or difficulties investigate why this was the case by drilling down into the detail. Make sure that the business critical and financial exposure areas take a priority and act upon all failings both quickly and completely; with follow-up audits if necessary.

6. BEHAVIOURAL ANOMALIES: These can range from acute defensiveness and resistance to attending review meetings, through to blaming strategies or even aggression when specific questions are asked about processes or figures. These behavioural anomalies have probably already been noticed through the assessment process or by HR staff. Research shows that internal fraudsters are most likely to be either 'youngsters who cut across the processes and systems' or 'middle aged executives with the authority and a gripe'.

ACTION: Get HR more closely involved. Then if you still have concerns about such people upon closer inspection, all the relevant files need to be pulled and checked, or you might even consider a private investigator to look deeper into the processes used by such high risk people.

7. GOSSIP MONGERS IN OVERDRIVE: Staff whispers and rumours "that all is not right" should always be taken seriously. These are, however, so often overlooked by senior management.

ACTION: Listen, take all such rumours seriously and investigate the reality.

8. TWITCHY NON-EXECS: Good non-execs provide a considered, independent and external perspective. Often they bring in specific expertise from outside the board's immediate experience and their skills can vary from financial knowledge through to IT. When their comfort factor 'goes south' or when they have a 'bee in the bonnet' about something that does not add up or make sense, they often have good reason to worry. So must you.

ACTION: It is always good for the business to maintain a fresh supply of new thinking, new approaches and new concerns. Thus if non-execs have concerns about particular issues, one should fund their thinking by allowing them to bring in the appropriate specialist experts that can investigate matters more deeply.

9. UNOFFICIAL IT WORK: Technical staff working around the enterprise conducting unsupervised IT activity often outside normal hours, can also be a worrying sign, both from a risk and a cost perspective. Not every company is large enough to have a full IT department that might spot such issues through system audit trails. This is more common in smaller organisations where some are working more to help themselves than to help the organization that is paying for their IT equipment and the software they use.

ACTION: Do the IT security staff look and think further than just password expiry issues? Make sure that someone is on the look out for data-theft, IPR theft, time theft (people spending all day on facebook etc.), or simple theft of IT assets. Make sure you have a proper asset register and IT audit system in place.

10. SCAPEGOATING: Where people are given a title but without actual responsibility, it can effectively cover up what is going on with those who do have responsibility or power in a situation. The fraudster's hope is that should the balloon go up the scapegoat takes the blame, at least long enough for records to be destroyed and evidence removed.

ACTION: Make sure that you have strong and cascaded accountabilities. Ensure that people know what they should be doing, and that they are doing what is required of them. Make sure that everyone is contributing to the business objectives. Make sure HR is involved in creating or reviewing job specifications.

UKFraud.co.uk believes that by introducing a series of straightforward and cohesive processes and systems, organizations can greatly reduce the risk of fraud and in doing so, alert management to the early warning signs, should they be prevalent.

Says Bill Trueman CEO of UKFraud.co.uk "My first question is always to ask executives 'do you really know how safe your own organisation is?' Some do reply confidently. Most do not. Fraud can happen anywhere, anytime, but it is relatively straightforward to deter or discover at an early stage with the right systems and procedures in place. However, putting those systems in place and more importantly maintaining and updating them over time is the hard bit. There are always conflicting priorities and constraints in any organization. By averting or saving fraud losses though, organisations can protect their bottom line from taking an unexpected hit. However, only by having a cohesive anti-fraud strategy as part of the core management culture of the organisation is this be possible. There are generic anti-fraud processes and systems systems that can help support any strategy introduced and consultants such as UKFraud.co.uk are on hand to help introduce the required checks and procedures if required.

"It is our hope that having published this list, that those who read it might at least ask themselves if they recognise any of the signs in their own organisations. We hope too that it might help make things that much harder for the fraudster."

Those companies who have read the list and are worried that fraud may exist in their organisation can contact UKFraud.co.uk's help-centre by sending an email to [email protected].

Ends

About UKFRAUD.co.uk (www.ukfraud.co.uk)
UKFRAUD.co.uk is a leading UK based consultancy, with an impressive international track record of eliminating the risk of fraud. Its founder Bill Trueman is widely accepted as one of Europe's leading fraud experts and a frequent commentator and writer on the issues involved. Trueman has extensive experience of the banking, insurance and the financial services sectors and is a thought leader at the forefront of many industry wide and international debates.

For further information, please contact:
Bill Trueman
UKFRAUD.co.uk
+44 20 8133 7575
[email protected]

Or

Leigh Richards
The Right Image
+44 844 561 7586
+44 7758 372527
[email protected]

Read the original blog entry...

More Stories By RealWire News Distribution

RealWire is a global news release distribution service specialising in the online media. The RealWire approach focuses on delivering relevant content to the receivers of our client's news releases. As we know that it is only through delivering relevance, that influence can ever be achieved.

Latest Stories
Isomorphic Software is the global leader in high-end, web-based business applications. We develop, market, and support the SmartClient & Smart GWT HTML5/Ajax platform, combining the productivity and performance of traditional desktop software with the simplicity and reach of the open web. With staff in 10 timezones, Isomorphic provides a global network of services related to our technology, with offerings ranging from turnkey application development to SLA-backed enterprise support. Leadin...
With the rise of Docker, Kubernetes, and other container technologies, the growth of microservices has skyrocketed among dev teams looking to innovate on a faster release cycle. This has enabled teams to finally realize their DevOps goals to ship and iterate quickly in a continuous delivery model. Why containers are growing in popularity is no surprise — they’re extremely easy to spin up or down, but come with an unforeseen issue. However, without the right foresight, DevOps and IT teams may lo...
Platform9, the open-source-as-a-service company making cloud infrastructure easy, today announced the general availability of its Managed Kubernetes service, the industry's first infrastructure-agnostic, SaaS-managed offering. Unlike legacy software distribution models, Managed Kubernetes is deployed and managed entirely as a SaaS solution, across on-premises and public cloud infrastructure. The company also introduced Fission, a new, open source, serverless framework built on Kubernetes. These ...
Emil Sayegh is an early pioneer of cloud computing and is recognized as one of the industry's true veterans. A cloud visionary, he is credited with launching and leading the cloud computing and hosting businesses for HP, Rackspace, and Codero. Emil built the Rackspace cloud business while serving as the company's GM of the Cloud Computing Division. Earlier at Rackspace he served as VP of the Product Group and launched the company's private cloud and hosted exchange services. He later moved o...
As you know, enterprise IT conversation over the past year have often centered upon the open-source Kubernetes container orchestration system. In fact, Kubernetes has emerged as the key technology -- and even primary platform -- of cloud migrations for a wide variety of organizations. Kubernetes is critical to forward-looking enterprises that continue to push their IT infrastructures toward maximum functionality, scalability, and flexibility. As they do so, IT professionals are also embr...
Kubernetes is a new and revolutionary open-sourced system for managing containers across multiple hosts in a cluster. Ansible is a simple IT automation tool for just about any requirement for reproducible environments. In his session at @DevOpsSummit at 18th Cloud Expo, Patrick Galbraith, a principal engineer at HPE, will discuss how to build a fully functional Kubernetes cluster on a number of virtual machines or bare-metal hosts. Also included will be a brief demonstration of running a Galer...
DevOps is under attack because developers don’t want to mess with infrastructure. They will happily own their code into production, but want to use platforms instead of raw automation. That’s changing the landscape that we understand as DevOps with both architecture concepts (CloudNative) and process redefinition (SRE). Rob Hirschfeld’s recent work in Kubernetes operations has led to the conclusion that containers and related platforms have changed the way we should be thinking about DevOps and...
Cloud-Native thinking and Serverless Computing are now the norm in financial services, manufacturing, telco, healthcare, transportation, energy, media, entertainment, retail and other consumer industries, as well as the public sector. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long development cycles that pro...
Docker is sweeping across startups and enterprises alike, changing the way we build and ship applications. It's the most prominent and widely known software container platform, and it's particularly useful for eliminating common challenges when collaborating on code (like the "it works on my machine" phenomenon that most devs know all too well). With Docker, you can run and manage apps side-by-side - in isolated containers - resulting in better compute density. It's something that many developer...
Technology has changed tremendously in the last 20 years. From onion architectures to APIs to microservices to cloud and containers, the technology artifacts shipped by teams has changed. And that's not all - roles have changed too. Functional silos have been replaced by cross-functional teams, the skill sets people need to have has been redefined and the tools and approaches for how software is developed and delivered has transformed. When we move from highly defined rigid roles and systems to ...
In a recent survey, Sumo Logic surveyed 1,500 customers who employ cloud services such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). According to the survey, a quarter of the respondents have already deployed Docker containers and nearly as many (23 percent) are employing the AWS Lambda serverless computing framework. It's clear: serverless is here to stay. The adoption does come with some needed changes, within both application development and operations. Th...
Kubernetes is an open source system for automating deployment, scaling, and management of containerized applications. Kubernetes was originally built by Google, leveraging years of experience with managing container workloads, and is now a Cloud Native Compute Foundation (CNCF) project. Kubernetes has been widely adopted by the community, supported on all major public and private cloud providers, and is gaining rapid adoption in enterprises. However, Kubernetes may seem intimidating and complex ...
xMatters helps enterprises prevent, manage and resolve IT incidents. xMatters industry-leading Service Availability platform prevents IT issues from becoming big business problems. Large enterprises, small workgroups, and innovative DevOps teams rely on its proactive issue resolution service to maintain operational visibility and control in today's highly-fragmented IT environment. xMatters provides toolchain integrations to hundreds of IT management, security and DevOps tools. xMatters is the ...
If you are part of the cloud development community, you certainly know about “serverless computing,” almost a misnomer. Because it implies there are no servers which is untrue. However the servers are hidden from the developers. This model eliminates operational complexity and increases developer productivity. We came from monolithic computing to client-server to services to microservices to the serverless model. In other words, our systems have slowly “dissolved” from monolithic to function-...
CoreOS extends CoreOS Tectonic, the enterprise Kubernetes solution, from AWS and bare metal to more environments, including preview availability for Microsoft Azure and OpenStack. CoreOS has also extended its container image registry, Quay, so that it can manage and store complete Kubernetes applications, which are composed of images along with configuration files. Quay now delivers a first-of-its-kind Kubernetes Application Registry that with this release is also integrated with Kubernetes Helm...