That is the stark reality for organisations across the UK and beyond that are failing to adequately safeguard against employees defrauding the company they work for.
There is a vast range of matters that could constitute internal fraud, from the minor theft of assets or inflated expense claims right up to major diversion of funds, accounting frauds or the exploitation of payroll or client data.
A recently published report by the Association of Certified Fraud Examiners (ACFE) laid bare the issue.
It found around half of all cases that occurred were due to a lack of internal controls and took place despite ample warning signs – an incredible 85 per cent of perpetrators displayed at least one behavioural red flag.
That could be a sudden change in lifestyle, a history of debt, replacing suppliers with organisations they have a connection with or showing an unwillingness to share duties, for example.
While businesses will of course vet new recruits before they begin work, very few of those found have committed fraud within their own organisation had previously been convicted – just 6 per cent.
The risk is real – there were 250 reports of internal fraud to the Northern Ireland Audit Office from 2018 to 2021, with the dangers seemingly increasing since the onset of COVID.
Dealing with fraud requires detailed investigation by those with adequate professional expertise in the matter, which may mean bringing in external advisers.
Considerations include whether the fraud is time sensitive – it may be ongoing, in the past or linked to an upcoming event.
You may wish for the investigation to be carried out covertly or in full knowledge of everyone in the organisation. If trying to keep knowledge of the investigation to a minimum, who should be brought into the circle of trust?
This calls into the question the integrity and objectivity of those ‘in the loop’ – an important consideration also for those carrying out the investigation itself.
Most important of all however is evidence as, of course, no wrongdoing can be proven without it.
Investigators need to consider where the evidence is, is it in hard copy or is it on an electronic device. Regardless of where it is, who owns it and is it accessible?
Once the evidence has been collected, it will require analysis in order to be meaningful, and its findings communicated.
The fallout to your organisation of internal fraud could be considerable.
Financial loss is obvious, but the damage can also be to the reputation of the business, while internally, staff morale can be impacted while a loss of trust within the organisation can have far reaching consequences.
That’s not to mention the financial penalties your organisation could face from regulatory authorities where the fraud relates to a data breach.
Preparation is key, either safeguarding your business from sustaining fraud in the future – or gathering evidence for an ongoing case.
Doing so with caution and attention to detail can help avoid a scenario in which you’re left counting the cost of internal fraud.
