Stopping internal financial fraud in its tracks
Analytics technology that makes finance smarter has become user-friendly and cost-effective, delivering exponential return on investment.
Recent court cases have highlighted the risk of accountants and finance department staff using their position of trust to defraud their companies of millions of rands.
In one, a former accountant was convicted of stealing R537 million from her employer over a period of 13 years by duplicating invoices. In another, a former executive assistant and office administrator changed supplier banking details to her own and stole over R15 million from her employer in five years. An accountant, arrested in the Eastern Cape, allegedly diverted over R11 million of a retail store's funds into his own account over two years.
An accountant, in KwaZulu-Natal, was sentenced to 15 years in prison for defrauding his employer of R7 million over a period of 10 years by transferring cash from his client's account to his own. A former state-owned enterprise accountant has been ordered to repay over R500 000 he defrauded from his employer by using fake invoices. And late last year, a former junior accountant was charged with stealing R53 million from her employer by creating − and paying − fake vendors in 90 transactions over a period of seven years.
What surprises many people is how long the culprits get away with their actions. The fact that fraud is being committed is not quite as surprising: PwC's Global Economic Crime and Fraud Survey 2022 revealed that 51% of global organisations surveyed had fallen victim to fraud in the past two years.
The majority of this fraud was committed by external parties, but internal stakeholders present a significant risk. In the 2020 survey, 60% of South African organisations surveyed had fallen victim to fraud in the past two years and 34% of internal frauds were perpetrated by senior management.
Using data analytics software, the testing of transaction patterns, flagging anomalies and detecting outliers comes out of the box.
Since there is no register of fraud, organisations do not have to disclose these crimes. This means much of what we see in the public domain is anecdotal, or when culprits are caught.
However, what is clear is that as technology gets more sophisticated, so do the fraudsters. There is an increase in phishing and business e-mail compromise. The economic situation in South Africa is putting more people under pressure, and with some teams still working remotely, there is less in-person checking − so attempts at fraud are higher.
Internal fraud may occur when employees find a gap in financial controls and start very small to see if they can get away with it. They may make a R100 'mistake' initially. If it isn't discovered, the R100 can grow to millions over years, and the fraud process may become part of the organisation's normal transaction patterns, making it harder to discover.
Fortunately, there are more sophisticated tools readily available to allow finance departments and auditors to check things more thoroughly. Many organisations, auditors, and CFOs themselves, don't fully understand the benefits of these tools, and there may also be misconceptions around the cost and resources needed to bring advanced analytics into the CFO's domain.
However, the technology allowing the finance department to run analytics has advanced dramatically, becoming user-friendly and cost-effective, and delivering an exponential return on investment.
The use of data analytics helps finance departments identify and stop attempts at fraud as they happen, so they don't have to wait months for external auditors to flag them.
For example, in recent fraud cases in the news, attempts at duplicate payments could have been identified by automatically checking for duplicated payment amounts, dates or invoice numbers. It can be difficult for accountants to spot anomalies in huge transactions and massive amounts of data.
Using data analytics software, the testing of transaction patterns, flagging anomalies and detecting outliers comes out of the box, making it easy for the CFO to focus their attention on the appropriate areas and transactions to investigate.
Some internal fraudsters have successfully stolen millions by taking small amounts from every account on the debtor's book. If a business traditionally does high-value transactions, data analytics software again offers users a normal distribution of their transactions and would pick up high-volume, low-value transactions out of the box.
It exposes normal patterns and any anomalies against the typical transaction patterns − for example, it will identify transactions taking place over the weekend when the business isn't open, or pick up that the wrong person with the wrong role was the second approver.
With the appropriate tools in place, changes in supplier bank details can be checked monthly before any payments are made. Organisations can also run a list of supplier bank details against employee banking details to enable them to detect where employees might be committing fraud in transferring stolen funds to the same account their salary is paid into.
Equally so, data analytics software can compare payroll information, such as names and addresses, and use sophisticated matching techniques to determine if supposed suppliers are in actual fact masking as employees attempting to defraud their employer.
As crime and fraud increases, finance needs to become more proactive, armed with smarter tools to mitigate risk and support compliance. They need to check for anomalies and changes, and check often, because checking something once doesn't mean fraud risk is adequately managed.
Risk management needs to be empowered with tools that enable periodic assessments of fraud analysis as part of an automated regular daily, weekly and monthly process − not just on an ad hoc project basis.
When the finance department harnesses smarter tools to mitigate risk, fraud attempts are identified and stopped faster, meaning no business needs to wait until the annual audit to find anomalies, or worse − suffer fraud and theft for years before it is discovered.
For auditors, incorporating advanced analytics into the entire value chain makes risk assessment, risk management and reporting more efficient, and ultimately enables it to become a more profitable audit firm.
Divisional executive, Caseware Africa, a division of Adapt IT.
Joseph is a Chartered Accountant (CA) SA with experience as a financial professional. She completed her articles at Grant Thornton − Kessel Feinstein and thereafter joined Investec in various roles, including divisional chief operating officer and chief financial officer. In 2013, Joseph was appointed chief operating officer of CQS Technology Holdings, which was subsequently acquired by Adapt IT.