An overview of the fraud threat to business, including the particular threat posed by electronic funds transfer fraud



Similar documents
Controls should be appropriate to the scale of the assets at risk and the potential loss to the University.

GLOBAL PORTS INVESTMENTS PLC

ACCG Identity Theft Prevention Program. ACCG 50 Hurt Plaza, Suite 1000 Atlanta, Georgia (404) (404)

SCHOOLS FRAUD RESPONSE PLAN

City of Geneva. Draft Under Review Approved Obsolete. Policy Number: 1.0. April 27, Effective Date: Last Revised Date: Responsible Office:

CITY OF MARQUETTE, MICHIGAN CITY COMMISSION POLICY

CENTENARY COLLEGE POLICIES UNDER THE FAIR & ACCURATE CREDIT TRANSACTION ACT S RED FLAG RULES

Identity Theft Prevention Program

ACE elite fraudprotector

Identity Theft Prevention Policy

Fundamentals of Computer and Internet Fraud WORLD HEADQUARTERS THE GREGOR BUILDING 716 WEST AVE AUSTIN, TX USA

Payment Procedures. Corruption Prevention Department

Module # 2 Management/Key Employee Assessment

Protecting your business from some of the current fraud threats

POLICY ON FRAUD, MALPRACTICE AND IRREGULARITY

Accounts Payable Best Practices

Internal Control Systems and Maintenance of Accounting and Other Records for Interactive Gaming & Interactive Wagering Corporations (IGIWC)

How To Prevent Fraud On A Credit Card

IDENTITY THEFT AND MUNICIPAL UTILITIES

DOYLESTOWN FAMILY MEDICINE, P.C. IDENTITY THEFT PREVENTION PROGRAM TEMPLATE ADOPTED AND EFFECTIVE: APRIL 15, 2009 UPDATED:

Fraud Awareness Training

How To Use A Corporate Credit Card

Sobel & Co. s Nonprofit and Social Services Group presents. Your Organization is Vulnerable: The Facts About Nonprofits and Fraud

IDENTITY THEFT PREVENTION PROGRAM

UNIVERSITY OF MASSACHUSETTS IDENTITY THEFT PREVENTION PROGRAM

Identity Theft Policy

Identity Theft Prevention Program

ELKHORN RURAL PUBLIC POWER DISTRICT POLICY #1230. Identity Theft Prevention Policy

Table of Contents. 1 P a g e

716 West Ave Austin, TX USA

AGA Kansas City Chapter Data Analytics & Continuous Monitoring

Types of Fraud and Recent Cases. Developing an Effective Anti-fraud Program from the Top Down

Red Flag Rules: A Step by Step Guide to Developing a Prevention & Training Program

IDENTITY THEFT PREVENTION PROGRAM

Identity Theft Prevention Program

NEVADA SYSTEM OF HIGHER EDUCATION PROCEDURES AND GUIDELINES MANUAL CHAPTER 13 IDENTITY THEFT PREVENTION PROGRAM (RED FLAG RULES)

Purchasing Card CARDHOLDER MANUAL

Fraud and the Government Internal Auditor

ANTI-FRAUD POLICY Adopted August 13, 2015

Wake Forest University. Identity Theft Prevention Program. Effective May 1, 2009

AUBURN WATER SYSTEM. Identity Theft Prevention Program. Effective October 20, 2008

MEMORANDUM. Municipal Officials. From: Karen Horn, Director, Public Policy and Advocacy; and Abby Friedman, Director, Municipal Assistance Center

Policy-Standard heading. Fraud and Corruption Policy

EXHIBIT A Identity Theft Protection Program. Definitions. For purposes of the Policy, the following definitions apply (1);

TITLE XVIII: IDENTITY THEFT PREVENTION PROGRAM

Is There Anyway to Prevent Fraud? Bill Gady, CGA CPA Partner

Checklist. Internal financial controls for charities. Contents. 1. Self-assessment checklist

Current Employment Opportunities Project Based Consultants

SMARTONE TELECOMMUNICATIONS HOLDINGS LIMITED

Xx Primary School. Finance Policy

identity Theft Prevention and Identification Requirements For Utility

City of Hercules Hercules Municipal Utility Identity Theft Prevention Program

Fraud Risk Assessment for Service Providers FRAUD RISK ASSESSMENT

Report To: Policy and Resources Committee Date: 17 November Report By: Chief Financial Officer Report No: FIN/63/09/AP/FB

Compliance Toolkit. Protecting Charities from Harm. Chapter 2: Due Diligence, Monitoring and Verification of End Use of Charitable Funds SUMMARY

IDENTITY THEFT PREVENTION PROGRAM

Fraud: Real Stories, Real People, Real Impact

POLICY NO. 449 IDENTITY THEFT PREVENTION POLICY

Fraud and internal controls, Part 3: Internal fraud schemes

Central Oregon Community College. Identity Theft Prevention Program

HEALTH SERVICE EXECUTIVE NATIONAL FINANCIAL REGULATION INTRODUCTION TO NATIONAL FINANCIAL REGULATIONS NFR - 00

II. F. Identity Theft Prevention

UNIVERSITY OF RICHMOND IDENTITY THEFT PREVENTION PROGRAM

Delta Township Compiled Policy Manual

Liberty County School District Purchasing Card Procedures

i-control Holdings Limited 超 智 能 控 股 有 限 公 司 (incorporated in the Cayman Islands with limited liability) (the Company )

SPG 223 Fraud Risk Management. June 2015

University of St. Thomas. Identity Theft Prevention Program. (Red Flags Regulation Response)

Anti-Bribery and Corruption Policy

LGMA Qld Governance and Corporate Planning Village Forum

IDENTITY THEFT PREVENTION PROGRAM

Identity Theft Prevention Program. Approved by the Arizona Board of Regents on May 1, 2009

Fraud Prevention Training

LOSS CONTROL SUPPLEMENTAL APPLICATION FOR INSURANCE COMPANIES

RADLEY ACURA RED FLAG IDENTITY THEFT PROTECTION PROGRAM and ADDRESS DISCREPANCY PROGRAM

UCLA Policy 313: Prevention of Identity Theft

A DOZEN IDEAS FOR SMALL BUSINESS FRAUD PREVENTION

Understanding Business Fraud Presenter Paul A. Rodrigues, CPA, MST, CFE, CFF, Principal Presenter David G Friedman, CPA, CFF, CFE, Partner

Benefits fraud: Shrink the risk Gain group plan sustainability

Fraud Prevention: The Prevention and Detection of Fraud Begins with You

Fraud Risk Management Procedures

FRAUD PREVENTION STRATEGY FOR UGU DISTRICT MUNICIPALITY (UGU)

Commercial Crime Insurance Application Form

Legal Digest. Money Laundering Offences In Singapore. Naina Parwani. An online repository of various articles published by our lawyers

Identity theft prevention program and red flag compliance policy.

Fraud Policy FEBRUARY 2014

Travis County Water Control & Improvement District No. 17. Identity Theft Prevention Program. Effective beginning November 20, 2008

I. Purpose. Definition. a. Identity Theft - a fraud committed or attempted using the identifying information of another person without authority.

MPS GROUP GLOBAL ANTI-MONEY LAUNDERING POLICY

DSU Identity Theft Prevention Policy No. DSU

Housing Benefit and Council Tax Benefit Anti Fraud Policy

CHECKLIST FOR INTERNAL AUDIT

Interagency Guidelines on Identity Theft Detection, Prevention, and Mitigation

Audit and Performance Committee Report

31-R-11 A RESOLUTION ADOPTING THE CITY OF EVANSTON IDENTITY PROTECTION POLICY. WHEREAS, The Fair and Accurate Credit Transactions Act of 2003,

IDENTITY THEFT PREVENTION PROGRAM (RED FLAGS)

Red Flag Policy and Procedures for Alexander Orthopaedic Associates

Final. Internal Audit Report. Creditors System

GUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012

Transcription:

An overview of the fraud threat to business, including the particular threat posed by electronic funds transfer fraud Every business is susceptible to fraud But some are more susceptible than others. That s because many business owners have weak accounting and financial skills, which means that they delegate control over the procurement and accounts payable functions to secretarial and accounting personnel. On top of that - whereas some companies are well aware of the risks posed by fraud and theft to their businesses and have strong anti-fraud measures and controls in place, including welldemarcated segregation of duties, independent reconciliations, and regular oversight and review - many companies rely heavily on trusted individuals, and there is often poor or non-existent segregation of duties and a complete absence of independent review over accounts and reconciliations. This makes it easy for dishonest personnel in companies to not only misappropriate funds, but to also cover their tracks and avoid detection. It s difficult to quantify the extent of fraud and theft in the business world for a number of reasons. In some cases the plundering of company funds goes totally undetected, in others it simply goes unreported. This non-reporting of fraud and theft may, of course, be down to the stigma and reputational harm that goes with admitting that internal systems and controls have been breached. Companies are, understandably, reluctant to disclose the fact that their own funds, as well as those of their customers and clients, are potentially at risk. Yet the failure on the part of directors, executives and managers of companies that have experienced fraud or theft to report certain criminal offences can amount to a criminal offence. In terms of Section 34 of the Prevention and Combating of Corrupt Activities Act (Act 12 of 2004), any person who is in a position of authority and who knows, or ought reasonably to have known, or even suspects that an act of fraud, theft, extortion, forgery & uttering or corruption involving an amount exceeding R100,000.00 has occurred, must report such knowledge or suspicion to the SA Police Services. But despite this criminalisation of non-reporting, what often happens when fraud is detected is that the accounting or secretarial personnel implicated in the irregularity are simply dismissed or asked to leave. This can, of course, have terrible consequences for the wider business world, as the dishonest employees may simply move on to other companies. Where they are very likely to do the same thing. Companies must therefore properly check the criminal histories of employment candidates (with the consent of the applicant) prior to their appointment to positions of trust. They must also do proper reference checks to ensure that they are not inheriting dishonest staff. It is equally important for companies to know that their accounting and/or secretarial staff members who may well have access to company or customer/client funds - are not experiencing extreme financial pressure. Regular proactive credit vetting, which is permissible to address the fraud risk in terms of the regulations to the National Credit Act of 2005, is therefore imperative. A checklist comprising possible red flags to look out for and best practices to prevent fraud appears below. The checklist is particularly relevant to small and medium-sized businesses, where there is no segregation of duties, little oversight, and where accounting responsibilities may be concentrated in the hands of a small number of individuals. Companies that deal with trust or other client funds are particularly susceptible to fraud and dishonesty, and they need to be ultra vigilant.

The psychological process behind fraud Before fraud takes place there is usually a convergence of a number of factors. These factors are described as pressure and opportunity, followed by a process of rationalisation. Consider the following checklist when evaluating staff: PHASE ONE: PRESSURE TO COMMIT FRAUD Fraud risk indicators or red flags Yes (Give Details) No Does the company screen all new employees for criminal history or bad credit record? Ensure that employment application forms ask questions relating to criminal record and bad debt. The form should warn applicants that the company will verify information and that submission of false information may lead to dismissal. Do staff members enjoy lifestyles that are not commensurate with their income? expensive cars, luxurious houses or holiday homes, private schooling for children, frequent or extravagant holidays. Are staff members financially stressed? Has the company noted creditor s demand letters being delivered? Are there regular telephone calls or messages to particular staff members from debt collectors? Are there a large number of emolument attachment orders on payroll? (Garnishee orders)? Are there employees whose personal circumstances may place them under financial pressure? Are there employees who have recently divorced? Are there employees who are involved in extra-marital affairs?

Are there staff members with dependency problems? Gambling, Alcohol, or Drug problems. PHASE TWO: OPPORTUNITY TO COMMIT FRAUD Internal controls Do many people have transactional authority? Are these authorities consistent with job descriptions and/or requirements? Is there appropriate segregation of duties as well as independent oversight regarding payments and reconciliations? Are accounting staff properly trained to service the internal accounting needs of the business? Are payments streamlined? Can the staff member processing EFT payments access supplier banking details? Are they able to amend banking details without director/management authorisation? Is the person who creates the invoices the same person who attends to the credit notes? Do all staff members declare their interests? (external business links and/or directorships) Are the activities of all staff reviewed regardless of seniority? PHASE THREE: RATIONALISATIONS FOR COMMITTING FRAUD Are there staff members who are disgruntled with the business? staff members who verbalise that they are worth more than the company is paying them, staff overlooked for promotion, staff who have not had an annual salary increase, staff under performance management.

Are regular performance assessments held where these issues are addressed? Fraud syndicates have discovered that many businesses are soft targets for fraud Many businesses have been targeted by fraud syndicates who will intercept an invoice in the post and then forward an adapted invoice with amended banking details to the customer. The customer will then make payment to an account that has just been created for fraudulent purposes. The fraudulent invoice is usually sent per facsimile to the customer and followed up with phone calls demanding immediate payment. Because the syndicate has intercepted the original invoice, the details of the amount owed and the goods supplied or work performed are completely accurate, making the fraudulent invoice appear legitimate. By the time company s own credit controllers query the nonpayment of the amount owed by the customer (at which point the fraud is discovered), the funds in the fraudulent bank account have been withdrawn and the syndicate has moved on. Consider the following checklist when evaluating your internal controls. The external EFT syndicate threat Check Are customers notified that the company has not amended its banking details? Are customers supplied with key contacts with whom to liaise to verify account details and check payment requests? Are customers notified that genuine company invoices are only distributed in a certain format; customers will not ordinarily be sent facsimiles or photocopies? Are authorised signatories attached to relevant documents? For large transactions, are two authorised signatories required from directors/management in different departments? Are spot checks conducted on company payments? Are random spot checks done where original invoices are viewed in order to ensure expenses are allocated correctly?

Are electronic signatures verified with sample signatory lists (electronic signature scanners)? Are customer s banking details confirmed with cancelled cheques or a stamped letter from the bank? Are matters closely controlled by directors/management? Are there alerts in place indicating when a matter is linked to an entity in which a staff member has an interest? EFT fraud is the latest threat to businesses in SA Electronic funds transfer (EFT) fraud is a recent phenomenon that has caused huge problems for South African businesses. EFT fraud is essentially the illicit electronic diversion of funds from the company s bank account to third parties to whom the funds are not d ue, usually involving manipulation of the accounting software programmes that are used to pay suppliers or service providers. When electronic funds transfers are made, banking systems in South Africa rely only on the account numbers to remit funds to the intended destination - the name of the entity being paid is not a critical factor. This creates opportunities for corrupt staff to create the illusion that they are paying legitimate suppliers, whereas in fact they are transferring funds to themselves o r friends and family. In larger companies the risk is that small amounts can easily be concealed amongst numerous daily transactions. In smaller companies the risk is that the accounting and procurement functions often reside in a single employee or a handful of employees, which makes the manipulation easier. Fictitious vendors can be created for services that are to be expected and, as long as the amount requisitioned for payment is consistent with the expected charge, directors or managers will ordinarily authorise the payment. Consider the following checklist when evaluating your internal controls. Check Are payment requisitions supported by vouchers and invoices? Is there a confirmation procedure in place for goods or services that have been rendered? Does someone other than the party requesting payment, independently confirm proof of delivery or rendition of services?

Is the sharing of passwords in the company a dismissible offence? (particularly applicable to passwords to the company s accounting system). Is there a regular system- generated password change? Do staff safeguard their passwords? (Not written down in diaries or readily accessible to third parties). Are staff members educated on the risk of password abuse? Do staff members agree in writing that they will not compromise their passwords? Are compromised passwords immediately changed? Changes to supplier banking information should require director authorization Check Is senior management/director authorisation a prerequisite for the amendment of any supplier bank account information on the system? Are software service providers consulted to ensure that a builtin early warning system for bank account changes is implemented? Is there sufficient confirmation information when registering a new vendor? (Note: cancelled cheque coupled to an invoice which reflects the banking and company registration information is not sufficient to prevent fraud.) Audit changes to bank account details at l east once a quarter

Check Does internal audit/finance management - in conjunction with the information technology department - audit changes to the banking system periodically? Is there a clear audit trail identifying users who have implemented changes to bank account details? If not, consult your IT service provider to create the requisite trail. Are amendments to banking details verified with the service provider and bank in question? The company should be able to insist on confirmation that the name of the account holder on their system matches the bank account number which has been adjusted) The vendor database must be cleaned Check Are vendors screened before they are registered as suppliers to the company? The company should perform checks on suppliers to ensure that they are genuine and are not linked to staff members, and further that they have competence in their professed area of expertise. Are there duplicate vendors on

your supplier database? Duplicate vendors must be removed from the system as the duplicates are often manipulated for fraudulent purposes. Stringent checks on duplicate databases before removing them to ensure that there is no link to staff members Does your system automatically detect duplicate invoice numbers and amounts? Consult IT service provider to automate this check, or Perform manual checks. Are frequent and random reviews on EFT payments conducted? Be aware that often additional payments are slipped into the payment process without any paperwork. Questionable false invoices as well as previously paid invoices are used to make the fraudulent invoice look legitimate. Has an independent review of the company s anti-fraud controls ever been performed? If not, consult fraud experts for advice on additional proactive measures.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information