If there’s a problem that many organisations won’t even admit, how can that organisation detect the problem, train staff to recognise it, and convince the board to act on it’
‘My perception is that fraud is clearly a major, growing problem for organisations. Whether they want to own up to it is another matter.’ Such was one of the personal views of Martin Robinson, Head of Internal Audit Training for Lloyds TSB, given to the American Society for Industrial Security spring seminar in central London. Why is fraud and white-collar crime a growing problem’ he asked. Delayering means that organisations are getting rid of managers, who may have reduced risk in the past. Public and private bodies alike are not always aware of frauds, he added. Martin Robinson, director of the Fraud Advisory Panel, said that the panel invited business leaders to a dinner. The heads of responsible companies were happy to talk about the problem of fraud, yet honestly did not think it affected their firms. Fraud awareness has to permeate to the top, Martin Robinson commented. ‘Many frauds comes from a lack of basic controls. Many frauds aren’t that clever,’ he said. The causes: poor recruitment, lack of segregation in the back office.
<br><br>
However, even if a company has a fraud investigation team, does anybody want to own it’ ‘Anything to do with security, risk and fraud is quite a political hot potato,’ he said. If a company has a fraud unit, does that mean that company has a fraud problem’ It’s the last thing people want to admit – because of your competitive position, and in case the case reaches the press. Nor do companies want to bring in the police, for fear of raising the fraud’s profile. Martin Robinson asked some pointed questions: are mechanisms in place to investigate big frauds, and learn from them’ Why devote people and resources to something that (you think) will never happen to you’ Nor is fraud reporting consistent. When does an operational loss become a fraud’ he asked – adding his view that it’s a cloudy topic.
<br><br>
Because of the TurnbullReport, companies have to understand that risk is embedded in their organisation; hence everybody ‘owns’ risk problems, whether their workplace is a call centre, or factory. Hence the Fraud Advisory Panel’s call for an awareness campaign. Putting across the concept that all managers own risk (though many may have to call in experts if they come across a fraud problem) will take years, Martin Robinson suggested, because managers will say: how do you expect me to do this on top of what I am already doing?
<br><br>
The role of audit varies between organisations, he went on. Internal audit would not normally include fraud, but it would be embarrassing it a huge fraud was detected after an audit. He stressed the importance of benchmarks for identification, reporting and investigation of fraud. Auditors should be the eyes and ears of an organisation, educating the rest of the business on what could go wrong, identify the roots of fraud, and learn, he added. That should involve asking line managers: have you had any fraud in the last 12 months, and never mind that the manager may be upset by the question. Managers do not have time, he said, so if auditors do not educate managers on fraud, nobody will. Martin Robinson said it was important to share details of fraud problems throughout an organisation, in case of collusion between departments. He suggested benchmarking with other organisations, possibly through informal chats. In a word, auditors should be fraud risk management champions, he said. The way forward, he concluded, was to promote a fraud prevention culture, coming from the top. It would require a statement from the top of the organisation on how fraud and misdemeanours – such as removing company property, and fraudulent expense claims – will be dealt with. That way, the organisation is setting out its stall that fraud is unacceptable.
<br><br>
Quoting from surveys that suggest teenagers are more likely to see nothing wrong in fraudulent behaviour, Martin Robinson pointed out that fraud-risk education should be for young people entering the business, not just the specialists. Hence he quoted the recently-published Fraud Risk Management ‘ A Guide to Good Practice, from the Chartered Institute of Management Accountants.
<br><br>
In the question and answer session, Martin Robinson gave his view of the relation between security, risk and audit: ‘There’s a huge link between the work security managers do and the work risk managers and auditors do.’ He called on security and risk managers to work together more, although they may be in different units, even working to different directors. Ernest Hopkins of The Esher Bureau agreed, pointing out that one role of the security manager was the preventing of fraud. Chris Smith, ASIS UK Chapter Vice-Chairman, and Head of Security at Deutsche Bank, asked about IT filtering software to combat fraud. Martin Robinson replied that anecdotally such software can be powrful, but there was the question of cost and time to set parameters.
