Fraud loves Christmas. Andrew Durant provides a checklist of actions for finance staff to undertake before and after the festive holiday that will help prevent fraud or spot something out of order.
The Finance Director had been acting strangely for weeks - he said this was due to work pressures in the lead up to the year-end. He was due to return from the Christmas break in the first week of January but called in ill. Three weeks later he had still not returned to work and it was only when his deputy performed the month-end bank reconciliation that the alarm bells started to ring - there was a £1m discrepancy.
Christmas and New Year, like any holiday period, is a boom-time for fraudsters. Most businesses run on a skeleton staff over the Christmas holiday and even office-bound senior executives are away on holiday, meaning that fraudsters can take advantage of little or no close supervision.
Also, there is frequently an increase in the number of temporary staff in the workplace who could either take advantage of their position to commit a fraud, or facilitate a fraud taking place because of their lack of knowledge and training in company protocol.
Even the most conscientious of employees can fall prey to holiday fever and take their eyes of the procedural ball. Fraudsters can take advantage of this lack of attention.
The holidays, and in particular the days between Christmas and New Year, represent a window of opportunity for fraudsters to commit a fraud, cover it up, and disappear with the proceeds.
This year, as a result of the looming recession and general economic crisis, companies and organizations are even more likely to fall victim to crime; whether it be the misappropriation of cash and other assets by individuals looking to line their own pockets, or financial misstatement fraud by employees worried about losing their jobs and trying to stop the axe from falling by massaging their department's figures.
Employees tend to fall into three categories. They are either:
- completely honest
- completely dishonest
- people that may commit fraud depending on the external pressures put upon them.
Completely dishonest individuals are usually screened out by a company's staff vetting procedures pre-employment. Therefore, the biggest risk category is number three, and this year the external financial pressures that might trigger a person to commit fraud are more significant than they have been for a decade.
The recommendations are that companies and organizations should take the following steps in three key areas to help defend themselves against fraudsters this festive season.
Give the head of security a schedule of the staff that plan to be in the office between Christmas and New Year. If anyone turns up for work who isn't on the list, security should call a senior member of staff to check whether that person should be let on to the premises.
- Don't rely on temporary staff over the Christmas period. Somebody in a senior position should still be responsible for overseeing their work.
- Temporary staff should be adequately vetted and references followed-up, especially in high risk areas such as IT and finance.
- Don't cut corners because of key staff absences, such as giving temporary staff access codes or sharing passwords.
- Review the Fraud Response Plan and make sure that the contact details for key members of the fraud response team, both internal (such as the HR director and head of IT) and external (such as the company's solicitor) are updated so that they can be contacted if they are abroad on holiday or staying with relatives.
Continue the back-up routine as normal over the Christmas period, even if your business shuts down for the holidays. Make sure that you have sufficient back-up tapes and closed-circuit television capacity. This will provide a worthwhile trail to follow should anything untoward happen.
- Many companies and organizations turn off the logging function to conserve memory. Keep the logging function switched on as it will tell you what people were doing in the workplace and what documents or programs they accessed. It is vital to have a record of what games the mice have been playing while the senior executive cats have been away and there has been reduced supervision.
- Disable the remote access to the company system. Lots of companies allow staff to dial-in from home to facilitate flexible working over the holidays. Conduct a risk assessment of the systems employees really need to access, such as the e-mail system, and selectively turn off the rest, such as the invoicing system. These needs will vary depending on whether your business is manufacturing or financial services.
- The holidays present an ideal opportunity for malefactors to shut themselves away in a quiet office and steal confidential information: copying it to external drives such as digital cameras and mobile phones. Selectively disable computer USB drives so that staff can continue to use the USB keyboard, but prevent copying to external media.
- Make sure that the member of staff left in charge of the IT function is familiar with their role in the event of a fraud.
- If the office is closed over the holidays, it is good practice for an alert to be set such that a senior executive is alerted if anyone uses the phone, fax, or Internet - if the office is open this alert might be limited to certain hours, such as at weekends or between 7 p.m. and 7 a.m.
Don't take short-cuts with the authorization process to accommodate key staff absences. Make sure somebody is in the office over the holiday period that can authorize appropriately.
- Don't be tempted to pre-authorize: don't sign invoice authorization forms and blank checks.
- Pay special attention to requests made under the urgent payment system. Fraudsters may try to duck the system of controls by rushing a request through as an urgent payment.
- Fraudsters frequently target banks during the holiday period to process payments when nobody is in the office with whom they can check. Before the holidays, call the bank and set a limit for payments and transfers above which the bank cannot go without calling for approval first.
- Send the bank a list of payments which you expect to be processed over the holiday period. Make sure the payment requests are signed by two directors. The bank should call to check if additional payment requests are made.
- Log any changes to supplier master files and payroll data. Fraudsters frequently change the address and bank details during the holidays when nobody is around. Pay particular attention to changes to suppliers you pay regularly.
On returning to the office
- Speak to security and find out who was at work over the holiday period.
- Review banking records for any unusual or unexpected transactions.
- Review the company's accounting system for any unusual transactions.
- Perform year-end reconciliations as soon as possible and verify all reconciling items.
- Watch out for any unexpected non-attendance at work.
- Check the IT logs to see if there was any unexpected system access.
- Review any changes to master files.
- Review year-end journals for any large round sum amounts or any that may have been processed at unusual times (e.g. late at night or at the weekend).
- Watch out for any unusual behavior by members of staff. Is anyone avoiding meetings or showing symptoms of stress?
- Make a note of any changes in employee's lifestyle as this can be a strong clue to a fraudster's identity.
About the author
Andrew Durant is a managing director in the Disputes & Investigations Practice with Navigant Consulting in London. He heads the fraud investigations team
Reprinted from our sister site, FinanceWeek.co.uk