With estimates suggesting that fraud and corruption could account for as much as 5-10% of total turnover in the global construction industry, it’s safe to say both present a significant threat to growth. However, whatever the size of your business and contracts, there are some steps you can take to safeguard your company’s income and reputation from falling foul of fraudulent activity that robs the AEC sector of approximately $1 trillion US Dollars annually.
Andy Sutton, FCCA, explains how those looking to protect themselves from fraud, should first take a look at their employees. After all, he observes, fraudsters are often the very last people you would expect them to be.
We’ve all heard it before; an organisation’s biggest asset is its people. This statement is driven by recognition that things like innovation, problem solving, ingenuity and high standards are down to individual characteristics. People change things, improve the organisation and lead to better performance.
Now it stands to reason that while people can indeed be the organisation’s biggest asset, by equal token and applying the law of zero (all ups have equal and opposite downs), they can also potentially be the organisation’s biggest liability. This could be on a simple level, such as by complete or partial incompetence by honest people who are just no good at what they do or don’t understand what they’re doing or who just don’t care. Moving on upwards, it could be by desire because they are feeling undervalued, badly treated, not listened to, underpaid, overworked, bullied, harassed, threatened, discriminated against, in debt, getting divorced, suffering a health scare or just generally cheesed off.
The risk of such occurrences can of course be guarded against to a degree by robust recruitment processes, by carrying out the proper checks before engagement so that those with a wilful disposition and bad previous record are not hired in the first place. The problem with this of course is that people can and do change, usually as their circumstances and lives change. From a business perspective we need to be able to identify these changes, particularly in relation to how a manager or employee changes in their attitudes towards work. In many cases high-end fraudsters are convicted with no previous record or form whatsoever and often it is a change of some type in their lives that is the trigger to commit the act. Employee opinion surveys may, to a degree, help but they are no substitute for a properly conducted ongoing risk assessment. So what should such an assessment cover?
Firstly, we have to consider the conditions that are generally present in an environment where fraud is likely to occur. When a serious crime takes place such as murder, then there are usually three things that the investigators firstly focus on; motive, means and opportunity. Committing fraud and the perpetration of other serious crimes is not that much different. Firstly, the would-be fraudster would have an incentive or be under a degree of pressure which provides a reason to commit the fraud.
Secondly, they would have in their minds a rationalisation or justification to commit the act, often driven by the negative feelings mentioned earlier or because of a complete absence of any sense of decency and trust. The case not too long back of the Lloyds Bank Head of Fraud and Security for Digital Banking is interesting and provides a mind-set insight in this regard. The individual involved committed a £2.5m fraud and was jailed for 5 years, telling investigating officers she deserved the money because she was rising at 5.30am and returning home at 8pm. She said: "I saw the opportunity and thought: Given the hours I work I deserve it. If I went to work for another company I would probably be earning four times as much." This last bit was the justification.
This leads us to the third condition present; opportunity. Usually, an absence of controls or ineffective ones or the ability to override them will eventually, at some point, lead to acts of fraud, particularly when allied with one or more of the other conditions mentioned. Override controls are interesting as almost by definition these are perpetrated by management, often senior management, who find themselves in a unique position to do this. So it becomes absolutely essential not to have any dubious officials at high levels in the organisation. If this is the case, then it can be very difficult to address from within the organisation - ask FIFA! Assuming, and it’s a very big assumption, that all of the senior management team are honest, well-meaning and diligent individuals who don’t think that Ethics is a county in southern England, then for the rest of the organisation it is perfectly possible to implement an effective ongoing assessment and monitoring process.
The basis of this process is that managers have to have their fingers on the pulse of their areas at all times and be able to gauge how their people are in terms of motivation, happiness, demeanour, attendance and general intent towards their daily work. Likewise these managers also need to be similarly monitored by their superiors. The key is in identifying changes. Does the heartbeat continue to remain normal or has it increased slightly or moved into the red and become dangerously high?
The first stage is to identify the areas of the business that are susceptible to a high degree of fraud risk. These will traditionally include those people dealing with client monies, processing receipts and payments, dealing with third parties, exercising a degree of significant accounting estimate or management judgement or override, processing accounting transactions (in particular posting journals), debt write-offs, refunds, control accounts, bank reconciliations, cash handling and those dealing with clients who may be deemed vulnerable or inexperienced.
Once high and medium risk areas have been identified, then on at least a quarterly basis, managers on the ground need to assess the current position and fraud risk rating, by paying particular attention to any changes affecting their people. This will include such things as; the impact of pending reorganisations or relocations, job threats, changes to roles, having to reapply for jobs, absenteeism and attendance trends and changes (increased sickness, loss of punctuality, ad hoc time off etc.), changes in attitudes to fellow colleagues, becoming quiet and withdrawn, body language changes, sudden reluctance to be flexible or go to meetings, meeting people regularly off-site during working hours and so on. It is essential that local managers are able to make these assessments and the overall assessment that the perceived fraud risk has not changed, decreased or increased in their areas.
This process will not replace existing anti-fraud measures such as ensuring that there are effective whistleblowing and employee opinion survey processes and sophisticated transactional level fraud detection techniques in place. It is designed to supplement existing processes and controls and to be a people control, operated by people and gauging the effects of pressure points on people in their everyday work. Done effectively, it will prove a very useful fraud preventative measure and identify hot spots where the risk is increasing, performance is deteriorating and where appropriate management action needs to be taken. Remember, there’s nowt so weird and unpredictable as folk and fraudsters are often the very last people you would expect them to be.
In 2013, Grant Thornton – one of the world’s leading organisations of independent insurance, tax and advisory firms - identified the eight types of fraud most common in the construction industry. With vigilance key to protection and prevention, businesses are often rendered susceptible, simply because they don’t know where to look.