Chair: Dr. Janice Goldstraw-White
Gareth Cottrell – Fraud Services Manager – Royal Cornwall Hospitals NHS Trust
Liz Sandwith – Chief Professional Practices Adviser – Chartered Institute of Internal Auditors
Capt Mayank Singh – Global Security and Investigations- India & APJ
This session is sponsored by
Gareth Cottrell suggests there is a strong rationale for regarding fraud as opportunistic. He states that internal frauds account for roughly half all the frauds committed against many organisational types, though the vast majority of employees do not enter employment with the intention of defrauding their new employer. More commonly, during the course of their employment they happen across a weakness in the system and choose to dishonestly exploit it. He notes how in the national health service, frauds are categories in several ways, but not whether that fraud is opportunistic or not, focusing more on identifying whether any system weaknesses exist. Gareth feels that in recent years there has been more of a move towards target fraud with criminals using IT to commit their crimes. He believes fraudsters display very human traits and in particular they want to maximise their returns for the minimum of effort and risk, and that they will continue doing ‘what works’ until they are caught, or the returns are no longer worthwhile. Gareth believes with the move increasingly to the online world, that fraudsters are able to commit their crimes across international boundaries and suggests that they may feel immune from being held to account when their victims are in far-off countries.
Liz Sandwith notes that billions of dollars are lost to fraud and corruption every year, some with catastrophic results, and often occur because of poorly designed controls and weak governance, undermining organisational processes. Therefore, from her internal audit perspective, she suggests that organisations need to have robust internal controls to minimise the risk of fraud, and for internal audit to assess the effectiveness of these controls. Liz believes that some fraud is opportunistic, committed by employees who seek out such opportunities, but also that there are instances where fraud occurs unintentionally. For example, when a member of staff identifies a weakness by accident, takes advantage of that opportunity, and a fraud occurs. Liz therefore sees the need for organisations to have strong controls – both detective and preventative, but also to have the right culture, where fraud risk is considered and detective controls that highlight when things go wrong. She references these to Cressey’s fraud triangle where the three factors of motive, opportunity and rationalisation need to be present. Liz strongly believes that alongside good controls and strong governance, there should be greater visibility around staff who commit fraud, so that others know the consequences of such actions.
Mayank Singh agrees with the other panellists in that weak controls play an important part in allowing many crimes to be committed. However, he notes that gangs and organised criminals are increasingly using technology to commit offences in a more sophisticated way than seen before, which can yield better desserts for them. He also believes that some crimes set up the conditions for others, such as selling on stolen items. Mayank notes that social and technological changes have increased the incidence of insider threats by employees to acquire data and money, but that customers are also a threat too. He points out that the fraud triangle clearly sets out that there has to be an opportunity for a fraud to be committed, even if that opportunity is not clearly visible. Employees are ahead of organisations in knowing which controls are weak, therefore, organisations need to more proactive in taking corrective action to avoid frauds occurring.
This webinar highlighted that much fraud is still opportunistic, but that recent changes in IT and the use of the Internet have contributed to crimes being committed via new methods and sometimes involving different types of offenders from what we have traditional seen. It has highlighted that the using IT systems, to both detect and prevent fraud need to be steps ahead of that used by criminals, and at the moment that is severely lacking. The importance of effective internal controls and good governance in organisations, along with establishing a strong anti-fraud culture therefore, cannot be over-stated.
Dr. Janice Goldstraw-White
8th July, 2021