Fraud risk management: a guide to good practice
Although external auditors did not detect many cases of fraud, internal auditors on the other hand were found to be the most successful in identifying serious frauds. Risk management procedures were also found to be one of the more useful methods. If resources will allow it, an organisation should establish a strong internal audit function that monitors and advises on risk management and actively looks for instances of fraud.
A lot of frauds, however, are discovered accidentally or as a result of information received, either via a tip off or through a whistleblowing hotline. In many cases, greater losses are suffered as a result of employees at all levels ignoring the obvious. It is everyone’s responsibility to find and report fraud and irregularity within an organisation, and it is therefore essential that an organisation has appropriate reporting mechanisms in place to facilitate this.
Frauds may also be discovered as a result of controls and mechanisms put in place on the advice of internal and external auditors. Case study 7 Tipped off A bank clerk who helped fraudsters to fleece customers out of nearly £500,000 was originally identified as a result of a tip off. Ruth Akinyemi passed on the personal details of eight wealthy Barclays account holders, including dates of birth and account passwords. The thieves to whom she gave the details then posed as real customers and emptied vast amounts of money from the bank accounts. One victim lost nearly £400,000 in just four days. Investigators received an anonymous tip off that Akinyemi was the insider and she was suspended pending investigation. Due to insufficient supporting evidence, the bank initially cleared Akinyemi of any involvement. She simply switched branches and continued with the scam. The computer system revealed the involvement of a bank insider in subsequent frauds and investigators were able to go through computer records and identify the accounts that Akinyemi had accessed using her ID and password. Akinyemi was convicted of conspiracy to steal and sentenced to 18 months imprisonment in September 2008. The operators of the fraud have never been traced and most of the money is still missing.
38