Themes are a valuable part of the fraud prevention equation and it’s imperative that someone in your organization tracks the fraud risk themes and revenue/information/data loss trends occurring at companies around the globe.
Tracking fraud themes is critical but paying attention to what the themes are telling you about vulnerabilities in your fraud prevention/detection program is perhaps even more important than the theme itself.
In 2014, we tracked fraud themes across a number of industry verticals. One of the common themes we observed across all verticals was the continued number of “old school” type frauds that took place.
Old School Frauds
Bad actors are creative… they have to be to continue perpetrating the crime successfully as corporate fraud defenses tighten. This means that new age, innovative frauds happen daily. It doesn’t, however, mean that all fraud schemes are things we haven’t seen before.
What’s old is new again. Bell bottom jeans proved that. Retro is hip and fraudsters are definitely “kickin it” old school.
Old School: Anything that is from an earlier era…
Old school frauds, like embezzlement, continue to happen at companies around the globe despite companies attempts to prevent internal victimization. There are definitely foxes in your financial henhouse and this leads us to pose the question: are your internal controls fashionable or functional?
In our last Fraud News Update of 2014, we featured a large “seven figure, internal, old school fraud” committed by a management employee at Symantec, a security company.
The Big O
The fact that a major event of this nature occurred at such a high-profile industry player like Symantec may be one of 2014’s biggest fraud oxymoron’s.
Oxymoron: “a figure of speech in which apparently contradictory terms (security + company) appear in conjunction with each other.”
Lessons learned are a valuable part of the fraud prevention equation and the jury’s still out on what Symantec will learn from this internal theft experience.
What Will Symantec’s “Lessons Learned” Policy Reveal?
Once the dust settles at Symantec, they’ll have to go back and look at the events that lead up to their internal fraud if they haven’t already. The post event focus (more commonly referred to as a “Lessons Learned Policy”) should be on the internal controls that were involved in, or contributed to, the fraud loss.
Were their internal controls fashionable (largely ignored, publicly required SOX internal controls – “window dressing?”), or functional anti-fraud tools which were simply overridden by employees?
The end result (a million dollar, multi-year, multi control breakdown fraud) suggests that the answer’s already known.
Symantec’s reality: The mere fact that a large-scale, old school fraud occurred suggests that the internal controls were either inadequate or fashionable window dressing that were largely ignored or lacking management attention to.
Unique fraud event or common corporate pattern?
Given the big dollar, long-term embezzlements that we saw in 2014, old school, supersized frauds like this one were prevalent at companies around the globe and Symantec’s definitely not alone in this boat.
The Last Word – Fraud Control: Fashionable or Functional?
Having internal controls because laws and regulation requires you to is fashionable.
Having internal controls that are effective, fraud prevention tools which are constantly assessed, evaluated and revamped in line with current fraud themes is functional.
Remember, bad actors are still kickin it old school and despite what many people errantly believe “it can happen” at your company.
To effectively beat old school fraud schemes, “functional over fashionable” is the name of the internal control, fraud prevention, detection and risk mitigation game. Otherwise, the question you have to ask is “how many ‘Benjamin’s’ can we afford to lose and still be profitable?!”
Those are our insights. What are yours?
For more information on how we can help your businesses prevent risk, reduce major fraud losses and improve operational ROI, contact us to schedule an initial consultation. No obligations…just unique insights from an industry leader.