Every business is susceptible to fraud

But some are more susceptible than others. That’s because many business owners have weak accounting and financial skills, which means that they delegate control over the procurement and accounts payable functions to secretarial and accounting personnel.  On top of that - whereas some companies are well aware of the risks posed by fraud and theft to their businesses and have strong anti-fraud measures and controls in place, including well-demarcated segregation of duties, independent reconciliations, and regular oversight and review - many companies rely heavily on trusted individuals, and there is often poor or non-existent segregation of duties and a complete absence of independent review over accounts and reconciliations.  This makes it easy for dishonest personnel in companies to not only misappropriate funds, but to also cover their tracks and avoid detection.

It’s difficult to quantify the extent of fraud and theft in the business world for a number of reasons.  In some cases the plundering of company funds goes totally undetected, in others it simply goes unreported. This non-reporting of fraud and theft may, of course, be down to the stigma and reputational harm that goes with admitting that internal systems and controls have been breached.  Companies are, understandably, reluctant to disclose the fact that their own funds, as well as those of their customers and clients, are potentially at risk.

Yet the failure on the part of directors, executives and managers of companies that have experienced fraud or theft to report certain criminal offences can amount to a criminal offence. In terms of Section 34 of the Prevention and Combating of Corrupt Activities Act (Act 12 of 2004), any person who is in a position of authority and who knows, or ought reasonably to have known, or even suspects that an act of fraud, theft, extortion, forgery & uttering or corruption involving an amount exceeding R100,000.00 has occurred, must report such knowledge or suspicion to the SA Police Services.  But despite this criminalisation of non-reporting, what often happens when fraud is detected is that the accounting or secretarial personnel implicated in the irregularity are simply dismissed or asked to leave.  This can, of course, have terrible consequences for the wider business world, as the dishonest employees may simply move on to other companies.  Where they are very likely to do the same thing.

Companies must therefore properly check the criminal histories of employment candidates (with the consent of the applicant) prior to their appointment to positions of trust. They must also do proper reference checks to ensure that they are not inheriting dishonest staff.  It is equally important for companies to know that their accounting and/or secretarial staff members – who may well have access to company or customer/client funds - are not experiencing extreme financial pressure. Regular proactive credit vetting, which is permissible to address the fraud risk in terms of the regulations to the National Credit Act of 2005, is therefore imperative.

A checklist comprising possible red flags to look out for and best practices to prevent fraud appears below.  The checklist is particularly relevant to small and medium-sized businesses, where there is no segregation of duties, little oversight, and where accounting responsibilities may be concentrated in the hands of a small number of individuals.  Companies that deal with trust or other client funds are particularly susceptible to fraud and dishonesty, and they need to be ultra vigilant.

Click here to view checklist.

Fraud syndicates have discovered that many businesses are soft targets for fraud

Many businesses have been targeted by fraud syndicates who will intercept an invoice in the post and then forward an adapted invoice with amended banking details to the customer. The customer will then make payment to an account that has just been created for fraudulent purposes.  The fraudulent invoice is usually sent per facsimile to the customer and followed up with phone calls demanding immediate payment.  Because the syndicate has intercepted the original invoice, the details of the amount owed and the goods supplied or work performed are completely accurate, making the fraudulent invoice appear legitimate. By the time company’s own credit controllers query the non-payment of the amount owed by the customer (at which point the fraud is discovered), the funds in the fraudulent bank account have been withdrawn and the syndicate has moved on.  Consider the following checklist when evaluating your internal controls.

Click here to view checklist.

EFT fraud is the latest threat to businesses in SA

Electronic funds transfer (EFT) fraud is a recent phenomenon that has caused huge problems for South African businesses. EFT fraud is essentially the illicit electronic diversion of funds from the company’s bank account to third parties to whom the funds are not due, usually involving manipulation of the accounting software programmes that are used to pay suppliers or service providers. 

When electronic funds transfers are made, banking systems in South Africa rely only on the account numbers to remit funds to the intended destination - the name of the entity being paid is not a critical factor.   This creates opportunities for corrupt staff to create the illusion that they are paying legitimate suppliers, whereas in fact they are transferring funds to themselves or friends and family. In larger companies the risk is that small amounts can easily be concealed amongst numerous daily transactions.  In smaller companies the risk is that the accounting and procurement functions often reside in a single employee or a handful of employees, which makes the manipulation easier. Fictitious vendors can be created for services that are to be expected and, as long as the amount requisitioned for payment is consistent with the expected charge, directors or managers will ordinarily authorise the payment.  Consider the following checklist when evaluating your internal controls.

Click here to view checklist.