President Ronald Reagan was using an old Russian proverb, in speaking to Soviet President Mikhail Gorbachev about an arms control treaty when he said to him in Russian — doveryai, no proveryai, “trust, but verify.”
Companies today face all sorts of external fraud threats. Thieves will steal credit cards and use them to make fraudulent purchases. Hackers will steal credit card numbers and personal information to steal money and identities. Unscrupulous vendors will send multiple invoices, ship fewer items than were invoiced, or invoice at prices and/or terms different from the contracted conditions. These external fraud threats receive a lot of attention from companies.
Proactive fraud control is a hard sell for most companies. It’s hard to think about “insiders” acting in ways contrary to a company’s mission. Companies want to trust, but many are hesitant about the “verify” part of the old Russian proverb. As Matthew Hammond, an 18-year specialist in EY’s fraud investigation and dispute services, said in this article from The New Zealand Herald, “… time and time again I hear from organizations ‘we’ve never had a fraud’. Well that’s not the case. What they actually mean is they’ve never detected fraud because they’ve never gone looking for it.”
I have heard the “we’ve never had a fraud” comment from a surprising number of organizations over the past ten years. I heard it from the well-regarded southeastern university who subsequently identified two well-publicized purchase card frauds totaling over $1.5 million. I heard it from the electric grid operator who subsequently fired a senior executive and four managers for their roles in a $1 million fraud eventually reported by whistleblowers that subsequently led to the resignation of the CEO. Six people were eventually convicted of contract fraud and bribery. I have heard this comment from technology companies, professional services firms, and manufacturers. Interestingly, I have not heard this from retailers or banks.
In the 2013/2014 Annual Global Fraud Survey commissioned by Kroll and executed by the Economist Intelligence Unit, 630 of 901 senior executives polled reported at least one type of fraud in the previous year. Interestingly, 74% of these frauds involved insiders. Clearly, fraud remains an inside job. To quote from The New Zealand Herald article again, Daniel Toresen, a 25-year specialist in detecting business fraud says, “The things that we're dealing with today are the same things that we were dealing with 15 years ago. The methods haven't changed, the people that we're dealing with haven't changed, nothing has really changed. I think that fraud and workplace theft is just a constant.”
While insider fraud may be a reality, it doesn’t make it easier for companies to consider. Organizations want to think the best of their employees and want to treat everyone with the respect and dignity that the 99.9% of employees deserve. Most of our companies want to promote behavior that is in compliance with company policy rather than play a game of “gotcha!”
The good news is that fraud protection against insiders has become very affordable through the availability of cloud-based expense audit solutions like Oversight Insights On Demand™. Better yet, they can be cost-justified based on hard savings realized through identifying and addressing improper payments that aren’t fraud. As an example, every year the US Department of Defense identifies and prevents over $2 billion in improper payments from occurring as a result of using automated analysis powered by Insights On Demand to identify vendor errors that would otherwise lead to improper payments. Our commercial customers tell us that they pay for their automated monitoring and analysis as early as the first four to six weeks of use. And because this process can be automated so that human review is focused only on the potential problems, protection can be realized for a small investment in effort.