Section 4: Incidents of fraud

Question

32. How many incidents of fraud or corruption are you aware of at your organisation in the last two years?
33. What is the total dollar amount of all incidents of fraud and corruption that you are aware have occurred at your organisation within the last two years?
34. In the most recent incident of fraud or corruption within your organisation that you are aware of, the main perpetrator(s) was?
35. In the most recent incident of fraud or corruption within your organisation that you are aware of, that involved internal parties, the main perpetrator(s) was?
36. In the most recent incident of fraud or corruption within your organisation that you are aware of, what type was committed? You may choose more than one answer)
37. In the most recent incident of fraud or corruption within your organisation that you are aware of, how was it detected? (You may chose more than one answer)
38. In the most recent incident of fraud within your organisation that you are aware of, what was the estimated dollar amount involved?
39. In the most recent incident of fraud or corruption within your organisation that you are aware of, what was the main reason that enabled it to occur?
40. In the most recent incident of fraud or corruption within your organisation that you are aware of, what action was taken against the perpetrator(s)?

Incidents of fraud – mostly internal and by one person acting alone

The incidence of known fraud in the public sector appears to be relatively low, with 22.5% of respondents indicating that they were aware of at least one fraud that had occurred in the last two years. This is a pleasing result and lower than we expected.

Local Government respondents (33%) reported a higher incidence of fraud than Central Government respondents (28%). Schools reported a very low (8%) incidence of fraud.

Half of the organisations with more than 500 employees reported incidences of fraud. 9% of the organisations with fewer than 25 employees reported incidences of fraud. This correlates with the findings of PwC’s 2009 Global Economic Crime Survey, where 50% of the public sector respondents (who tended to be in larger organisations) reported at least one incident of economic crime in the previous 12 months.

In this survey, of those 22.5% of respondents who reported at least one incident of fraud or corruption, 26.5% involved theft of cash while 17.1% involved fraudulent expenses claims. Interestingly, more respondents identified payroll fraud occurring than false invoicing. Often, we see the reverse occurring.

Of those respondents who said that their organisation suffered from fraud in the previous two years, most (61.2%) report that the total value of losses was less than $10,000.

Most fraud (77.4%) was internal and committed by one person acting alone. This was consistent across Central Government (76%), Local Government (83%) and Schools (71%). There were some instances where collusion had been suspected. Internal fraud is a significant risk for all organisations. This is because staff know the organisation, know the systems and processes, know the weaknesses and are trusted.

The main perpetrator indicated by respondents was an operational (46.3%) or administration/support service person (22.2%). However, we have noted that during the current challenging economic environment, internal fraud is increasingly committed by those at managerial level and above. This is of concern because some managers can override controls and potentially better conceal their offending.

Just under half of the known frauds (45.0%) were detected by internal control systems. Internal tip-off other than through a formal whistleblower system (25.0%) was the next highest method of detection. This correlates with our own experience of how frauds tend to be discovered in New Zealand.

An established whistleblower system accounted for 3.8% of reports. This may seem surprising given how well whistleblower systems are regarded. However, this may be explained by the  fact that 74.7% of respondents (across all roles and sectors) said that their organisation did not have a whistleblower hotline and a further 13.7% did not know if their organisation had one. According to the Association of Certified Fraud Examiners’ 2010 Global Fraud Study, those organisations that have a whistleblower hotline in place have a 59% reduction in median fraud losses. We believe a well-communicated whistleblower system is one of the best tools that an organisation can employ to help mitigate the risks of fraud and other reputational harm. However, the success (or otherwise) of a whistleblower system depends to a large degree on how it is set up, operated, communicated and accepted by the organisation.

Organisations that had a specific fraud policy that was regularly communicated to staff, in general, suffered fewer incidents of fraud.

The survey also indicated that those organisations that had communicated previous incidents of fraud to staff, and where there was a culture in which it was safe and encouraged to raise concerns of potential fraud, also had generally fewer incidents of fraud.

According to the respondents, the main reasons for fraud occurring are that the person did not think they would be caught (40.1%) and internal controls were not followed (26.8%).

The thought that perpetrators believed they would not get caught may be symptomatic of fraud not being taken seriously by management. Many public sector organisations have been required to find cost-saving measures, which often can be found only by reducing staff numbers or utilising the available staff differently. Should this result in reduced audit activity then this may add to the sense that “no one is checking”. This was also one of the findings of the PwC 2009 Global Economic Crime Survey, which indicated a significant fall from the 2007 survey in frauds identified by internal audit. When this was explored further, it became apparent that internal audit resources were being adversely affected by cost cutting. Respondents were also keen to promote that they trusted their staff and colleagues to do the right thing. Unfortunately trust is not a fraud control. Trust needs to be verified to ensure the resources of the organisation are properly utilised and staff wellbeing is protected.

Perhaps alarmingly, given respondents indicated a high desire for matters to be reported to the Police (78% in their answers in Q30 said they would make a report), in only 26% of cases where fraud was identified was the person dismissed and a report made to the Police. The actions of some managers appear inconsistent with any messages that fraud and corruption will be treated seriously. Where fraud has occurred but goes unpunished, staff confidence in management can be seriously eroded. This may have an adverse effect on staff who would otherwise report their suspicions of fraud.

In 14.1% of the cases, the person was dismissed without any referral to the Police. This brings the risk that an employee suspected of committing fraud may go onto another organisation and continue their fraudulent behaviour. We are aware of numerous instances of this occurring.