Is your business vulnerable to fraud?

How to

Focus on potential internal threats


Australia has the fourth highest percentage of reported economic crime in the world, according to the PwC Global Economic Crime Survey 20141  – with 57% of Australian companies reporting economic crime between 2012 and 2014.

However, PwC partner and forensic services leader Malcolm Shackell explains this is not necessarily bad news as it indicates “Australian organisations take a more serious approach to detecting, investigating and reporting economic crime than other countries.”

Given the rise in fraudulent attacks on Australian companies – and the potential of those crimes to cause significant financial loss - it’s essential to be proactive in protecting your business, rather than simply dealing with cases as they are detected. So what can you do?

Smaller businesses are often more vulnerable to fraud than their larger counterparts, as they typically employ fewer anti-fraud controls. Often, the losses could have been preventable had there been strong internal controls in place.
Trevor Fairall, Macquarie Banking and Financial Services Group.

Focus on potential internal threats

Interestingly, your biggest threat is probably not an external cybercriminal, but your own staff.

Just over half the Australian businesses surveyed reported the main fraud perpetrator is internal and procurement fraud is the most common type of global economic crime after asset misappropriation. For Australian businesses, this is mostly around supplier contacts or maintenance payments.

As we’ve reported previously, commonly reported economic crimes also include:

  • creating false suppliers, with payment made to the fraudster's bank account
  • creating fake purchase orders for a bona fide supplier, with payment to the fraudster's bank account details
  • inflated or bogus expense claims
  • manipulation of financial data to receive performance-based bonuses
  • faking time sheets
  • private purchases through business accounts or credit cards
  • providing free or discounted goods and services to friends and associates.

Trevor Fairall, Head of Financial Intelligence at Macquarie Banking and Financial Services Group and a member of the Association of Certified Fraud Examiners, says small businesses are often more vulnerable to these types of fraud as they tend to have less internal controls in place.

“We’ve seen examples with our own clients,” he explains. “In one case, money was siphoned over a three-year period by a trusted employee. The accounts were manually reconciled by the same person, so she was only exposed when someone took over her role while she was on annual leave.”

Five ways to protect your business from internal fraud

1. Set up internal invoice and payment controls

Do you have an approval process for all invoice payments? Are the duties for banking and bank reconciliation separated? Make sure cash and cheques are deposited daily, and split duties for invoice creation and authorisation – or require two authorisations over a certain amount.

2. Enforce continuous annual leave

It’s good practice to ensure all employees have at least one period of two weeks consecutive leave, and that someone takes over their responsibilities during this time. Fresh eyes can pick up irregularities. “Rotating roles can also help with detection,” notes Trevor. You don’t want one employee gaining a monopoly over a particular process.

3. Get smart with technology controls

Don’t let users share passwords for online platforms, and make sure staff secure their passwords and PINs, otherwise it will make it much harder to detect the person responsible for the fraud.

4. Conduct unscheduled audits

Carry out both scheduled and unscheduled audits on all financial and operational processes.

5. Know who you’re working with

Carry out thorough background checks on new staff, as well as contractors and suppliers. If you’re conducting an employee background check, speak with past employers, check for criminal convictions and verify their education and certifications.

It’s also important to create a workplace culture that values integrity. Give employees responsibility for their actions, and make sure they understand the consequences – for example, if they are responsible for authorising payments, they need to verify the account details and should never authorise payments where details are incomplete.

"A code of conduct is important, even if it’s just one line, as long as it is adhered to and practised by management as well as all employees," says Trevor.

Need help securing your online banking access?

Your Macquarie relationship manager can tailor your banking to meet your needs and business structure. Some simple business processes can help you to greatly reduce the risk of fraud - and could also unlock efficiencies and cost savings at the same time.

Five ways to protect your business from internal fraud

  1. Set up internal invoice and payment controls
  2. Enforce continuous annual leave
  3. Get smart with technology controls
  4. Conduct unscheduled audits
  5. Know who you’re working with
Did you mean [[state.suggestion]]?
Sorry! [[state.errorMessage]]
Sorry! No results found, try different keywords.
If you enjoyed reading this article, why not share it?

Simply copy and paste the text and include a link to the article. Please read the Expertise Articles Terms of Use before sharing.

The information on this page has been prepared by Macquarie Bank Limited ABN 46 008 583 542 (AFSL and Australian Credit Licence 237502) and does not take into account your objectives, financial situation or needs. Before making any financial investment decision or a decision about whether to acquire a financial, credit or lending product, a person should obtain and review the terms and conditions relating to that product and also seek independent financial, legal and taxation advice. All applications are subject to Macquarie’s standard credit approval criteria. This information is intended for recipients in Australia only.

1Source: PwC Global Economic Crime Survey 2014 .

Except for Macquarie Bank Limited ABN 46 008 583 542 AFSL and Australian Credit Licence 237502 (MBL), any Macquarie entity referred to on this page is not an authorised deposit-taking institution for the purposes of the Banking Act 1959 (Cth). That entity’s obligations do not represent deposits or other liabilities of MBL. MBL does not guarantee or otherwise provide assurance in respect of the obligations of that entity, unless noted otherwise.