Book Review – Fraud Risk

Last year I was approached by Gower Publishing and invited to review their Short Guides to Business Risk Series, a task I happily agreed to do since most of the topics covered in the series directly or indirectly link up with supply chain risk, which is what I mainly blog about.  It’s been a while since the last review, but here I go again, and the latest book on my nightstand this time is A Short Guide to Fraud Risk, co-written by Martin SamociukNiger Iyer and Helenne Doody. It is a fascinating book, showing how easy it may be for employees, customers, clients and consultants to commit fraud, and how easy it may be to prevent this. It is a book that anyone working in procurement or supply chain management should read and ponder.

Gower Short Guides to Business Risk

The series covers topics such as reputation risk, political risk, fraud risk, ethical risk, procurement risk and customs risk, and with more topics on the bedding: operational risk, compliance risk, kidnap and ransom risk, corruption risk, equality risk and how to facilitate risk management. So far I have completed 5 out of 13 on the list of books in the series, and I must say that these are indeed fine guides to the world of business risks. Speaking of which, Gower plans to publish even more books on fraud risk and security in 2011.

Detecting and handling fraud

While I could have cited page after page from this book, to me, the most interesting chapter from this book is the one that deals with how to detect and handle fraud. According to the authors, the two most efficient ways of detecting fraud are:



  1. Training employees to recognize and respond to the signals or “red flags” of possible fraud.
  2. Pro-actively seeking out the red flags as a “pre-emptive health check”.

While one’s own employees are the best detectives in spotting signs of fraud, they may also be the worst, as it is human nature that most honest people simply cannot believe that a colleague, manager or third party is intentionally dishonest. However, perhaps Paul Cousins was right when he wrote that all firms are snakes? Does that apply to one’s own employees as well?

Red flags

How to detect fraud or attempts at fraud? Well, there are some typical behavioral patterns or red flags that might signal that something could be wrong, and these red flags are divided into behavioral, transactional, system and corporate red flags

The behavioral red flags:

  • obvious excessive wealth or gross over-spending
  • increasing debts and lack of wealth
  • long absences or failure to take leave
  • long hours after normal business hours
  • repeated override of controls and procedures
  • problems with gambling, drug or alcohol abuse
  • excessive mood swings and sudden aggression
  • resistance to audit by aggressive answering and deflection of attention
  • misleading or ambiguous answers to questions

The transactional red flags:

  • unusual supplier relationships
  • unusual business intermediaries, e.g. companies with no employees or offices, based in tax havens and with PO Box addressees only
  • non-transparent counterparts with indications of criminal associations
  • payments for goods or services that are only vaguely described
  • preferential supplier treatment and/or lack of competitive tendering
  • payments to offshore accounts and companies not in the usual customer base
  • kickbacks paid to management using a tax haven vehicle
  • slush fund payments to and from offshore accounts
  • money ostensibly for bribes paid into management or employee accounts
  • hiding conflicts of interest using a cascade of offshore companies to disguise ownership
  • unusual delivery of “urgent” payment instructions, by mail or courier
  • photocopied documents rather than originals
  • unnecessary and/or non-standard words or explanations to make it appear more legitimate
  • appearance or style not consistent with normal business of the customer
  • beneficiary spelt incorrectly or mismatching with account number

The system red flags:

  • controls or audit logs being deliberately turned off
  • logins by personnel verifiable on leave
  • a higher number than average of failed login attempts
  • logins at unusual times

The corporate red flags:

  • over-zealous acquisition strategies with little screening and lack of due diligence
  • autocratic management decisions concerning business relationships and supplier selection
  • losses and declining margins on sales
  • artificial barriers put up by directors refusing to answer questions
  • overriding of budgetary controls
  • incomplete records
  • unusual manual transactions, adjustments and amendments to records

That is an impressive list of red flags, and while there obviously could be many legitimate reasons for seemingly illegitimate behavior, these behaviors should indeed raise some red flags within the firm. It is perhaps better to investigate one time too many than one time too little.

Pre-emptive health checks

Pre-emptive health checks can identify many of the read flags early on in a potential fraud, or at least stopping it before major costs are incurred or expensive investigations need to be carried out. Most importantly though, if these health checks are routinely performed, they create a strong deterrent to anyone thinking of committing fraud.

Types of fraud detection tests

  • analysis of computer transactions and data
  • analysis of indicators related to individuals
  • analysis of documents
  • analysis of third parties – such as customers, suppliers, existing and potential new business partners

Pre-emptive detection – sales

  • Analysis of sales transactions shows consistent net under pricing to particular customers
  • Analysis of customer addresses shows several customers operating from the same address or sharing phone numbers or even bank accounts
  • Employee travel expense patterns indicates excessive visits to certain customers
  • A visit to the customer’s address shows that this is not an office, but a “drop address” only
  • Documentation of sales orders is scant at best, appears thouseo have been faxed and could have been prepared in-house

Pre-emptive detection – purchasing

  • Totals of supplier invoice amounts greatly exceeds what is registered in the purchasing system of the supplier
  • Supplier invoice numbers are sequential over an extended period of time
  • An employee is director or owner of a company that could be used or is already used as a supplier
  • The supplier’s head address is a residential address
  • The invoices only show scant or inconsistent details of the supplier

Pre-emptive detection – consultants

  • Check whether the consultant holds top positions in other companies, has court judgements or a history of bankrupt companies
  • Check whether the consultant has relationship with other suppliers
  • Map the network of consultants and determine how many of them are in key positions with the supplier and what real decision that are taken by them
  • Analyse suppliers and consultant records to indicate hidden relationships between them (phone numbers, addresses etc.)

Pre-emptive detection – bribes and commissions

  • Review suppliers in the supplier register and compare to recipients of one-off payments to detect whether the bank account or company is registered in a tax haven or at a known front company
  • Review payments to check for unusual large round sums, one-offs or payments made in a hurry

Pre-emptive detection – inventory and transport

  • Analyse cost pattern in major expenditure projects to highlight costs that have been added in at a later stage
  • Examine material and stock certificates to reveal falsified documents for substandard goods sold at premium price
  • Analyse stock to reveal non-standard stock and suspicious stock movements, e.g. goods bought for private purposes and written off
  • Analyse warehouse records to identify suppression of theft of stock using write-offs or unusual adjustments

Pre-emptive detection – senior management fraud

  • Open source research into directorships and positions in external companies to reveal potentially conflicting business interests
  • Detailed analysis of recent high value expense claims to identify possible non-company or personal expenses
  • Analysis of accounts controlled by senior management, along with their account descriptions to identify spurious accounts and cost codes, followed by an analysis of unusual transfers and transactions to or from these accounts
  • Analysis of original expectations proposed by senior management and the actual outcomes of major decisions such as major acquisitions, joint ventures and disposals to identify any adverse information that was kept hidden

A well-designed health check will quite likely uncover an ongoing fraud, or perhaps even multiple fraud, and this can often come as a great shock to managers and employees alike, which is why it is important to present the results sensitively, but firmly, and – most importantly – backed up by clear evidence.

Building a corporate culture

Fraud detection must start with building a corporate culture where fraud is not accepted. That is something that takes time, and it is not easily established, particularly in large, multinational corporations, especially if there are offices or subsidiaries in countries and places where fraud is perhaps the order of the day. Nonetheless, I believe that using this book as guideline can be a small yet significant step in the right direction. It is all about finding out who are your friends and who are your foes, as John Gattorna writes.

The verdict

I must admit that I could have covered a lot more ground from this book than I did in the above review, but I think that’ll have to suffice as a teaser. It’s a well-written book, clear, concise and well-structured and it should be on every manager’s shelf (and for that matter, every employee’s shelf, too).

Reference

Samociuk, M., Iyer, N., and Doody, H. (2010) A Short Guide to Fraud Risk. Farnham: Gower Publishing

Author link

Publisher link

Buy this book

Related posts

Posted in BOOKS and BOOK CHAPTERS
Tags: , , , ,

ARTICLES and PAPERS
A new supply chain perspective: The supply chain life cycle
It is not often that I come across papers with a holistic view of the supply chain as a living and d[...]
SCRIM is the new SCRM
Does supply chain risk management SCRM need another model? Perhaps. That's what a group of academics[...]
BOOKS and BOOK CHAPTERS
Book Review: Creative Destruction
Like with so many of my other recent book reviews I came across Nolan and Croson's book, Creative De[...]
Risk Management Simplified
Risk management. Why make it difficult when you can make it easy? That is perhaps what Andy Osborne [...]
REPORTS and WHITEPAPERS
Assess the vulnerability of your production system
So far I have reviewed "international" literature and web sites, and it is only fitting that now it [...]
Saving Norway's crumbling infrastructure
NTP 2010-2019
Following up my post this morning called "D-Day for Norway's Transport Infrastructure", the numbers [...]