Employers leave gaps for in-house fraudsters

Convicted fraudsters say firms often make it "staggeringly easy" for staff to act illegally

Lax financial controls at many companies make it easy for staff to steal from their employers, according to a survey of convicted fraudsters published this week. Experts said better business intelligence (BI) and identity management technology, as well as improved business processes are needed to tackle the problem, which is estimated to cost UK companies £2bn a year.

The study by risk management consultancy Protiviti involved interviews with convicted fraudsters and found most believed it was “staggeringly easy” to avoid detection. Many also agreed they had been caught “by accident”, rather than because of rigorous anti-fraud processes.

Mike Adlem, managing director at Protiviti, said those surveyed represented “the tip of the iceberg”. He added that surveys consistently found employees are the most common perpetrators of fraud and that such frauds are under-reported because firms tend to deal with offences internally.

Firms’ desire to believe their employees are trustworthy means many fail to take relatively basic IT security measures to reduce fraud, Adlem said.

For example, giving staff access to systems that are not relevant to their roles often enables fraud. “Ensuring passwords are changed and people only have access to the right systems helps to prevent crime,” said Adlem. “These are basic controls, but too many firms aren’t putting them in place.”

Business intelligence and data-mining tools can also help to detect employee frauds by spotting financial anomalies, said Peter Dorrington, head of fraud solutions at BI vendor SAS. “These technologies are not being used widely enough [to tackle fraud],” he added. “There is a lack of understanding that BI can be used in this way.”