Fraud hot-spots in Risk Management
Well, hello.
I’m going to talk in this session about fraud. In particular about fraud hotspots, one of the things that I think many organisations struggle with is where are they going to focus their efforts in terms of fraud control?
Organisations have fraud control plans and they have fraud risk registers, but are they actually managing those fraud risks?
We saw last year, in 2013 Joel Barlow, sentenced to 14 years in jail for embezzling $16.6 million from Queensland Health. Now, how did that occur?
Well, in the wash up by the Judge, it talked about human failings and systemic weaknesses. I believe one of the issues many organisations struggle with identifying where they need to focus that effort, and I use what I call fraud hotspots.
So, a fraud hotspot is anywhere where the consequences that arise from the fraudulent activity will be significant. So once again it’s almost around consequence based internal auditing and consequence based risk identification that I’ve talked about before.
So essentially we look around our organisation and we look at things like procurement, where we’re actually doing financial transactions, where we’re actually storing or managing our inventory, our assets and things like that. Have a look those and determine what could the maximum consequences be if there was a full on fraud in those areas?
And what you’ll find is that you can then go along and ask the question how vulnerable am I to that fraud, and in doing so you can strengthen or put new controls in place to minimise those vulnerabilities.
Too many organisations focus in on like things like cab charge dockets or credit cards with only a couple $1,000 limit on them and their continually auditing to make sure people are not using those inappropriately and sure, that is a big part. But what we are not doing is focusing in on those areas where the consequences are extremely high.
How Joel Barlow was able to prosecute that fraud for four years and $16.6 million without it being discovered is a matter for the Queensland Health obviously to work out, but obviously from my perspective if they did have control in place they weren’t effective.
So in summary identify your fraud hotspots, check out the vulnerabilities to those particular fraudulent events in those areas, strengthen those controls or add new controls in there and then make sure they’re effective, and that will limit your exposure to fraud.
That’s all I have for this session. As always let’s be careful out there.