21 Jun 2011 Don’t trust anyone – especially in finance
Do you know anyone that fits this description? Male, 36 to 45 years old, works in the finance function or in a finance-related role in a senior management or board position and employed by their company for more than 10 years? Yes? Well according to a survey just published by KPMG, they’re amongst the most likely to be committing fraud.
Surprised? You shouldn’t be. The longer someone spends within an organisation the longer they have to understand the controls that are in place to prevent fraud and the longer they have to build a network of people who trust them.
It should also come as no surprise too that procurement related fraud features highly. Embezzlement and/or procurement fraud accounted in aggregate for just over 50 percent of the 348 cases KPMG reviewed. Examples include false billings by a supplier to fund kick backs to a senior employee; employees accepting bribes from a contractor in exchange for signing off inflated project costs; and supplier collusion with victim company employees leading to over-billing.
The lack of controls in some organisations is astounding. Anyone with system administrator access to the finance system is effectively entrusted with the keys to the safe yet user names and passwords on sticky notes are common place. And even when there are controls in place, it’s not unusual for senior people to abuse their power and put others under pressure to break the rules.
Don’t trust anyone
When managers trust their staff to do a job without micro-management – that’s empowering. When staff are trusted to work unsupervised at home – that’s common sense, but when trust means handing over the keys to the safe or giving people inappropriate levels of authority with no controls that’s just plain stupid. Controls are there so you don’t have to trust people. Use them.
Procurement and finances are amongst the most vulnerable parts of any organisation and it is incumbent on leaders to ensure that proper purchase to pay processes and controls are in place at all levels of an organisation to ensure that the risk of fraud is minimized. And where it’s not in place and fraud happens – they’re culpable.