Managing fraud risksManaging fraud risksManaging fraud risksManaging fraud risks
  • About
  • Get Involved
    • For business
    • For everyone else
    • Campaign materials
  • Events
    • Live webinars
    • On-demand webinars
  • Toolkit for Business
    • Our guides
    • Common myths
    • Case studies
  • Fraud Watch
✕

Managing fraud risks

March 2, 2023

Fraud is much more common than most people imagine. It can happen to any business, including yours. That makes managing potential fraud risks an essential part of good business practice. This guide explains how to make a solid start managing your own fraud risks, with practical steps to help keep your business safe.

Managing fraud risks

How to keep fraud out of your business

Fraud is much more common than most people imagine. It can happen to any business, including yours. That makes managing potential fraud risks an essential part of good business practice.

This guide explains how to make a solid start managing your own fraud risks, with practical steps to help keep your business safe.

What is Fraud?

Put simply, fraud is stealing by deception.

If somebody lies to steal money, property or data, then they have probably committed fraud.

Fraudsters aren’t always who you would imagine. They could be a trusted colleague, a relative, a supplier, or a customer. But they could also be someone you don’t know – perhaps pretending to be someone you do.

This can mean complicated technical attacks on computers, networks and mobile devices – such as hacking, phishing, ransomware and DDoS (distributed denial of service) – or using computers and the internet to commit traditional crimes like harassment, bullying and fraud.

Fraud takes many forms.

  • Submitting a false invoice.
  • Buying something using fake or stolen card details.
  • Making an inflated claim for business expenses.

All these are common examples of fraud.

Case study

What happens when the world changes and your financial controls don’t keep up? A bookkeeper was able to steal more than £32,000 from a family-run drinks business when she was required to work from home during the pandemic. Unsupervised and unobserved by colleagues, the fraudster spent months stealing from the company’s PayPal account to shop and gamble online.

Why is it important to manage your risks?

If you haven’t been targeted yet, you are in a fortunate minority.1 Actively managing your fraud risk, and not leaving it to chance, is good for business and good for your bottom line. Preventing fraud – or at least spotting it early and putting a stop to it – can head-off financial losses and reputational damage and might even save your business from collapse.

1 PWC (2022). Global Economic Crime Survey 2022: UK Findings

What does it mean to manage fraud risks?

It means implementing procedures that are proportionate and proactive,Fraud Management Lifecycle but which don’t have to be expensive or complicated.

Ideally, aim to progressively build fraud resilience into every part of your business.

  • Use hard controls (such as secure passwords and system access restrictions) as well as soft ones (policies and procedures that are clear and well communicated).
  • Get every member of staff and management, at every level, actively involved.
  • Look beyond your organisation. Reach down through your supply chain to work with your suppliers, then out to the very front line of the business to your customers.

Watch out for these common risks

Cybercrime

Crime committed online. It might be a hacking; phishing; ransomware or DDoS (distributed denial of service) attack on computers, networks and mobile devices; or using the internet to commit a traditional crime like harassment, bullying or fraud.

Staff fraud

An employee using their job to commit fraud. This can happen at any point, from hiring to leaving. Common examples include lying on a job application, forging documents to inflate expenses, and stealing stock or data to misuse or resell.

Financial statement fraud

The deliberate altering of financial statements to conceal the true business position or performance. Common examples include creating bogus sales, inflating the value of assets or concealing debts.

 

Procurement fraud

Fraud in the buying of goods, works and services. This can happen at any stage, from initial decision-making to final delivery. Frequently two or more people will cooperate (or conspire). Often they will work for the victim and/or one of its suppliers. Sometimes several suppliers will work together to defraud a customer, which could be you.

Payment fraud

Using stolen or cloned card details to make purchases, often via online transactions, over the phone or by email (so-called ‘card-not-present fraud’).

Fraudsters also impersonate genuine suppliers (or other trusted third parties such as banks, the police or HMRC) so that legitimate payments are diverted into bank accounts that they control.

To find out more about these frauds check out our toolkit at here.

Case study

A highly-paid manager was jailed for five years after stealing £5.2m from the religious charitable trust that employed him for eleven years. In spite of previous theft convictions, he had been put in charge of bank accounts and grant-making, then left unsupervised. The fraud only came to light thanks to a change of management.

Responding to risks

Once you understand the risks you can respond in one of four ways. Which one you use will depend on how much risk your business is ready and able to accept (this is your so-called ‘risk appetite’).

  • Accept it: Perhaps the risk seems tiny or the cost of reducing it is too great.
  • Transfer it: Typically to a third party, like an insurance company.
  • Tackle it: Perhaps by implementing controls to reduce the likelihood or lessen the potential impact
  • End it: By halting whatever activity is creating the risk in the first place.

Case study

An indebted finance assistant with a gambling addiction stole more than £23,000 from her employer by creating fake invoices to conceal payments she was making to herself. When the owner first uncovered the fraud he agreed a repayment plan with the now-departed employee. The police eventually became involved when the woman could no longer honour the agreement.

A checklist

Ask yourself …

  • What fraud risks are we exposed to?
  • How bad could things get if each risk became a reality?
  • How often might that happen?
  • What can I now do about the risks and consequences I’ve identified?

Do …

  • Be crystal clear with all staff and suppliers that your business takes every fraud seriously.
  • Make regular, well-informed assessments of the risks you face. And involve your staff!
  • Include fraud on your risk register and review it regularly.
  • Make sure someone with sufficient authority is responsible for overseeing all fraud matters.
  • Clearly set out the standards of behaviour expected of staff, suppliers and other third parties. Formal policies covering fraud and conflicts of interest can help you do this.
  • Using communications and training, embed fraud prevention culture and thinking throughout the business.
  • Exercise appropriate due diligence when selecting staff, contractors, suppliers and others, both as a form of risk assessment and a means of mitigating risk.
  • Have a simple, hassle-free way to raise concerns about fraud. Make sure it is available to staff and anyone you do business with.

Don’t …

  • Expect staff to understand the term ‘fraud’ if you haven’t defined it for them.
  • Underestimate the importance of a strong ‘tone from the top’. When owners and managers are seen to follow the fraud prevention standards set by the business, employees are much more inclined to do the same.
  • Adopt generic control policies and procedures across the business – risks often vary across operations, so responses should too.
  • Assume that ‘once is enough’ when communicating anti-fraud policies and procedures to staff. Training needs to be refreshed and re-delivered regularly.
  • Encourage staff to confront suspected fraudsters and/or investigate their own suspicions. It could be dangerous or cause evidence to be destroyed.
  • Ignore red flags. Make sure risks are addressed.
Love business hate fraud logo

This practical guide highlights some of the potential staff fraud risks to your business. But business fraud comes in many other guises. It makes good business sense to find out more. Go to lovebusiness-hatefraud.org.uk or follow the campaign on Twitter and LinkedIn.

Thanks to Lucy Cryan from StoneTurn for kindly writing this guide.

Published March 2023. © Fraud Advisory Panel and Barclays 2023.

Fraud Advisory Panel and Barclays will not be liable for any reliance you place on the information in this material. You should seek independent advice. This work is licenced under a Creative Commons Attribution[1]NonCommercial-NoDerivatives 4.0 International Licence’

cc_by-nc-nd

This work is licenced under a Creative Commons Attribution[1]NonCommercial-NoDerivatives 4.0 International Licence’

Download our guides

Download the full guide »
Download checklist »
Share
Fraud Advisory Panel logo
  • Contact us
  • Privacy notice
  • Cookie notice
  • Terms & conditions
  • Accessibility
Fraud Advisory Panel is a registered charity in England and Wales (1108863) and a company limited by guarantee, registered company in England and Wales (04327390). Registered office: Chartered Accountants’ Hall, Moorgate Place, London EC2R 6EA.

© Fraud Advisory Panel 2023. All rights reserved.
0

£0.00

✕

Login

Lost your password?