1. Erratic reporting
Erratic, incomplete, late or excuse laden management reporting is often a classic sign that something is wrong. And that goes for anyone, from internal departments to suppliers. If you’re worried, insist on reporting within a set timetable.
Diligence about anti-fraud measures tends to weaken over time – especially when things get busy. To combat it, keep people up to date on training: it helps to reinforce attitudes and practise.
3. Erase and rewind
A cry of, ‘I’m sorry, those files were destroyed’ should be cause for alarm, particularly where international operations are involved, where it’s much harder to find or recreate evidence. Take care to keep track of where documents are, and identify who is in control of system processes.
4. That niggling feeling…
Factual inconsistencies will also occur naturally, but the fraudsters like to use that to explain inconsistencies. To minimise the chances of that happening, make sure all files are electronically stored, with appropriate back-ups as part of your compliance systems, and that the ‘delete’ button is kept under lock and key…
5. Time delays
Excuses, confusion or wild goose chases when disclosing to auditors, be they internal or external, are another telltale sign. So make sure everyone treats audits as important, and that they’re completed on time and properly. If there have been delays, investigate why this was the case by drilling down into the detail.
6. Behavioural anomalies
These range from acute defensiveness and resistance to attending review meetings to blaming strategies or even aggression when specific questions are asked about processes or figures. Having your HR department more closely involved should help to sort this out: most behavioural anomalies are usually noticed by HR staff. Research shows that internal fraudsters are most likely to be either ‘youngsters who cut across the processes and systems’ or ‘middle aged executives with the authority and a gripe’.
7. Gossip mongering
Staff whispers and rumours that all is not right should be taken seriously.
8. Trust twitchy non-execs
Good non-execs provide a considered, independent and external perspective. Often, they bring in expertise from outside the board’s immediate experience. If they seem uncomfortable about something that doesn’t add up, they often have good reason to worry. So must you.
9. Beware unofficial IT workers
Technical staff conducting unsupervised IT activity, often outside normal hours, can also be a worrying sign – both from a risk and a cost perspective. Make sure you have someone to keep an eye on IT contractors, looking out for data-theft, IPR theft, time theft (people spending all day on facebook etc), or simple theft of IT assets.
If people aren’t sure of their actual responsibilities, it can effectively cover up what’s going on with those who do have responsibility or power in a situation. The fraudster’s hope is that should the balloon go up, the scapegoat takes the blame, so make sure people are doing what is required of them.