Why does so-and-so never take a holiday? It could be that they are adding to the huge losses British business suffers through company crime.
'People tend to think that fraud only happens in big companies - that with just 20 staff you're fine,' says Andrew Farrall, fraud examiner and industrial security consultant. Then he passes you a clipping from The Times of 11 November last year. This tells the story of 'dear old Phyllis', 60-year-old grandmother and loyal book-keeper to a small firm of printers in Twickenham. 'A very nice lady, very placid,' says one director. Phyllis had been with the company for 14 years - a model worker, putting in hours of unpaid overtime, and turning in meticulously tidy accounts. And all this on just £19,000 a year! This was exemplary behaviour indeed.
Well, so it was, but not quite in the positive way her employers assumed. For it turned out from the chance discovery of a wrongly filed invoice - noticed while she was on holiday - that dear old Phyllis had been systematically falsifying the firm's VAT returns, thereby draining a cool £180,000 from the business over a period of five years. 'It's horrifying - it nearly killed the firm,' comments Farrall. 'It's also really pitiful,' he says, because this steady programme of theft could have been detected long before. It was in many ways a classic case. The 'faithful old retainer', in a position of considerable responsibility but on modest pay, is one of the stock characters in stories of internal theft and fraud. All that unpaid overtime and those unblemished accounts should have sounded the alarm. And the firm's managers should have conducted simple spot checks, such as checking invoices with customers and suppliers.
Instead, dear old Phyllis's case joined the huge number of thefts from British business - thefts by insiders and customers that add up, according to one estimate, to a total greater than the country's entire non-military research budget. Exact figures are not known, because the Home Office, regrettably, does not differentiate between crime against private individuals and that against business. UK companies, meanwhile, are still generally unsystematic in the way they record information about crime - and in thinking strategically about how to prevent it, comments Michael Levi, professor of criminology at the University of Cardiff. Manufacturers and wholesalers tend not to keep detailed records, and to treat internal theft as a business loss, provided it remains 'tolerable', he says.
But while it is true that certain businesses involving the handling of cash - shops, restaurants, amusement arcades - are most vulnerable, all sectors of industry are subject to fraud and to the theft of stock, components or valuable information, whether through tanker drivers selling off petrol deliveries to garages, or employees nicking computer components from the office computer so as to upgrade their home machine, or the undertaker's receptionist who sells on news of the recently deceased to a rival firm. And although most companies are very reticent about discussing the matter on the record, the problem is universally acknowledged in private.
The 1989 report from the CBI and Crime Concern, Crime - Managing the Business Risk, although statistically out of date, gives some idea of the possible overall scale. This estimated that crime against business costs well over £5 billion a year, and remarked that some estimates put the figure at over £10 billion. The construction industry alone was thought to lose some £500 million a year from theft. Shareholders in UK retail companies were enjoying 'half the dividends they might reasonably expect' and 'every employee on average is losing £10 a week in wages' as a result of crime against business.
Greater statistical detail emerges from the pioneering work of the British Retail Consortium, whose second annual survey of retail crime, Retail Crime Costs, was published earlier this year. This reported that during the financial year 1993/4 retailers lost stock worth £748 million through customer theft (up by 40% on the year before, although most of this increase was probably due to more accurate recording) and almost as much through staff theft and fraud, which was up 9% to £679 million. Chemists, clothing stores, DIY shops, newsagents, mixed retail and grocery stores suffered especially, although in relation to turnover, bookshops were also a tempting target for shoplifters. When it came to customer theft, the retailers responding to the survey actually witnessed some 4.8 million 'incidents', although the authors of the report suggest that the true number of incidents was closer to 16 million. Witnessed or apprehended thefts and fraud by staff numbered some 35,000, although, as with customer thefts, most 'incidents' go unnoticed.
As the 1989 report remarked, 'Sometimes numbers can shock.' Thus, for example, customer and staff theft in 1993-94 amounted to just under 1% of turnover across all retail sectors (total crime losses, including burglaries, arson and criminal damage came to 1.4% of turnover). But many retailers experience losses of around 2% of turnover, while in business as a whole, a loss of 2% is frequently regarded as normal. For some companies, this could be the difference between profit and loss. And, as the 1989 report reminds us, to view the losses from theft as a percentage of turnover is to underplay their significance. 'It is not only the profit that has been lost; the reality is that the business has lost - in the case of stock - not only the margin, handling charges and similar overheads, but also the cost price itself.' Shocking, perhaps - were it not that the British generally display a remarkably unshocked attitude towards theft from companies, which they do not regard as a real crime. A combination of the Robin Hood principle and the familiar British disdain for business and trade, resulting in a low regard for corporate ethics and thence a sense that companies get what they deserve, evidently still runs deep in the national psyche.
Sheena Carmichael, founder of Crime Concern, co-author of the 1989 report and now a business ethics consultant, comments, 'In the UK, cheating companies is seen as very different from cheating your neighbour or the small shopkeeper down the street.' In the US, by contrast, she remarks that the majority have no problems with equating major fraud with muggings or manslaughter when it comes to sentencing the perpetrators.
These attitudes have their effect on attempts at deterrence. One owner-manager of a number of shops in a well-known high street retail chain observes that 'Customers do not actually like to see shoplifters being caught' - which is why she has her doubts about supposed deterrents such as looming security guards and louring overhead cameras, which can put off customers rather than shoplifters, she believes. 'There's no sympathy for the company,' she says. 'People always think the company can afford it.' Staff stealing stock, she adds, think likewise. 'Most staff don't think it's wrong to steal stock.' Commenting on the motivation behind staff theft, Levi says, 'Obviously employees who steal do so because they need some money, but that's only part of the reason. They also think it is socially and ethically acceptable.' Some may claim to steal only from the larger, more powerful organisations: Levi is not impressed, pointing out that supervision is often tighter in smaller organisations, making theft more difficult. Others may justify themselves by saying they steal only small amounts or small items, but there is, he remarks drily, a certain elasticity to the definition of 'small'. Besides, it is generally safer to steal small things, he adds.
Carmichael puts it less sceptically: 'Levels of crime reflect the levels of fairness in an organisation. Employees who feel they are being ripped off by their bosses look to get their own back by helping themselves.' But she also stresses a different point: 'With the growing diversity of the workforce, it is not safe to assume that all employees have the same ethical values as those running the business ... The average boss will say, "We're all very ethical here" - but until you sit down and discuss ethical questions face to face, how do you know?' she asks.
Carmichael points to the gulf between the values of British management - by and large still a 'socially homogeneous group of white males'-and the attitudes of young people, as revealed in the recent study by Demos, the left-wing think-tank. This showed that the young do have a strong value system when it comes to concerns about the environment, for example, but that concepts of property and ownership do not figure. She also remarks on the reluctance to acknowledge that employees or colleagues might be stealing or committing fraud:'The denial mechanism is very strong'; and 'It couldn't happen here' is a common refrain (until events show that it could). In addition, employees in the vast majority of UK companies have no accepted means of voicing suspicions - no helpline, no formalised procedures - and since relationships at work can be profound, feelings of personal loyalty will usually override any sense of duty to the company.
It is for these reasons that Carmichael believes that the route to preventing theft and crime within a company lies through formalising or 'operationalising' its ethics. 'The solution lies in having an overtly ethical organisation,' she urges. 'The time has passed when you could rely on unspoken assumptions or unwritten laws.' She also warns that a code of conduct by itself is worth nothing. Companies should begin by conducting ethical audits, face-to-face interviews to find out the gaps in perception and values between management and staff; and then put in place the appropriate structures - a senior member of staff as ethics officer and ombudsman, a helpline, thorough training, regular opportunities for debating ethical issues and ways of monitoring effectiveness. Since the introduction of Sentencing Guidelines in 1991, these measures have become common practice in the US.
Certainly, most experts agree that crime prevention should be treated as a strategic business issue, not, as so often happens, under the heading of 'security' and seen as a stand-alone department whose remit is primarily that of ensuring that locks, bolts and security systems are in place. Crimes are committed by people, and it is the people in the company from top to bottom who are the real key, stresses Crime Concern. It is especially important that top management sets the right tone, displaying a visible interest in ethical behaviour and strong controls.
Dixons, whose electronic wares are an obviously desirable target for thieves, provides a good example of a company with an integrated security strategy, where security issues are taken into account in all mainstream business decisions. The accent is on risk analysis for existing and proposed business. Databases are used to analyse reported crime and to identify out of the ordinary trading patterns - always a warning sign. A multi-disciplinary security department routinely reviews all company exposures. Security policy is publicised through staff training, videos, newsletters; staff are seconded to work on security projects; and a task force of senior managers regularly reviews key business operations to identify potential vulnerabilities.
Meanwhile, there are also numerous practical measures that companies can and do use to stop theft. Advances in Electronic Point of Sale (EPOS) technology, for example, are making it more difficult for potential shoplifters to saunter out with their chosen goods since said goods will sound the alarm unless cleared by the EPOS pen. New EPOS systems also make it very much more difficult for staff to help themselves from the till.
At the moment, one favoured technique, particularly when customers proffer the correct change, is to 'under-ring' - ringing up £2.10 instead of £22.10, say, and then making a little note of the extra £20 in the till so that winnings can be discreetly withdrawn later in the day. This is why sharp-eyed managers watch out for any signs of totting up figures and for receipts in the bin; it is also one reason why security companies employ 'mystery shoppers', to observe how the cashier handles transactions. But with the latest EPOS packages, this and other such scams will be virtually impossible. Similarly, the latest inventory technology, which tracks components at each stage of the manufacturing process, now makes the theft of components or equipment more difficult. And according to David Benn, founder and managing director of Lorraine Electronics Surveillance, sophisticated bugging devices are now being used by 'most quoted companies' to detect theft and conspiracy at work.
Smaller companies unable to afford such wizardry can still apply the tools of common sense. Says consultant Farrall: 'I don't advocate paranoia. I do advocate management controls.' These should include simple spot checks, picking an invoice at random, for example, and ringing up customers and/or suppliers to see if their records tally. Dear old Phyllis, he explains, would send out a bill for, say, £117.50 VAT zero-rated, enter it in the books as £100 zero-rated; hold the remaining £17.50 in a suspense account; and then 'lose' the amount to a dummy company.
So, Farrall advises, check whether so-called suppliers actually exist: they should be in the phone book, after all. Introduce a system of checks and balances when signing cheques. Don't be taken in by complicated expense claims. Check that the delivery and packing notes are the originals (they are likely to be crumpled, not pristine). Check on petrol consumption: if one of your fleet is achieving only three miles per gallon, something is clearly amiss. Scrutinise the dates and places of invoices for petrol. Watch out for high levels of refunds or returns for credit, high levels of scrap and seconds and high levels of claims for delivery shortages. Payroll fraud is a popular dodge: so compare the number on the payroll with the number walking out of the building. Is more than one payment going to the same account? If it is a case of husband and wife, fine; but when there are five people sharing the same bank account your are entitled to be suspicious.
All this, Farrall advises, should be openly executed. 'Announce that you are going to spot-check everybody's accounts, because at the end of the day it will affect everybody in the company.' If you uncover creative expense accounting, for example, 'Bounce the culprit publicly. Make it clear that you have found fraud, and that you protect the company's assets. Otherwise it becomes part of the business culture.' Managers tend to expect their external auditors to uncover fraud, but in this they are mistaken, he warns. Auditors think like auditors, believing what people tell them and relying on internal controls. A good external consultant is very much more useful - someone who 'comes in with a jaundiced view of life', as Farrall puts it, who is unembarrassed at asking questions over procedures. Why six copies of an invoice, for example? Why are certain members of staff regularly working such unusual hours? Why does so-and-so never take a holiday? The answer could be, the fear of being found out.
Finally, in the words of the 1989 CBI/Crime Concern report: 'To achieve long-term success, senior management needs to recognise that the risk of crime never goes away. The problem will never be finally solved. It needs regular attention - from the top.'