By Gill Myers Study tips It’s not fraud if I make a call on company time, is it? 11 Apr 2023 We’ve all borrowed a mate’s ID, stretched the truth on our CV, or underestimated our regular outgoings when applying for a loan, haven’t we? And that’s alright, isn’t it? As long as we’re not doing any harm because it’s not as if we’ve stolen anything, or have we? Actually, all of those examples are fraudulent. And whilst they may not seem very serious, a stretch of the truth as opposed to an outright lie, this type of behaviour can lead to more serious incidents. Being occasionally late to work, that turns into taking a day off sick unnecessarily, is clearly stealing time; fraud and theft are closely related and often, cases of fraud are also theft. Fraud occurs when there is intentional deception which results in an unfair or unlawful gain, or in avoiding an obligation, or causing loss to a person or an organisation. It is one of the areas organisations have to manage in terms of risk. I’ve written other articles about risk as it is a topic covered at each level of AAT’s qualification. The first focuses on the difference between uncertainty and risk, and the second on risk management and the use of the TARA framework to help inform decisions about how to manage risks. If you haven’t read them, then just follow the links: L2 Uncertainty and risk L3 Who’s TARA? The TARA article concludes by explaining that organisations have to identify, evaluate and manage risks by Transferring, Accepting, Reducing or Avoiding them, depending on their likely occurrence and consequences. This article is therefore going to review how organisations score a risk, considering whether it has a low or high likelihood of occurring and the severity of the consequences. The assessment techniques covered can be applied to any type of risk, but I’m going to focus specifically on fraud. Fraud is varied and commonplace Fraud takes place in a variety of ways, and whilst we probably don’t want to admit it, in most organisations. In fact, the Office for National Statistics (ONS) reported that there were 3.7 million fraud offences in the year ending September 2022, as estimated by the Crime Survey for England and Wales (CSEW).* Let’s imagine a large organisation that owns and operates quarries needs to recruit some new staff, perhaps a couple of labourers and HGV drivers. Let’s say that one of the labourer candidates exaggerates their experience on their CV but is completely truthful about their qualifications. The likelihood of that happening is high, but the impact is probably low as long as they can do the job. The likelihood of occurrence and impact can be both assessed as either low, medium or high: However, whilst it’s less likely that an HGV driver would state that they have qualifications that they don’t have, or are out of date, if they did, then the impact of employing them would be much more serious. Checks within the recruitment process, such as verifying the validity of qualifications and taking up references, should reduce the impact of both of these examples. The fraud triangle How about an existing employee seeing an opportunity to steal from the company and taking advantage of it? The likelihood of that happening is low, most people are generally honest, but it is possible. The concept of the fraud triangle states that instances of fraud increase when people are under pressure, they have opportunity, and are able to rationalise their actions by justifying the dishonesty to themselves. Maybe a member of staff, who is struggling financially, has a fuel card for their company car, but every now and again syphons some petrol into their personal vehicle. If their actions go undetected they are likely to do it again. Depending on the effectiveness of the controls within the accounting system, how long the fraud goes undetected and how much is stolen, the impact could be low to medium. Again, the likelihood of occurrence and impact can be assessed, maybe using a numerical grade which is multiplied to give an overall score: Organisations will be able to insure against such risks but controls should also be in place, like checking mileage logs against fuel purchases and looking for anomalies across similar company vehicles. The risk of collusion Finally, let’s think about the risk of more organised fraud, maybe falsifying records, setting up fake suppliers, employees or shareholders in the accounting system. This kind of fraud is likely to require collusion, in other words, more than one person will need to be involved. And it is more likely to happen in a large organisation such as our quarry firm, simply because it is easier for false records to go undetected due to the sheer volume of transactions being processed. This type of fraud can occur on a large scale and result in systematic theft. The third option for visualising risk assessments is to use a matrix that combines likelihood and impact, or consequences, and uses colour to identify the overall level of risk. This makes it easier for less well-trained staff to see the severity of risk for each type of fraud: Summary Identifying, evaluating and assessing risks is just the start. Responding to risks by taking appropriate action, like checking qualifications, is equally as important. Similarly, controls in the accounting system such as undertaking reconciliations and checks, ensuring records are properly authorised when they are created, and that duties are segregated so that, for example, suppliers’ invoices can’t be processed, authorised and paid by the same person, are all required in order to manage the risk of fraud. However, having processes and procedures in place is not a guarantee that risks are being managed successfully, they will need to be monitored and reviewed on a regular basis to ensure that they are being followed and are effective. Gill Myers is a self-employed accounts consultant. She has taught AAT qualifications since 2005 and written numerous articles and e-learning resources.