Agencies’ passive approach to fraud is allowing the cost to taxpayers to grow, says a state auditor. It’s possible to build a profile of the typical perpetrator and a list of red flags to watch for.
The typical public sector fraud perpetrator is a 46-year old man who has worked for the organisation for more than five years in a non-managerial role in an operational area, according to data published by the Audit Office of New South Wales.
But while agencies are confident they are getting better at preventing and detecting fraud, they have tended “to focus more on passive rather than proactive fraud control measures”, warns NSW auditor-general Margaret Crawford. This passive approach tends to take longer to pick up on wrongdoing.
“Fraud awareness training and preventative fraud controls, such as fraud risk assessments and pre-employment screening, remain areas for improvement in NSW government agencies,” the report states.
The NSW fraud survey, covering 2012-2015, found non-managerial staff were the most common fraudsters, with 716 incidents registered, at an average value of $7,228. But despite registering a much smaller number, with 58 incidents, middle management fraud was a lot more expensive, on average costing over $138,000. Timesheet fraud and theft of cash were the most common offences and men comprised 63% of perpetrators.
99% of internal fraud perpetrators have no criminal record.
The data show governments should be more concerned about their own employees than outside wrongdoers, with 92% of frauds involving an internal employee or contractor.
There were 1077 frauds reported by surveyed agencies for the three year period, with a total reported value of $10 million — up from $7 million over the 2010-2012 period. Forty-five agencies (44% of those surveyed) reported a fraud in the three-year period, with 20 agencies identifying ten or more. This only represents part of the total, however, as not all agencies were surveyed, and research shows the real incidence can be up to three times the reported number of frauds.
Waiting for the smoking gun
The auditor’s report highlighted several common problems with agencies’ handling of potential fraud:
- A high proportion of agencies have a code of conduct, while only about a third of agencies require staff to regularly attest they know and understand it.
- A high proportion of agencies have a conflict of interest policy, but less than half require staff to complete such a declaration annually.
- Almost half of the agencies do not require staff to confirm any secondary employment every two years, a measure which could detect conflicts of interest and the misuse of government information and resources.
- 26% of agencies are not mitigating fraud risks where staff in high fraud-risk positions have large leave balances and have not taken at least two weeks continuous leave each year.
Crawford is concerned about this “passive” approach, citing the Association of Certified Fraud Examiners’ 2014 global fraud study:
“Passive detection methods (confession, notification by law enforcement, external audit and by accident) tend to take longer to bring fraud to management’s attention, which allows the related loss to grow. Consequently, proactive detection measures — such as hotlines, management review procedures, internal audits and employee monitoring mechanisms — are vital in catching frauds early and limiting their losses.”
Spotting red flags
Previous research indicates there do tend to be red flag behaviours associated with employee fraud. The Association of Certified Fraud Examiners 2016 global fraud study reported that in 91% of cases, the perpetrator displayed one or more of the behavioural red flags below before the fraud was detected, with living beyond means, financial difficulties and unusually close association with vendor or customer the three most common:
Agencies surveyed are confident they have adequate control measures in place than in previous years. In 2015, agencies self-assessed their fraud control measures by key attribute as either highly effective or effective in 83% of cases — up from 80% in 2012 and 50% in 2004.
Crawford recommends that agencies read and review their fraud control measures against its fraud control improvement kit, and the NSW Treasury develop a fraud control policy for the NSW public sector that explicitly states the government’s commitment to fraud control and clearly articulates the government’s expectations of agencies to develop and implement fraud control measures.