17 August 2023
How much money could your business lose due to fraudulent activity? How much can you afford to lose? And, how much of this could be prevented? Figures obtained by RSM UK under a freedom of information request (FOI) also show a 10% rise in reported fraud cases committed by employees against their employers.
Our How to save half a million pounds – counter fraud webinar discussed two recent cases of insider fraud. Both involved trusted senior managers who set up fake companies to invoice against their own budgets and steal organisation funds. With insider fraud being identified as rising, our webinar looked at ways both cases could have been prevented, saving thousands of pounds of public funds.
Both of these cases occurred in the NHS, which is somewhat unique among many public bodies, in that it has its own counter fraud function. These teams report to the Board and undertake a range of fraud prevention tasks such as; producing a fraud prevention strategy and response plan, fraud risk assessment, training and awareness, and audit style reviews. Their staff can also undertake criminal investigations into fraud committed against NHS organisations, often avoiding the need for police involvement. All organisations would benefit from learning from this prevention work, and adopting many of the same anti-fraud processes and controls into their day-to-day practices.
The first case study related to Barry Stannard, a senior manager who had worked for his trust since 2009. He set up two companies, BNC Communications Limited and Data Centre Power Services. He used these to submit 308 invoices over five and a half years, making a gain of just over £800K. He personally approved each invoice within his authorisation limit.
His fraud was identified by the National Fraud Initiative, a Cabinet Office data matching exercise for the public sector. This identified a match between an employee on the payroll, and the director of a supplier company.
He admitted the offence in court and was sentenced to five years and four months imprisonment. A later Proceeds of Crime hearing ordered him to repay £203,349.13.
The second case study related to Tom Elrick, a senior manager who had worked at his organisation since 2017. In August 2018 he set up a fake company, Tree of Andre Therapy Services. The following day he submitted the first of 31 invoices to his organisation, all of which he personally approved within his authorisation limit. In total he made a gain of £564,484.80.
He admitted the offence in court and is due to be sentenced in July 2023.
How could these cases of fraud have been prevented?
We looked at the internal controls that should be implemented to prevent these offences from occurring in the future.
Supplier due diligence
- A checklist for verifying new suppliers are genuine organisations and can deliver the goods/services.
- Appropriate authorisation for the goods/services, such as a business case, that is approved in line with SFI’s, or the Scheme of Delegation based on the projected cost.
A declarations of interest process
- A policy requiring staff to declare any actual or potential conflicts, including a requirement for nil declarations from decision makers.
- A monitoring process to ensure declarations are submitted, including a process to chase non-returns.
- Validation of returns to ensure accuracy and identify incomplete submissions.
- Internal review by a line manager who can assess the consequences of any declared conflicts.
- User access management.
- Delegated authorities.
- Segregation of duties.
- No PO, no pay.
- Contract management to include aggregate spend and verification that authorisation was in line with SFI’s.
Fraud and corruption principles
We discussed the Fraud and Corruption Principles, namely;
- there is always going to be fraud;
- finding fraud is a good thing;
- there is no one solution;
- fraud and corruption are ever changing; and
- prevention is the most effective way to address fraud and corruption.
Organisations should ensure they have an anti-fraud and bribery policy in place, giving reporting routes for staff to raise concerns, and a defined response plan to ensure action when a referral is made.
Staff should receive regular training and awareness to highlight the risk of fraud, and there should be strong controls in place, including a ‘lessons learnt’ process to continually improve these controls when fraud is identified.