Simon Dukes: Facing up to the possibility of internal fraud

Staff and volunteers may be your greatest weakness when it comes to insider fraud - but they are also your greatest strength, writes the chief executive of Cifas

Simon Dukes
Simon Dukes

Fraud is a reality. But there's a lot you can do to fight it. The first step is admitting you have a problem. This can sound like a cliché, yet it remains a simple truth when it comes to fraud.

There have been a number of studies estimating the size of fraud within the UK charity sector. The truth is nobody really knows, but it certainly amounts to many hundreds of millions. It can take many forms: misuse of a charity's account, gift aid fraud, donation theft, creating false invoices, providing services to beneficiaries that do not exist; the list goes on. And when examples hit the media, as they do regularly, they receive widespread coverage. To the honest majority, there is something particularly unpleasant about stealing from a charity.

Within charities too, the fact that fraud can be an issue is now widely acknowledged. But it is understandably more difficult to accept that staff or volunteers may well be playing a role. A KPMG report published in 2013 found that 61 per cent of company frauds were committed by staff inside the organisation. Within charities, with resource constraints and pressures on internal controls, there’s every reason to believe that the figure would be similar.  

Alongside their reputation, charities thrive and depend on dedicated staff and volunteers. It is undoubtedly the case that the vast majority of these people would not countenance, let alone commit, fraudulent behaviour. But recognising and admitting that there is a genuine possibility that some staff or volunteers could be involved in fraud is the first step towards tackling it.

This can be daunting, especially because the majority of charities are small to medium in size, do not have dedicated fraud teams and rely on relatively small numbers of people to manage finances. Treating everyone as a suspect cannot be the answer, because this will result in a culture of fear and discourage candour. However, the stakes are too high not to act. Internal fraud shakes an organisation to its core, resulting in damage to morale and reputation, as well as finances.

The charity sector is diverse and complex - there's no silver bullet for fraud prevention. The good news is that it is possible to balance the need for proper controls with a healthy culture. What's more, some of the key steps can be enacted at little cost.

Treat fraud as a serious risk Put fraud on the risk register and place responsibility for it with senior staff members. The lead has to come from the top. Develop a fraud policy that sets out clear standards of acceptable behaviour and make sure your staff and volunteers understand what is required of them.

Support staff to raise concerns Have a clear whistleblowing policy and make sure staff know that they are protected if they raise concerns. The recent experience of the NHS shows just how fraught whistleblowing can be. Make sure your staff know they will be supported.

Carry out spot checks and look for warning signs Spot checks on bank records and accounts can never take the place of a proper audit, but they can be effective by acting as a deterrent to a potential fraudster. Make an active effort to look for warning signs such as unusual transactions, sudden increases in new suppliers or missing or altered documents.

Know that data is as valuable as money In fact, data is money. Any large stores of personal data, whether on donors, potential donors, suppliers or beneficiaries, need to be adequately protected. Their value is high and their loss will put those individuals at risk of further fraud and identity theft, and have an impact on your revenue. While the vast majority of employees and volunteers will respect data confidentiality, a database of names and addresses, as well as any financial details, will be a key target for a fraudster.

Collaborate Our experience with organisations across a range of sectors shows working together and sharing information on fraud threats is the most effective approach. Fraudsters rarely operate in silos and similar scams or groups of people will work their way across different organisations and sectors.

Plan for the worst Fraudsters often use multiple methods to commit fraud. How can you ensure the full scale of the problem is known, and how would you communicate about it to staff, regulators and the wider world?

Report it Fraud should be reported to the police via Action Fraud and to the Charity Commission. There are serious gaps in fraud reporting and this hinders the ability of law enforcement to detect patterns and to crack down on organised crime. The more we know about fraud in the sector, the better equipped we will be to fight it.

The tips above are only a start. The most important lesson is this: people are just as much part of the solution as they are part of the problem. Staff and volunteers may be your greatest weakness when it comes to insider fraud - but they are also your greatest strength. Trained staff and volunteers, who feel supported to raise concerns and understand that you have a zero tolerance policy on fraud, are your best defence.

Simon Dukes the chief executive of fraud protection agency Cifas

Before commenting please read our rules for commenting on articles.

If you see a comment you find offensive, you can flag it as inappropriate. In the top right-hand corner of an individual comment, you will see 'flag as inappropriate'. Clicking this prompts us to review the comment. For further information see our rules for commenting on articles.

comments powered by Disqus