Finance staff at charities need to become experts in cyber security and stop being so complacent about the risk of fraud, Charity Finance Group members were told yesterday.
Speaking at the CFG’s risk conference in London, Martin Robinson, an independent risk and audit consultant, said that people in all sectors were too scared of addressing the issue. "People don’t want to mention the f-word," he said.
He mentioned several recent fraud issues in the charity sector, including the cases involving fraud arrests at Cyrenians Cymru, sentences handed down to fraudsters at Afghan Poverty Relief and the jailing of Oxfam’s former head of counter-fraud
"It’s still very common in your sector, unfortunately," said Robinson. "So many people say ‘fraud isn’t a problem here’." Asked why he thought these people were sure there was no fraud risk at their organisations, Robinson said the answer was often along the lines of "oh, we just know".
"The fraudster could be anyone – including people in this room," Robinson said. He noted that the profile of the average person who ended up in court on fraud charges was an older male working in a senior management position in finance. "They know how to get away with it and they’re not going to get picked up on it," he said.
He said organisations were often complacent about expenses claims, which could be the gateway to bigger fraud. "It’s what the fraudster tries on," he said. "And if you can get money out of expenses, you try something bigger."
Robinson spoke of one head of audit at an unnamed government department who said he allowed small fraudulent expenses claims to be waved through because he "didn’t want to rock the boat".
Robinson also noted examples of hackers managing to breach security measures at large, well-resourced private firms, such as the US retailer Target, saying that the risk was "really truly scary" and had "suddenly escalated to being a huge, huge problem".
He said: "This is the subject you all now need to be experts in."
He pointed delegates to the government’s Cyber Streetwise initiative. "It’s not just for your IT people; it’s for you guys," he said.
Robinson also urged his audience to consider what made a previously trustworthy, honest employee defraud their employer. He said debt problems, often linked to gambling, and marital breakdown were common catalysts.
When such cases came to court, he said, companies would often point out that they had some sort of emergency fund for staff in place, but might not have publicised it well enough. Charities should consider taking an interest in staff wellbeing as part of their anti-fraud measures. "If you feel that somebody’s behaviour has completely changed, talk to them," he said.
Organisations should make sure they have a visible and brief fraud policy – "written in English and not jargon" – that could be reinforced with posters around the offices and notes in payslips, he said. "It’s okay to talk about the f-word," Robinson said.