Up to 70 percent of corporate fraud is committed by employees and occurs because of broken processes, according to consulting firm Deloitte.
Deloitte forensic specialist Kelvin Kennedy, who was in charge of fraud reduction at SunCorp for three years, said fraud is invitable for business because anti-fraud structures such as payroll master reports and whistle blower facilities are under-resourced.
“If you haven't had fraud against you in the last two years, you missed it,” Kennedy told a Sydney conference.
Kennedy, also a former federal police officer, refuted claims by other analysts that it is possible to map a typical fraudster, or act of fraud.
Industry concensus paints a typical fraudster as white, bald and 30 years old.
“Red flags are always different between organisations,” Kennedy said. “It can be done by new customers, staff or triggered by a change in behaviour in existing trusted staff.”
However, he said most fraud is unoriginal, poorly planned and only successful because of “broken controls”.
“So you've got your payroll master report that logs every change to standard payments. They are printed and filed... but who actually looks through them?,” Kennedy said, adding much of the fraud he sees can be detected early if basic audit trails are reviewed.
Like many analysts, he suggests the Australian recession will push redundant and financially strung staff to committ fraud. About 80 percent of the average company's workforce would not normally committ fraud, Kennedy said, while the bottom and top 10 percent are respectively “career criminals” and “saints”.
While staff screening and background checks keep most career criminals out of organisations, Kennedy said a personal crisis can turn long term staff who have intimate knowledge of business processes into very successful fraudsters.
He said business should consider ongoing background checks to detect emerging propensities for fraud in trusted staff, regularly check audits trail and ensure investigations into suspected fraudulent employees are admissable in court.
Kennedy said businesses must consider looming quasi-US data breach laws when deciding whether to report incidents of fraud to the police or Australian Securities Exchange.
Deloitte offers a data mining tool, Dtect which searches corporate information for similarities and anomalies that may indicate fraud.