Employee fraud: how should you respond to a tip-off?

Published on Wed, 31/05/2017 - 21:48

Members advised on key first steps and the mistakes to avoid

Do you know what a "typical" corporate fraudster looks like? What red flags should you be looking for? And - most importantly as a risk manager - what should your first actions be if potential fraudulent activity is brought to your attention?

These were just some of the questions addressed by RGL Forensics at an Airmic Academy which delved into the serious but little-understood subject of investigating employee fraud.

According to RGL - a specialist firm of forensic accountants - once a potential fraud is detected, the subsequent uncovering and unravelling of the incident can occur at rapid speed - sometimes in a matter of hours and days.

The implications of employee fraud are complex and sensitive with corporate, legal and PR implications. Taking time to understand what you should and shouldn't do before an incident occurs is therefore vital. "You must have a fraud response plan in place," Kevin Harding, partner at RGL stressed. "And as a deterrent, make sure you publicise the fact that you have one to your employees, and outline what the sanctions are."

When fraudulent activity is suspected, the first step is to determine who is involved, Airmic members heard. "Until you know who you are dealing with and have absolute proof, keep your response team as small as possible, John Burgar, RGL's head of investigations advised. "You will most likely need to conduct a covert investigation, not only to find evidence against the perpetrator(s) but also to exonerate the innocent. Confidentiality is vital. Consider having meetings outside the office if need be. Don't assume no one is listening in."

Must do's in the first 24 hours:
  • Continue as normal if you can - do not alert the suspect
  • Establish where the suspect is and who else could be involved
  • Determine your objectives in line with company policy
  • Determine who needs to know
  • Secure evidence and consider suspending access to prevent tampering

Source: RGL Forensics

One of the biggest mistakes to avoid is contaminating evidence, the workshop heard. Phone records, emails, desk items, even bin contents are all potential sources of evidence and care should be taken not to interfere with them. "For example, don't go through emails yourself as you could affect their integrity and diminish their evidential value. Instead, secure them to prevent tampering and have them examined by suitably qualified computer forensic experts," Burgar noted.

Mistakes to avoid in the first 24 hours:


  • Ignore whistle-blowers or fail to take suspicions seriously
  • Make rash decisions or take unplanned actions
  • Assume no one is listening in
  • Interview suspects or take disciplinary action before the facts are established

Source: RGL Forensics

Even organisations with the most sophisticated controls and procedures in place are vulnerable to fraudulent activity from employees, the workshop heard. According to Ben Hobby, partner at RGL, the best defence against fraud is in fact its culture. Noting that most frauds are detected by whistle-blowers not controls, he said: "Controls are important but they can be by-passed, especially with employee collusion. Having an ethical culture throughout the organisation is your best defence."

In particular, he argued that the business culture needs to be open with debate and discussion encouraged. Domineering or intimidating individuals can be a red flag that may signal a bullying culture. "Staff need to feel able to ask questions. Challenge and integrity are key."

Typical characteristics of a fraudster:
  • Male, aged 31-40
  • University graduate
  • Middle or senior management
  • Employed by company for 3-5 years
  • Usually a first-time offender

Source: RGL Forensics

The Airmic Academy workshop was presented by Kevin Harding, partner at RGL Forensics; Ben Hobby, partner RGL Forensics; and John Burgar, head of investigations at RGL Forensics. For more information about Airmic Academies please click here.