Could fraud ever arise in my business?
In answering such a question, it invokes further questions to be asked as follows:
Yes…There is always a possibility
The rhetorical question one must ask when defining the objective of fraud prevention is what makes us most vulnerable to fraud?
What written and unwritten rules govern behaviour?
What are the consequences of my actions?
In order to consider these questions, we must recall from Criminology, the ‘Fraud Triangle’ of David Cressey who considered that fraud arose because of 3 main factors:
1. An unsharable financial need;
2. Rationalisation of fraudulent behaviour;
3. Perceived opportunity
I focus in this article upon cutting down the ‘perceived opportunity’, and an attempt to raise the barrier within a business to combat and substantially weaken any perceived opportunity.
Currently, emails appear to be the current best used medium as a further method of correspondence. Email facilities, together with access to the Internet are usually available to all personnel through the business’ computer network, and now by wi-fi through gadget owned by employees personally.
The first presumption is that there there is a high degree of trust from everyone regarding emails, because emails are sent and received daily to one’s own computer without usually any supervision or monitoring at all.
This, I would argue, is the first wrong presumption to make. Sure, there has to be an element of trust within a business set-up, but so much so that an employee/contractor has carte blanche to send or receive whatever they wish.
The second presumption is that employees are responsible.
This, I would argue, is the second wrong presumption to make. An internal argument, which ends up confused and then escalates into rants by email, to those reading externally may be construed as bullying in the workplace. What of more sinister emails? What if business is being conducted by an employee (I.e. moonlighting), whilst supposedly at work, and you are not seeing any of that money, but you continue nevertheless to pay your employee?
The third presumption to make is that personal emails to that employee must and should remain personal.
Again, I argue that this cannot be right. If you use a work computer, then arguably the business from the header and footer of your emails is unknowingly sanctioning and giving credence to such an email and more importantly your authority to speak in their name, and the contents of what you say.
What makes us most vulnerable to fraud?
Email traffic and communication certainly must be a factor. Emails sent and received without the business knowing or monitoring them, make a business vulnerable. Certainly there are many other factors which make a business vulnerable, but this mode of communication is potentially very dangerous.
Once you identify it as a potential risk, you may then wish to ask yourself the next question:
What written and unwritten rules govern my behaviour?
There are various views on this, but certainly the view of the Association of Certified Fraud Examiners is to be open and up-front with employees that fraud can occur in this way. Such open conversations do a number of things which I list non-exhaustively:
1. It lets the employees know that their emails are likely to be monitored, or should be monitored, to avoid any possibility of fraud;
2. It takes away the sordidness and underhandedness of sneaking around and spying on employees;
3. It allows employees rationally to understand that such behaviour will not be tolerated, and that the business takes monitoring seriously.
4. It sets out a defined boundary as to what is, and what is not acceptable behaviour in the workplace;
5. It defines the work ethic of the business, showing the business to be responsible employers rather than snooping employers.
Should you have an email policy and what should be contained in that policy?
What precisely it covers depends on the respective business.
Some illustrative examples may be as follows:
- No emails should be defamatory, obscene, or of a nature which could in any way bring the business into disrepute.
- No emails should be offensive, discriminatory, or harassing or bullying.
- Emails should be saved on the computer system and printed out as a hard copy.
- Emails that are deleted, nevertheless remain stored in the hard-drive and can be considered by the business at any time.
- Emails are monitored by regularly by the business and disciplinary action will be brought if the Email policy is breached.
Email Security:You should have appropriate filters, and anti-virus software in place.
Monitoring of Emails:
- Can you monitor emails of employees? With their consent, absolutely yes.
- Without their consent, but with an Email Policy in place to say you will do so from time to time? Yes.
- Without their consent, and without an Email Policy in place, but on computers owned by the business? Probably yes
- Without their consent, and without an Email Policy in place, and not on computers or other hardware owned by the business? Definitely not. It will possibly be a criminal offence because you are tampering with a computer or other device, which is not yours.
Professor Rosen is a Solicitor-Advocate, Partner and head of Litigation at Darlingtons Solicitors. A working member of the Fraud Advisory Panel, a Certified Fraud Examiner with the Association of Certified Fraud Examiners, a visiting Associate Professor of Law at Brunel University, and a member of the Society of Legal Scholars.
If you have a fraud or suspected fraud issue contact me or go to our main fraud pages.
Haven't found what you need yet?
Why not search the whole site?