One of the key aspects discussed in the earlier blogpost, ‘Fraud buster’ series – Dealing with employee frauds, was that organizations can address employee frauds through job rotation and mandatory vacation policies, along with other internal controls. Taking a cue from that, it may be practical to consider the tenure of an individual in a certain entity (company), division, department and area of work while evaluating the conditions and environment conducive to fraud risks.
Let’s discuss this with an example. Steven was employed at a manufacturing company for over 10 years. Over time, he was able to gain the trust of his superiors and started overseeing the company’s printing and stationary requirements. He was also the authorized signatory for all cheques issued by the company.
During his tenure, Steven forged numerous payment slips and made false entries in the books of account. Management received an anonymous tip on the whistle-blowing hotline flagging some of these activities. On investigation, it was discovered that Steven had swindled over a few crores on account of his position as the signing authority. He had also not taken any personal leave for over three years. Further scrutiny revealed that he had multiple fake companies in the names of related parties that he used to deposit the cheques.
Could the company have completely avoided this situation if they would have changed the job role or ensured mandatory vacation? Maybe not.
But the chances of such an incident taking place would be lower in organisations that have implemented a robust job rotation and mandatory vacation policy.
A few possible negative outcomes that could arise due to an increase in tenure of employees may,
- Drive them to fulfil their personal interest rather than the organizational goals after a stipulated time limit
- Create scope to exploit the system weaknesses and execute transactions which are hidden within complex practices
- Build ‘fake trust’ among superiors and highlight their ‘sincere’ intentions
- Give rise to collusive practices between like-minded individuals
In such a scenario, what can companies do to retain deserving employees but at the same time occasionally swap job roles and responsibilities to mitigate the possibility of fraud risk?
Implementing policies or procedures pertaining to job rotation and mandatory vacation time could serve as a forewarning platform for organizations. It also becomes a periodic ‘Maker-Checker’ control tool and enables cost savings, as it circumvents modification in the organizational structure to bring in an independent checker.
Association of Certified Fraud Examiners (ACFE) has analysed the implications of various anti-fraud measures (for the years 2008-2012) by considering,
- the average rate of reducing fraud losses and,
- their average implementation rate
It revealed that, though the adoption of job rotations and mandatory vacation could reduce fraud instances by 50%, the advocacy of such techniques was almost treated as a last resort. Its implementation rate was around 16% and implementation ranking stood 14 of the total 16 controls.
Organizations could consider job rotation and mandatory vacation as an effective tool for fraud prevention and mitigation. The applicability of job rotation will have to be decided depending upon the nature of business, organizational structure, skill-sets and risk profiles. In addition, companies should design and develop job rotation policies (apart from other anti-fraud controls) by considering risk prone or vulnerable areas, job levels at which such rotations need to be implemented and frequency.
They should also carry out adequate knowledge transfer programs through induction or training during the role transition phase and obtain declarations/ undertakings from the employee they are replacing.
While undertaking the process, management needs to make a clear demarcation between trust and accountability as balancing both is necessary for the successful operation of an entity.
(The above is third in the series of blogposts which will deal with different fraud scenarios and highlight measures that could be used as ‘fraud busters’)