The cost of this fraud? 0.5% of the subsidiary’s turnover. It could have been stopped by identifying weak signals before the damage became significant.
How Internal Collusion Turns Weak Controls into Major Losses
This type of in-house complicity can carry on for years. In most cases, fraud goes undetected for 12 months or more before being discovered, creating a sizable loss for the organisation; 0.5% of turnover in this case. The fraud was able to continue and grow by exploiting blind spots in controls: reclassification of unjustifiable expenses as “entertainment expenses” or “office equipment maintenance”, false invoices without delivery and importantly, internal collusion between the local CFO and CIO.
How the CFO & CIO Manipulated Accounts to Conceal the Fraud
This fraud is remarkably inventive. It happened at a subsidiary located in the tropics (location will matter later on!) where the local CFO had a very active nightlife. He spent a great deal of time in bars and clubs and charged all of these expenses to a budget line called “representation costs.”
Over the course of the year, this budget inevitably ran dry. A bit earlier, he had started taking the subsidiary’s IT director (the CIO) with him on these outings. Eventually, the CFO told him: “We go out a lot. So either you keep covering, or I’ll make your life hell. I have proof.” The CIO chose to keep the arrangement going.
The CIO then changed the accounting mapping between the local chart of accounts and the Group chart of accounts: representation expenses were no longer posted under the Group’s “representation costs” category but reclassified as “office equipment maintenance”.
After a while, Group financial control grew concerned about the sudden increase in office equipment maintenance expenses. The CFO calmly explained that he had to buy new equipment regularly because the Group supplied “non-tropicalised” equipment, an amusingly creative explanation (and when location matters!), which supposedly deteriorated rapidly in local conditions. He even secured an additional budget to purchase “tropicalised” equipment.
Orders were placed with a company that, unsurprisingly, belonged to the CFO’s cousin, supposedly selling IT equipment. The invoices were issued by this company, but no goods were delivered. The CIO validated the purchase order and the invoice, and the subsidiary paid it. The cousin then kicked back part of the amount to the CFO.
How to Uncover and Shut Down Internal Collusion Fraud
The opportunity for this fraud comes from weak controls from the Corporate finance teams. The significance of this case, beyond the originality of the argument put forward by the subsidiary’s CFO, lies in highlighting a recurring challenge for corporate groups: the oversight of foreign subsidiaries. Variations in maturity levels, cultures, and practices, as well as differences in charts of accounts and ERP systems, all are risk factors that may be mitigated with a mix of culture and technology.
Creating a culture of integrity and accountability
Internal collusion between the CFO and the CIO flourishes in an environment where centralised monitoring of local entities has been insufficient. Organisations can counter this by instilling a culture of control at all levels of the organisation. By generating comprehensive, documented audit trails and ensuring identical visibility at both central and local levels, the organisation can use technology to reinforce the deterrent effect. Validation and task assignment workflows ensure that every action leaves a trace, which helps to reduce fraud. If potential fraudsters know there is a high chance they will be caught, they are less likely to act.
Real-time detection of mapping and supplier anomalies
New technology could have identified several warning signs in this fraud: changes in group account mapping made without formal justification, payments made without associated deliveries, invoices issued by a newly created supplier, “abnormal” increases in expenditure, expense reports validated by the author of those expense reports, etc. When these anomalies are automatically flagged, they allow for early intervention.
Replacing manual controls with continuous and comprehensive monitoring: deterrence before detection!
Traditional internal controls can only examine a sample of transactions during a periodic review. Organisations need comprehensive and continuous monitoring of all accounting entries. This should go right down to the level of individual entries. Multiple expenses classified as “entertainment
expenses” would not have been able to slip under the radar of such a system.
Risk mapping linked to accounting controls
Organisations need systems that allow them to calculate a customised criticality score for each entry and weight each analysis in direct relation to the organisation’s risk mapping. A known risk area in this case was the overhead expenses of the subsidiary. This could have been subject to specific and enhanced controls.
A collaborative platform, with an automatic audit trail would spot this issue early and even help to prevent it occurring in the first place. The technology needs to bring local entities into the fold, ensuring they are subject to the same control requirements as the head office. Then it can secure and track supplier accounts as well as the COA’s mapping changes, which were two flaws exploited in this fraud.
Fraud like this can run for years uncontrolled, causing significant damage to a company’s financial results and ultimately, its reputation. Installing a collaborative control platform brings structure and automation to the system, reducing the opportunity and rationalisation for fraud in the first place.
Accounting Data Analysis Software | Reduce Financial Risk
The post When CFO and CIO Collude: How Weak Controls Drained 0.5% of Turnover appeared first on The Fintech Times.
