In simple terms asset misappropriation fraud is when an employee who is responsible and trusted with assets abuses their position, working alone or with internal or external parties such as fellow employees or customers, suppliers or professional service providers.
I see this fraud committed at all levels from Director to shop floor. This can be simply committed by any person(s) in the hierarchal ladder. Consider that this fraud is not just cash, but other assets, which includes data and IP.
This fraud / theft takes many forms from simple theft of cash, removing data and other protected IP and information from a company. It may be falsifying accreditations, experience and qualifications to fulfill a role but could equally be an employee in collusion with other colleagues or people external from the business. This could include employees who understand the vulnerabilities in a business or industry and have gained employment to exploit that weakness.
The ‘insider’ will identify the vulnerabilities and can work their fraud undetected or months, years, decades, or never be identified. Often these frauds are found when the employee has left the business.
If you are vulnerable, then you may have more than one insider committing asset misappropriation and all are working independently with no knowledge of each others criminal behavior.
A company or organisation can end up with a culture of dishonesty, with initial frauds being isolated and minor and escalating in value and frequency, so that the employee sees what they do as routine, a way of their employment life and a dependency on the financial gain as their life is molded around the revenue they are stealing.
Here are my top tips:
Look at prevention it may be far cheaper than having to detect it and try and recover any identified losses. Prevent it…you may never know it was happening to you.
Create a culture. Give a responsible person the project / subject to own.
Create a whistleblowing policy or reporting process.
Conduct a gap analysis. Asses your vulnerability. Only 1 in 5 SMEs have conducted a fraud audit.
Put access controls in place on building, systems and software.
Have relevant policies and procedures.
Educate staff. Let them know you will decisive and ruthless.
Segregate responsibility and audit, audit and check again.
Have a tiered responsibility.
Have a reaction plan with individuals with clear responsibilities and actions.
Vet key individuals with responsibility upon employment or promotion.
Have a general security review conducted.