Thanks to the human factor, no technology or policy will be able to completely prevent fraud -- this is the message given out during the Asia Fraud Conference.
Even from the 18th century, there are countless examples of commercial fraud cases involving companies. With human greed, everybody is more interested in their profits rather than asking questions, pointed out Hri Kumar, partner, Drew & Napier, who was the keynote speaker at the two-day event which began yesterday in Singapore.
According to Kumar, a fraud survey report from KPMG conducted in Singapore showed the financial costs to companies as a result from fraudulent activities went up from S$1.4 million (US$913,000) in 2004 to S$4.4 million in 2007, while computer-related fraud occurrences jumped from 19 per cent in 2004 to 59 per cent three years later.
And the current economic climate is making things worse. "When times are bad, people will resort to means to make ends meet," said Larry Lam, managing director, McGuire Asia, which organised the event.
Alleviate the pain...and costs
But while fraud cannot be stopped, it can, however, be mitigated; a sentiment shared by the speakers at the event.
One way is to implement a series of post-fraud activities, recommended Kumar. These include setting up a fraud response team which can quell panic and help work with investigators, as well as a sound document retention and creation policy. The latter entailed keeping and not deleting e-mail and hard copy. The litigation process will require the company to provide investigators access to these documents and might help the organisation clear its name from improper conduct.
An ongoing case mentioned by Kumar highlighted the current argument of whether the companies where fraudulent individuals belonged to should be held responsible. To get around it, organisations should hire specialist human resource agencies to conduct background screening of employees during hiring, said Wayne Tollemarche, executive vice president (Asia Pacific), First Advantage Corporation.
"Never take the CV at face value, and talking to referees from reference checks is not considered part of background screening," said Tollemarche. Some of the common methods of screening include checking on educational and professional qualifications, as well as previous employers, all done through a combination of calls and online research.
The prevalence of removable media devices such as USB drives and memory cards is making it easy for perpetrators to carry out fraudulent activities, said Richard Stagg, director and managing consultant, Handshake Networking.
"A 2006 study by Deloitte shows a 50 per cent rise in leaks of confidential information and that is primarily attributed to the increasing numbers of removable devices. Staff can walk out with massive amounts of confidential information of their organisations," said Stagg.
A way forward is awareness training, he recommended. Have it as part of the induction programme for newcomers in a company, get them to sign that they have understood acceptable use policies, and reinforce the message through a series of e-mail, short seminars and screensavers, listed out Stagg.
Technology plays its part
During a fraud investigation, computer forensics is a component that should not be left out, recommended Ramesh Moosa, director, forensic technology solutions, PricewaterhouseCoopers. "Computers are filing cabinets with audit trails and these are cold hard facts," he explained. This evidence can be used to prove for or against claims made by people.
Highlighting the case of a local pharmaceutical company where it was suspected of conducting illegal business at the side by its major shareholders in the US, computer forensics experts were able track down evidence of the local shareholder's doings in e-mail and deleted files. With the proof, the offender was forced to relinquish his shares in the company and the company did not have to undergo the unwanted attention of a public lawsuit.
Meanwhile, fraud cases tend to be discovered only by external parties or by accident, observed Shahar Mor, CTO, Sparktech. The uncovering usually happens long after the fraudulent activities have started, he added.
To solve the above issues, companies need to employ data analytic tools that can spot irregular behaviour patterns by employees in real-time. Being able to profile employees, the systems must be able to detect out-of-the-ordinary activities such as irregular working hours and a high number of beneficiary changes per day. "It has to also support the entire fraud life cycle from deterrence to prosecution," said Mor.
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.