Internal fraud: don’t be surprised, be prepared

Be shocked. But don’t be surprised by the discovery an employee is stealing from your business.

It’s common to be surprised when you hear stories of internal fraud, as the victim recounts a story of a trusted staff member caught stealing from the business, sometimes over many years.

"Be shocked if one of your employees or a colleague breaches your trust but don’t be surprised by it."
Greg Scott, Senior Governance Manager, ANZ NZ

It may be hard to understand how someone may be driven by a gambling or drug addiction, have serious financial problems or a desire for a lifestyle well out of their reach but it happens all the time. 

Most people have not experienced issues like this and we don’t anticipate our colleagues or employees could have the motivation to steal. That means we may not put sufficient measures in place to prevent or detect fraud in its early stages and pay a high price as a result.

The cost of internal fraud to organisations globally is in the trillions of dollars each year. A 2016 Global Fraud Study from the Association of Certified Fraud Examiners (ACFE) suggests the median loss per organisation is $US150,000 per case.

Would the organisation you own or work for be able to survive a financial loss of this amount? While a large company may be able to absorb this loss, it may push a smaller business into serious financial difficulty.

What if the loss from internal fraud to your organisation was over $US 1 million? Close to 23 per cent of organisations in the ACFE study had suffered an incident resulting in a direct loss of over $US1 million.

How would a loss of that size impact an organisation’s reputation and what will be the flow on effects?


It is important to be able to trust employees at work and putting in fraud controls shouldn’t undermine this trust.

Having adequate processes in place means businesses are taking a very real threat to their finances and reputation seriously - not to mention protecting employees from the morale-sapping consequences of an internal fraud. 

Joanne Pettifer, a Principal Forensic Accountant at the New Zealand Serious Fraud Office (SFO), has investigated numerous large internal fraud complaints over the last 18 years.

“I think as New Zealanders we are a bit too trusting sometimes - we don’t like to think someone we work with could be stealing from the company,” she says.

“In a perfect world trusting each other would be acceptable but unfortunately you don’t have to look far to see internal fraud impacts businesses quite frequently.”


Some of the more common reasons people have committed fraud in the investigations Pettifer has been involved in include:

• Feeling undervalued by their employer;

• Needing the money to support other influences in their life which are not known to others such as gambling;

• Greed, wanting to impress others, and the desire to have things they would not otherwise be able to afford; and

• Needing to repay other financial commitments they have.

Pettifer’s observations are supported by the ACFE Fraud Study which identified the most common red flags associated with internal fraud were an employee ‘living beyond means’ and experiencing financial difficulties.

Fraud involves deception and those committing it are often very good at covering their tracks. They know the shortcomings of the system and are able to exploit them.

Unfortunately businesses are not always good at identifying the risks until after the fraud has occurred.


Businesses need to make sure they have adequate controls in place to help manage the risk posed by employees who, for one reason or another, take an opportunity to steal.

‘Tips’ are reported to be the most common way internal frauds are found, with 39.1 per cent of frauds initially detected this way, according to the ACFE Study.

This highlights the importance of having fraud reporting mechanisms in place, such as whistle-blower hotlines where employees feel comfortable raising legitimate suspicions or question behaviour in confidence without negative consequences.

Proactive data analytics is also an important control to have in place to detect fraud and the ACFE Study found organisations with these types of controls in place were more likely to detect the fraud faster and suffer lower losses as a result.

Controls can be relatively basic and Pettifer has identified several relatively simple controls missing from organisations who were the victims of internal fraud, such as:

• Making sure employees don’t leave screens unlocked when not at their desk, or share system passwords;

• Segregating duties so one person cannot enter and authorise a payment on their own;

• Ensuring checks are made to verify suppliers are real and all goods and services to be purchased are actually needed and received;

• Regularly reconciling payments, as rogue employees have often used company cheques to pay themselves or buy goods they were not entitled to;

• Checking to see electronic payments for the purchase of goods and services are not made to a bank account which is also an account into which salary is paid to an employee.

So yes - be shocked if one of your employees or a colleague breaches your trust. But don’t be surprised by it - make sure you have the right controls in place as these will help minimise the impact.

Greg Scott is a Senior Governance Manager at ANZ NZ

The views and opinions expressed in this communication are those of the author and may not necessarily state or reflect those of ANZ.

editor's picks

24 Jan 2017

Identity fraud is easier than ever – but so is prevention

Shane White | Content Manager, Institutional, ANZ

On a seemingly normal Tuesday, George (not his real name) attempted to access his internet banking when he came across a message saying his account had been locked for security reasons and encouraging him to contact his bank immediately.

14 Feb 2017

The best weapons in the war on fraud

Ellen Joyner Roberson | CFE, Global Marketing Principal, SAS Security Intelligence Practice

Financial services firms and government agencies have done well to invest in meeting growing consumer expectations for timeliness and convenience.

13 Feb 2017

VIDEO: ANZ names Lynwen Connick as cybersec chief

Andrew Cornell | Past Managing Editor, bluenotes

Banks are obliged to do everything in their power to protect customers and their information, according to ANZ’s incoming chief information security officer, but need to do so without preventing access to popular services online.