How to be a Successful Frauditor E-Book

Contents

Cover

Title page

Copyright page

Foreword

Preface

Acknowledgments

Part I: Understanding fraud

Chapter 1: Fraud overview

What do We Mean by Fraud?

Drawing A Distinction Between Fraud and Corruption

Cash, Cash, Cash

The Basic and Basis of All Cash-Handling Frauds—Teeming and Lading

Chapter 2: Fraud basics

Think Fraud First!

Peter’s Pointers to Peculation (i.e., Fraud)

Some Basic Frauds Against Organisations

Part II: Planning and managing

Chapter 3: Planning A fraud investigation

Setting the Strategy for the Fraud Investigation

Planning the Initial Investigation

First Steps, Stopping the Losses and Starting the Initial Fact-Finding

Expenses—The Short-Cut Route to Success

Case Study: Answers

Chapter 4: Managing the investigation

Why Effective Managing is the Next Most Important Task After Planning

Getting the Basics Right

Tips and Suggestions to Help Manage the Investigation

Chapter 5: Gathering and using intelligence and evidence

What is the Difference Between Intelligence and Evidence?

Gathering the Evidence

Email: can It be Evidence?

Witness Evidence Gathering

Chis or Informant? What are the Differences—and the risks?

Disclosure, Disclosure, Disclosure

Part III: Investigation techniques

Chapter 6: Using analysts to support the investigation

Understanding the Role of A Fraud Investigation Analyst

Tasking Analysts Effectively

Making Sure That You Get the Right Result

Using Analysts During Civil and Criminal Cases

Chapter 7: Technology that aids fraud detection

Common Technological Tools Available to the Fraud Investigator

Taking the Internet Into the Fraud-Finder’s Tent

Spreadsheet Versus Database?

Data Interrogation Tools

Using Specialised Data-Mining Tools

Chapter 8: Considering covert surveillance

What is Covert Surveillance?

What Might Be Done and When could You Consider It?

Counter-Surveillance, What to do If You are Under Attack

Using Evidence and Intelligence Gathered Through Covert Surveillance

Chapter 9: Fraud interviewing techniques

When You May Need to Interview

Understand Yourself Before You Try to Understand Others

General Principles for Fraud Interviewing

Chapter 10: Advanced techniques in fraud investigation

Advanced Techniques in The Context of This Book

The Appliance of Science …

Where Attributes Come to the Fore

The Value of Variable Sampling

Using General Sampling Theory to Advantage in A Fraud Investigation

Fuzzy Logic and Data Interpretation

Hunting the Hunter

Part IV: Fraud types

Chapter 11: Catching your crooked contractor

To Catch A Crooked Contractor …

Common Categories of Corrupt Contractors (In Ascending Order of Size)

Using Companies House and Financial Assessments to Best Advantage

Using Due Diligence to Deal with Dodgy Contractors

Chapter 12: The danger that is a Trojan fraudster

So What Exactly is A Trojan Fraudster?

The Need for Effective Vetting of New Staff and Contractors

The Trojan Company

Chapter 13: Low-value, high-volume fraud: the investigator’s nightmare

Defining Low-Value, High-Volume Fraud

Why Tackling Low-Value, High-Volume Fraud Poses Particular Problems

Issues to Tackle During the Initial Investigation Phase

Chapter 14: Pay and pension frauds

Recognising the Types of Payroll Fraud That May Be Committed

Pay Reconciliation

Classic Payroll Frauds Committed by Pay and Pensions Staff

Classic Payroll and Pension Frauds by Employees or Relatives

Classic Payroll Frauds Committed by Line Managers

Using Analysts Effectively to Detect Payroll and Pension Fraud

Part V: Getting the right result

Chapter 15: Dealing with the law

Reporting A Fraud to the Relevant Authorities?

Dealing with the Police During A Fraud Investigation

Fraud and the Relevant Criminal Law

Investigating Within the Law

Civil Law and Fraud

Chapter 16: The dos and don’ts of preparing for civil litigation

When—and When Not—to Consider Litigation

To Freeze or Not to Freeze—is That the Question?

Civil and Criminal Cases—Getting the Right Result

Tracing Orders and Other Weapons

Using Expert Witnesses to Best Advantage

Part VI: Fraud in context

Chapter 17: Fraud risks, fraud awareness and whistle-blowing

Assessing the Risk of Fraud in the Organisation

A Model for Assessing the Risk of Fraud in an Organisation

The Benefits of Fraud Awareness Training in Preventing and Detecting Fraud

Whistle-Blowing Arrangements and Their Place in Fraud Awareness and Detection

Strategic Aspects of Fraud Awareness

Chapter 18: So, you’re A fraud-finder too?

Fraud Basics

Planning and Managing Investigations

Investigation Techniques

Fraud Types

Getting the Right Result

Chapter 19: Current trends with fraud and corruption

Rising Levels of Fraud in A Post-Recession Climate

The Office of Fair Trading and Works Contractors

Suspected Contract Fraud in Public Bodies in Northern Ireland

Other Recent Internal and Contractor Fraud Trends

Current Fraud Risks and Issues to Address in Organisations

Chapter 20: Conclusions and the way forward

The Journey’s End or Just the Beginning of the Story?

Meeting Training Needs

Fraud Investigation—Art or Science?

Appendices

Appendix A: Are you a fraudfinder?

Answers to the Questions in Chapter 18

Appendix B: Red Book 2

1.0 Adopting the Right Strategy

2.0 Accurately Identifying the Risks

3.0 Creating and Maintaining A Strong Structure

4.0 Taking Action to Tackle the Problem

5.0 Defining Success

Appendix C: Fraud risk wheel (the ‘wheel of misfortune‘)

Appendix D: Audit Commission Toolkit

Appendix E: Summary of modules in the CIPFA Certificate in Investigative Practice

Cipfa Certificate in Investigative Practice Qualification in Counter Fraud

Appendix F: Formulae and a table to assist advanced techniques

Sample Size Formulae

Appendix G: Detecting abuse in credit card transactions

An Introduction to Data-Mining Concepts

Proactive Fraud Detection

Key Failings and Misconceptions in Expenses Management

Corporate Procurement Card Profiler

Conclusion

Appendix H: Notes

Index

This edition first published in 2010 Copyright © 2010 Peter Tickner Associates Ltd

Registered office John Wiley & Sons Ltd, The Atrium, Southern Gate, Chichester, West Sussex, PO19 8SQ, United Kingdom

For details of our global editorial offices, for customer services and for information about how to apply for permission to reuse the copyright material in this book please see our website at www.wiley.com

The right of the author to be identified as the author of this work has been asserted in accordance with the Copyright, Designs and Patents Act 1988.

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, except as permitted by the UK Copyright, Designs and Patents Act 1988, without the prior permission of the publisher.

Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books.

Designations used by companies to distinguish their products are often claimed as trademarks. All brand names and product names used in this book are trade names, service marks, trademarks or registered trademarks of their respective owners. The publisher is not associated with any product or vendor mentioned in this book. This publication is designed to provide accurate and authoritative information in regard to the subject matter covered. It is sold on the understanding that the publisher is not engaged in rendering professional services. If professional advice or other expert assistance is required, the services of a competent professional should be sought.

ISBN 978-0-470-68185-5

A catalogue record for this book is available from the British Library.

Project Management by OPS Ltd, Gt Yarmouth, Norfolk

Foreword

I first became aware of Peter Tickner when the Metropolitan Police Authority was created in June 2000 to take over responsibility from the Home Office for the budget, scrutiny and oversight of London’s Metropolitan Police. I was elected as the first Chair of the MPA and soon found that we had a robust and tenacious chief internal auditor with a somewhat fearsome reputation as Scotland Yard’s very own rottweiler. What is more, this attack dog was quick off the mark with a (gleeful) warning to the incoming Authority that the Metropolitan Police didn’t have a system for telling whether it had paid a bill more than once and that we should get on with sorting this out.

Peter had already made his mark as Director of Internal Audit at the Metropolitan Police since 1995 where he had been involved in successfully investigating fraud and financial waste by, among others, works and maintenance contractors, IT consultants and police employees. Following the GLA elections in 2004, I stood down as Chair of the MPA, but was re-appointed to the Authority as the Home Secretary’s representative. It was then that I joined the Corporate Governance Committee, to which Peter regularly reported. I took over as Chair in 2006 and with that found myself responsible during the next three years for trying to exercise a degree of control over Peter’s activities as Director of Internal Audit. As anyone who knows Peter will appreciate, this was no mean task and, perhaps surprisingly for a relatively dry subject, Corporate Governance meetings were often lively. This was in no small degree due to the occasions where Peter would draw attention to matters of financial probity or fraud that had crossed his path since the Committee had last met.

I soon realised, as did fellow members of the Committee, that although Peter was a thorough audit professional he had a particular interest in the frauds and financial waste that came to light in his work. It was therefore no surprise when he announced that on his retirement he would be writing a book about how to investigate staff and contractor fraud.

I am delighted to be asked to write the foreword to this, Peter’s first book—and one that focuses on his favourite area of business activity.

Right up until his retirement from the MPA in September 2009 I met regularly with Peter in private session to discuss, inevitably, some of his more sensitive investigations as well as progress with the audit programme. Some of these internal inquiries were very high profile and often ended up featured in national newspapers, with the inevitable pressure that the spotlight brought to bear on progress with his investigations.

I am sure that you will find Peter’s professionalism and knowledge of the subject matter will shine through in this book. He has also written it in his own inimitable style—a style that I can confirm he also brought to the Committee table, although sadly the official minutes cannot reflect the wry sense of humour and the enthusiastic presentations when we strayed onto Peter’s two-minute ‘Mastermind’ topic of fraud.

Lord Toby Harris

Preface

I ’ve written this book for anyone who’s either found themselves asked to investigate a fraud or has wanted to get involved with a fraud investigation at work but doesn’t feel they know enough to go about it successfully. Whether you are an internal or external auditor, trainee investigator or line manager who finds they need to conduct a fraud investigation on behalf of your employer, or indeed just an employee or academic with an interest in the subject matter thinking of taking it further, then this book is intended for you.

The story of my own journey from auditor to ‘frauditor’ started in December 1971, when I was appointed as a trainee executive officer in the Department of Health’s National Health Service Audit Branch.1 In those days you started working life in NHS Audit straight into ‘the field’, reporting in my case for a first-day’s duties to the Audit Room at a large psychiatric hospital in Kent. We had no permanent office, desk or telephone, as only the appointed Auditor for each NHS region had such luxuries. We were expected to be provided with temporary accommodation at each hospital group where the audit was taking place. Because of this nomadic lifestyle we were inevitably forced to get out and about in the NHS and see what went on in reality—and as such it was an excellent grounding for any auditor or would-be frauditor. We travelled from hospital group to hospital group conducting their external and operational audits, borrowing working accommodation and office supplies at each unit where we were auditing.

The first week into the new job, as a 19-year-old and still wet-behind-the-ears trainee NHS auditor, I was sent out with a more experienced colleague to observe the routine weekly ‘pocket money’ cash payments to the long-stay psychiatric patients at a large hospital in the southeast. I overheard one of the patients, after collecting his weekly cash, turn to the Charge Nurse and say ‘Here’s your cut, Bill.’ The Charge Nurse turned bright red and said to the patient ‘For Christ’s sake not now, the auditors are here!’ I was shocked, genuinely shocked. My more experienced colleague was not. He looked me up and down calmly, only the tiniest hint of sadness mixed with the cynicism borne of the 20 years more of life’s twists and turns etched into his face. ‘Peter, just think of anything in this world that a human being can do—and they will do it!’2 These were wise words indeed and stayed with me throughout my career.

A few weeks after stumbling across the patient’s money scam, at our next audit I was sent out with one of the other experienced auditors on the team to conduct a surprise visit and cash-up at the hospital offices. He wasn’t so keen to have an inexperienced junior sent out with him and was very clear to me about it on the way to find the hospital cashier’s office. ‘Do as I say, don’t touch anything, don’t question anything I say and keep your ******* mouth shut until we have finished. Is that clear?’ It certainly was and, considerably affronted, for once in my life I did exactly as I was told, even when behind my colleague’s back I noticed the cashier slip a roll of notes into his back pocket before they had been counted. I had been told to keep my ‘******* mouth shut’ so I was absolutely determined that it would stay shut while we were there.

Later, as we were driving away from the hospital in his two-seater sports car, I meekly asked if I could speak now. ‘Of course,’ came the somewhat irritated reply. I put on my most anxious-to-learn expression. ‘Is it normal for the cashier to take a roll of notes out of the safe and put it in their back pocket before we have counted it?’ He very nearly swerved off the road and then sharply pulled the car up to an immediate halt. ‘What?’ he screamed at me, ‘why by all the thundering gods didn’t you say anything back there about it?’ I paused as innocently as I could. ‘But you told me to keep my mouth shut until we had finished.’ After the frisson that followed, I was, thankfully, given back to the cynical and worldly-wise Bernard to learn the ropes from then on!

What my NHS Audit experience did teach me over the years was that there was a lot of fraud going on out there and most of the bosses I worked for either couldn’t see it or our lords and masters were less keen to pursue it than we were. The frauds and scams Bernard and I found being perpetrated on the NHS in the 1970s, long before the NHS Counter-Fraud Service came into being, are still around in modern variants today. It was very much where I cut my teeth, both learning from the experienced and cynical auditor alongside me and also learning by my mistakes, one of the best and most practical ways of becoming a successful frauditor.

After 12 years in NHS Audit I had a five-year spell teaching auditors from all parts of central government before I became Head of Internal Audit at Her Majesty’s Treasury. While I was there I managed to keep up my track record by unearthing a few scandals, including sending an undersecretary who’d been in charge of a government agency to prison for fraud.

My track record and lucky timing (they had just had a major fraud!) got me the job that I did for the last 14 years of my career as the Director of Internal Audit for the Metropolitan Police in London. I had only been there a few weeks when thanks to my usual luck I found myself on the trail of an armed robber who’d slipped under the radar and managed to get his company a works and maintenance contract with the police. Within a year I had so many fraud investigations on the go that my then bosses gave in and let me set up an internal fraud investigation team, headed by a retired detective superintendent who’d done several tours at various ranks in the Fraud Squad. His experience proved invaluable and filled in the blanks in my investigative education.

Eventually the investigative side of my work expanded to a branch headed by an experienced ex-head of internal investigations from HM Customs, nine investigators, a fraud prevention manager and two analysts in support. Over the years we were able to save Scotland Yard and the tax-payer millions of pounds as well as remove fraudulent contractors and staff from the organisation. We were also able to clear innocent people wrongly suspected of wrongdoing (an often forgotten benefit of doing an investigation thoroughly).

In this book I’m trying to pass on to you the accumulated experience of 38 years as an auditor and investigator—a frauditor—covering from the very basics of how you find and deal with cash frauds, through to investigative techniques, dealing with the police, the law, taking civil action, types of fraud that you’re likely to come across and understanding the risks of fraud for your organisation. My style is conversational and wherever possible I’ve tried to give you real cases from my own experience as examples of what can go both right and wrong during fraud investigations and the ways in which you can ensure that you have the best chance of being a successful frauditor.

Do have fun reading this book, that way I can assure you that you will learn much more from it. All the case studies are from real life and there isn’t anything in the book that hasn’t actually happened.

Writing this book over the months that it has inevitably taken has brought back many fond memories for me of past cases and investigations, as well as painful reminders of times when I got it wrong, experiences that I hope will enable you to learn from my mistakes without finding the need to repeat them yourself, whether you are working on your own, as part of a small unit or as part of a larger team when the call comes to investigate a fraud at work.

1 Technically the DHSS but Health and Social Security remained entirely separate, each with their own personnel, finance and audit departments, despite the years they were merged together.

2 Bernard Mensa Boateng, colleague, friend and ‘personal tutor’ during my ‘field’ years in NHS Audit, 1971–1978.

Acknowledgements

First, I have to thank Elaine, my wife, who has had to put up with me at home far more frequently than she was expecting, following my decision to retire early and have a change of career. Since then I’ve written away obsessively, occasionally surfacing from the study to exclaim about some fraud I’ve remembered—or to give a few well-chosen expletives when a computer failure has just prevented me saving the latest version of the chapter I’ve been working on.

I must give a special mention to Spencer Pickett, who convinced me that I could and should write this book and then showed me how to get the project off the ground. Also my special thanks to Barrie Cull, former colleague and friend who has kindly provided the excellent cartoons that you will find in this book. And a thank you to Mike Comer, who to my mind wrote the seminal book on fraud investigation and who was generous enough both to encourage me that I could also write a book about fraud and to let me refer to one of his earlier cases.

I am grateful for advice and assistance from former colleagues and friends: in particular, Ken Gort, Assistant Director (Forensic Audit) at the Metropolitan Police Authority, without whose help I’d never have sorted out the structure and some of the investigative content of this book; ex-Detective Chief Superintendent Phil Flower, whose invaluable knowledge of both the law and the police were of great help; retired Fraud Squad Detective Superintendent Russ Allen, for friendship, encouragement and reality checks in equal quantities; Alan Wright, retired police intelligence officer, for his helpful views on the use of analysts and intelligence; Neville Dyckoff OBE, former Head of Catering at the Metropolitan Police, for letting me take further advantage of his hospitality in using one of his cases from an earlier career; and Catherine Crawford, MPA Chief Executive, for kind comments on my early draft chapters.

I am also grateful for the comments and advice I have had from: Head of the Governance and Counter Fraud Practice Derek Elliot; Alan Bryce and staff in the Counter Fraud Practice of the Audit Commission; Greg Marks and his colleagues at CIPFA; Professor Alan Doig for forbearance and support (I will get back to the PhD one day Alan!); Richard Kusnierz of IDM Ltd—who reviewed the early draft of Chapter 7 and made some helpful suggestions; Alan McDonagh and Caroline Waddicor of Hibis Europe for their support and encouragement; and the Metropolitan Police Authority for permission to reproduce an extract from its 2009 Fraud Risk Analysis.

I am bound to have forgotten someone, but others who deserve thanks for their kindness and support when I first started on the journey that led to this book include: Joe Mensah for sticking by me when it really mattered; Steve Hutton for his cheery enjoyment of my bizarre sense of humour; Paul Randall for his friendship, remarkable intelligence and equally remarkable indifference; Julie Norgrove who cleared up behind me at the MPA and seamlessly took over as I approached retirement; Satya Minhas for a decade of loyalty and friendship; Pam Brar for more loyalty and for longer than anyone deserves; likewise Andy Dimon; Irene Lloyd for quiet yet effective support; Colin and Emma Durnford for their friendship and support; Mike S. Robinson for friendship and cynicism in equal measure; Frank Hailstones for sharing the passion; Linda Duncan for her advice and encouragement; Jim Scully and Gareth Oakland for sharing some of the frustrations in one of my longest and toughest investigations.

Last and not least I must thank Minnie, our 12-year-old tabby cat, who has spent many hours beside me when I’ve been busy on the book, occasionally waving a paw at the keyboard or indicating that she’s concerned about what I’ve just written, but generally sitting patiently by my side and keeping me calm in my more excitable moments.

Part I

Understanding fraud

CHAPTER 1

Fraud overview

Falsehood and fraud shoot up in every soil—the product of all climes

Joseph Addison (1672-1719)

WHAT DO WE MEAN BY FRAUD?

This isn’t as straightforward to define as you might at first imagine. At a glance it is simply a deceitful act perpetrated by one person on another. A sham, a lie. But lies and deceit can occur without fraud, so how best can we define the specific characteristics of fraud?

Fraud as a concept has been understood ever since human society became organised. More than one ancient Greek or Roman author has commented on fraud in state affairs or business. Closer to home the Saxon and Danish kings in England understood fraud but it took William the Conqueror to set out the first English administrative system designed to prevent and detect fraud. He made his barons and sheriffs ‘account’ annually for their business affairs and had his most trusted aides hold ‘audit’ courts to hear what the barons had to say against the previous year’s records. It was these arrangements, designed both to maximise tax revenues and to set out an ordered feudal system, that eventually led to the idea of accountants, auditors, controls and segregation of duties (i.e., the basics of modern business controls in the public and private sectors).

Although there have been legal maxims around fraud enshrined in codifications of English and UK law that developed during the Middle Ages, these references do not define what is meant by fraud. Instead they set out its impact on the legal system in coming to a judgement about a matter affected by the fraudulent behaviour of one or other of the parties in court. For instance, it is a legal maxim that ‘fraud is odious’ and that a fraudster shall not profit by their own fraud in a judgement by the courts. However, until 2006 there was no criminal offence of ‘fraud’ in UK law and, apart from Scotland, no common law offence either. All that changed with the Fraud Act 2006, enacted in UK law from 15 January 2007.1

Many bodies had attempted to give an all-embracing definition of fraud before that, particularly the major accountancy and auditing bodies. Most of these definitions either were incoherent, too detailed and therefore lacking clarity, or too oriented towards the accountancy profession and not user-friendly for would-be investigators. For UK police and those conducting criminal investigations, prior to the Fraud Act they generally placed their reliance on the Theft Act to define whether an offence was likely to have been committed by a fraud reported to them.

Perhaps the snappiest older definition came from a Scotland Yard Fraud Squad detective sergeant at the National Police Detective Training School, who in the 1980s defined fraud simply as a sophisticated sort of thieving to each new generation of would-be detectives. In many ways that description has to have been the most accurate of all until the 2006 Fraud Act came into being.

The 2006 Fraud Act describes and defines three key types of fraud that are the most relevant to organisations, their employees and their contractors.

Having given these new offences some thought, my then Head of Forensic Internal Audit2 and I came up between us with the following new definition of fraud in 2008:

Fraud is an offence resulting from dishonest behaviour that intentionally allows the fraudster or a third party to gain, or cause a loss to another. This can occur through false representation, failure to disclose information or abuse of position.

If in doubt, then fall back on the definition of that old (and wise) detective sergeant. The one aspect that his broader definition covers and that is not covered by most others, including the accountancy and audit bodies, is the modern world where fraud can be a paperless crime.

The sad truth is that most professional bodies—and the professional members of those bodies do not want to be seen to be responsible for detecting fraud—and I include police officers among that number.3 No one minds a straightforward theft, where it is clear what has been stolen and who has lost it, even if you don’t immediately know who took the cash, asset or other item that has been stolen. Fraud is usually much more complex and most people would prefer it to be someone else’s problem.

DRAWING A DISTINCTION BETWEEN FRAUD AND CORRUPTION

Corruption, effectively collusion between two or more individuals in order to commit fraud or other serious crimes, is generally far more difficult to get to grips with than fraud. Except, oddly, inside organisations such as the police—where much research and effort in the last 30 years has gone into the means of detecting corrupt police officers dealing with the public and bringing them to account for their behaviour.

Corruption can take many forms and its defining characteristic is that the colluding parties conspire together to enable the intended event to occur, which might be a fraud, or could be as simple as the enhancement of an individual’s career through corrupt influence. Fraud may or may not involve others and individuals can commit frauds on other parties without the need to involve other fraudsters, but corruption can only take place between two or more individuals.

As a general principle, you should try to avoid having to prove corruption when looking at potentially fraudulent activity. The only exception to this is when two or more conspirators are either caught in the act with irrefutable proof (e.g., reliably recorded on camera and sound—and preferably a suitably upright citizen as a witness as well) or all the parties to the corruption are prepared to confess on paper and when interviewed. It doesn’t usually help the investigator with a case if only one party admits the corruption, although it can be useful intelligence that may help find a fraud further down the line.

For a classic example of the difficulties in pursuing corruption with its roots at the top end of an organisation, the case of Gordon Foxley is worthy of study, even just from the details available through the likes of Wikipedia. Foxley was the Head of Defence Procurement at the Ministry of Defence (MoD) between 1981 and 1984. Prior to that he was Director of Ammunition procurement for a number of years and during that time had developed cosy and corrupt relationships with a number of major suppliers of ordnance to the MoD. The MoD is one of the few organisations in the UK that has its own private police force, including a fraud squad, and it was to them that the responsibility for investigating Foxley’s activities finally fell. They estimated that Foxley had received millions in bribes. The case took many years and cost an inordinate amount to the taxpayer to bring home. Eventually Foxley was convicted in 1996 on £1.3m of bribes and sentenced to four years. He was due to serve a further sentence if he did not hand over assets purchased with bribe money. Foxley never did and the Crown Prosecution Service ‘forgot’ to pursue him about it. After serving two years, mainly in an open prison, Foxley was a free man with most of his ill-gotten gains still in his possession. As a result of one of his corrupt deals the Royal Ordnance Factories were closed with the loss of thousands of employees’ jobs.

The investigation into Foxley was also a classic example of the difficulty in dealing with fraud and corruption cases once they become a criminal investigation, more of which will be covered in later chapters.

There is a great tendency in my line of business to see every fraud as a conspiracy and indeed on occasion frauds can involve a large number of employees or contractors. However, history clearly shows that hard as it is to bring home a fraud case, it is 10 times harder to prove corruption, whether in civil or criminal proceedings. It is far simpler and safer to look for the evidence that you need to prove what each individual has done. Then, as soon as you have sufficient information, you can act. Prevarication, waiting for the ‘Mr Big’ or over-elaborate and complex investigations to get to the root of everything have an inverse proportional relationship between the complexity and length of the investigation and the likelihood of a successful outcome.

Short and sharp works, long and complex doesn’t. For an object lesson in long and complex leading to inevitable and ultimate failure, just take the case of Her Majesty’s Customs and Excise, an organisation prone in its latter years to run overly elaborate investigations to find ‘Mr Big’. The end result of this approach? They deliberately let millions in unpaid duty escape them, never caught the ring-leaders, compromised themselves with their own informants and in the end paid the ultimate price—when the department lost its independence and most of its investigative responsibilities in the merger with Inland Revenue to create HMRC, the hiving off of its ports business to the UK Border Agency and the residue of its investigators to the Serious Organised Crime Agency (SOCA).

I think that I know the difference between fraud and corruption, but how do I know whether I’ve found a fraud?

I’m tempted to give the trite answer here—that only experience ever answers this question—but one of my driving reasons for writing this book is in the hope of helping others learn from my early mistakes and experiences—to equip the reader better to answer this very question and then learn how best to determine what to do next.

For any organisation, discovering fraudulent activity by employees, contractors or outside organisations can come about by a wide range of circumstances. Usually it is readily apparent that something has gone or is going wrong and as a consequence the organisation is losing cash or other assets to fraudulent activity.

So the starting point is the ability to spot whether something is going wrong—and whether that is causing a loss to your organisation. For those who are internal auditors or middle managers reading this book, then you are already well equipped to spot a potential fraud. You will know your organisation and what you expect to happen. The art is to get to the bottom of why the expected hasn’t happened—and learning when to persevere and persist until you can answer that question.

There is a basic truism inherent in every fraud ever committed on any organisation. The fraudster intends one of two outcomes. Either (1) to steal cash or assets from your organisation or (2) divert cash or assets intended for your organisation to themselves or a third party. So, the guiding principle for the investigator is, wherever possible, to follow ‘the money’. Ultimately its trail will lead you to the fraudster.

The fraudster’s motive is always greed, wanting something to which they are not entitled, although they will often intellectualise the reason for committing the fraud and may deny (as some have) to their dying day that they did it for anything other than the noblest of reasons. It is this self-justification and rationalisation—particularly prevalent among managers who commit fraud against their own organisation—that allows an otherwise apparently moral and socially responsible individual to continue their fraud. Don’t be fooled or feel soft-hearted. Fraudsters are greedy, they want something that isn’t theirs and they are prepared to alter records and lie and cheat in order to get it. They are not pink and fluffy—or innocent victims—however convincing their tale of woe may seem when caught.

Understanding your way to finding a fraud

For those of you who have had training as auditors or managers, you will have probably spent some time, whether overtly or by more subtle means, looking at the behavioural aspects of your fellow human beings. Much is made about the need to adopt a more participative approach to tackle some of the negative images associated in the mind’s eyes of employees when an auditor calls. Equally, managers are usually taught to understand their staff and how their own actions and behaviour can be perceived by their employees. The techniques taught in these areas can be used to advantage in trying to track down potential frauds, by enabling you to understand how the behaviour of others is being perceived within their offices and enabling you to recognise mismatches between body language and words used.

Many years ago I spent some time training internal auditors for government bodies. I used to emphasise to them that in any part of an organisation there are always three systems—the prescribed, the alleged and the actual. The ‘prescribed’ is the system laid down in the manuals or set out in practice notes and the like. The ‘alleged’ system is the one that management will be keen to tell you is the way that it is done. It will inevitably usually meet most, if not all, of the expected controls to prevent fraud in a particular business area. But the ‘actual’ system will be the one that managers and employees are applying in practice on the ground. Until you can be sure that you have found the actual system, you won’t know for sure what is happening in that part of the business.

The same applies when looking for signs of potential fraud. You need to be able to find out what has been going on in practice, as opposed to the idealised view that everyone is so keen to impart when asked. It is a natural human trait to look for short cuts or to become blasé about routine tests and controls, particularly if they have developed a working or social relationship with any of the individuals to whom they are supposed to apply the controls.

Almost all frauds have relied at some point on either the manager that turns a blind eye, over-familiarity by checking staff who don’t bother to check thoroughly or a relaxed attitude by work colleagues to supposed controls as they all know each other and they don’t believe that anyone they know that well will do anything wrong at work.

CASH, CASH, CASH

Stop thief!

The simplest frauds are those that involve the straightforward removal of cash (or other portable assets) and its concealment by altering or suppressing the records.

Taking the cash or assets without altering the records is just plain and simple theft. If an auditor or manager (or indeed a colleague) discovers that a member of staff or a contractor has been stealing from the organisation in such a direct way it should be relatively easy for the line manager to institute disciplinary or other formal action immediately. In all decent organisations theft is grounds for swift dismissal as an act of gross misconduct by a member of staff and instant removal from the premises for a contractor. As with any fraud, you need to establish the scale of the loss to the organisation as quickly as possible and then decide how best to recover any lost cash or other assets.

I will return to this point later but the guiding first principle with cash or asset losses is to stop any on-going loss as soon as you can. Don’t worry about getting in the way of a later criminal enquiry. If you have reason to believe that significant cash or assets are being lost in real time then your priority is to stop the haemorrhage as soon as you can, before your organisation runs out of its lifeblood.

The investigative decisions for the organisation on any scale of theft above low-value opportunist theft are little different from those outlined in this book for pursuing fraud and can read across to the same decision-making points described in Chapters 3 and 4.

This section covers some of the commonest cash frauds and ways in which they can be detected.

With cash, the highest risk is the point at which an organisation receives it, the next highest is the place where it is kept before it gets banked and entered into the accounting system.

At first glance, the records of cash receipts at an organisation may look complete. But the trouble with cash and cheque income is that you can only ever know the totality of what you have received and recorded, not what the organisation should have received. Modern analytical techniques can help here (see Chapters 6, 7 and 9) but even they won’t always tell you about something that you’ve never had. The same also applies to cash floats or imprests,4 you can only be sure about that for which the records are complete.

Surprise, surprise!

Never, ever underestimate the value of surprise.

One simple—and often under-used—way of finding out if all the cash is where it should be is the surprise cash check, although it is important to do your research thoroughly before embarking on such a course of action.

I had an early experience that taught me two vital lessons about surprise cash checks. First, do your homework before a visit to any outlying part of the business and, second, keep your wits about you. When you are out there at the organisation’s coal-face, you will come across frauds and fraudsters, whether or not you recognise them.

Real case: Example 1

As a young health service external auditor in the 1970s, I often found myself with a colleague conducting cash checks, starting with the main cashier of a hospital group. On this occasion, we turned up as planned—but unannounced—to do a surprise cash count at the cashier’s office of a large psychiatric hospital in Kent. As usual, we made the cashier open his large, walk-in safe, with books and records as well as cash within it. We started to count the money and then hit our first problem. The cashier’s records showed transactions between his cash account and another account at the same hospital—a second cashier in another building. We hadn’t known about this—although if we had done our homework properly we would have realised that it was not unusual for a large psychiatric hospital to have a ‘patients’ bank’ as well as the main hospital cashier.

As it was, there were only two of us and we couldn’t cash up both safes at the same time, since we needed one to record and the other to count, also to act as witnesses for each other in case we found any money was missing. I took an executive decision to continue the main cash count and leave the other one until we had reconciled the records where we were. Needless to say, the records would not reconcile to the cash. We worked out that the cashier was short of £200—shown on a scrap of paper in the cashier’s handwriting as a ‘loan’ to the other cashier who ran the patients’ bank.

As we couldn’t agree the reconciliation with the first cashier I couldn’t leave him alone while we went to cash up the other safe, but I had no other auditors available to help me. In the end I left my less experienced colleague with the first cashier and went to check the second cashier on my own. When I counted the cash, he too was short of £200—but had a note in his cash drawer saying that he had loaned it to the main cashier (who had also signed the note). I went back to the main cash office, now looking for £400, not £200 as I had first thought. The first cashier had disappeared. I was not a happy bunny and I told my colleague as much. ‘I thought I told you to stay with him until I got back.’ I snapped. ‘I tried,’ he replied, ‘but he insisted he had to go to lunch and just walked past me, I haven’t seen him since.’

We sat down contemplating what to do next. At that moment, to our surprise, the cash office door opened and the cashier appeared from within and beckoned us to come inside. I looked meaningfully at my colleague. ‘Peter, honestly, he didn’t come back past me and this is the only door.’ As we walked in, I noticed that the window to his ground floor office was wide open. The cashier’s invisible return was at least no longer a mystery. The cashier was beaming. ‘Think I’ve solved your problem lads, I forgot about that envelope with £400 I’d put to one side to sort out the patients’ bank.’ He then took us into the walk-in safe and reached for a white envelope clearly sticking out between two books. He opened it and, hey presto, there was £400 in new, shiny £10 notes. Just like magic. Very tight-lipped I thanked him, noted our records and withdrew with my colleague. My less experienced companion seemed happy. ‘Well, that’s a relief then, Peter.’ ‘No it ******* isn’t’ I growled, ‘I searched all those books earlier while you were checking the contents of the cash drawer. There was no envelope there then!’ ‘Ah.’

A lesson learned the hard way. We couldn’t prove anything because we had compromised our own cash-up, first through poor preparation—not realising that there were two safes and two cashiers—and then by allowing the first cashier to leave before we had completed our checks and got him to sign up to the cash deficit. But I knew what had happened and now I knew that the first cashier was dishonest and capable of committing theft. I had a quiet word with the treasurer about it. He caught him trying the same trick a few months later and fired him on the spot.

THE BASIC AND BASIS OF ALL CASH-HANDLING FRAUDS—TEEMING AND LADING

So—I have a question for you before we get into this troublesome area of morality. Is it fraud or theft to borrow money from the petty cash of an organisation overnight, if the individual intends to replace it the next day? Of course you will have answered ‘yes’. But a surprising number of people I’ve met over the years don’t think that it is. And although the answer is indeed yes, it is unlikely that anyone would ever get charged or convicted criminally for a small amount, returned the following day in a one-off instance. But if they’ve done it and got away with it once, why stop there? It is only one short step from ‘just borrowing it—I’ll put it back when I go to the bank tomorrow’ to a full-blown fraud.

Although anyone who is capable of ‘borrowing’ from the official cash of an organisation is, in my view, a future fraudster as well as a current thief, sometimes a bit of over-exuberant claiming or one-off dodgy-looking expenses voucher is just that, over-enthusiasm egged on by a colleague or ignorance about what is right, rather than a premeditated attempt to defraud. The investigator has to learn to tell the difference between the two. For instance, in most of central government, one could claim a meal allowance if more than five miles away from the office for at least five hours and actually and necessarily incurring expense. I have known otherwise upright internal auditors absolutely insist that it is their right to claim the allowance, because they were more than five miles away for more than five hours, even though they were eating lunch in a subsidised work canteen no different from their normal lunchtime arrangements. They had conveniently ‘forgotten’ the actual and necessary part of the right to make that expenses claim. So, another ‘rule of thumb’ principle when looking for fraud: Don’t get obsessed by the one-off incident. Everyone makes mistakes. However, if you see more than one such incident (preferably at least five if you want to guarantee to nail the fraudster) then, as with the fictional Holmes, the game is afoot!

If you know how teeming and lading works—and how to spot it—you can happily skip to the ‘General Principles’ at the end of this chapter. If not, then read on and I’ll explain.

Teeming-and-lading study: Fictional example

Freddie Fraudulent banks cash and cheques received by his company every weekday. On Monday morning he opens the post and finds £1,000 in cash and £3,500 in cheques. Monday lunchtime he banks the previous Friday’s takings, £4,300 in total. On Tuesday morning he opens the post and finds £750 in cash and £3,000 in cheques. Tuesday lunchtime he banks £4,500, the total of Monday’s takings. On Wednesday morning he opens the post and finds £1,500 in cash and £2,600 in cheques. Wednesday lunchtime he banks £3,750, the total of Tuesday’s takings. Thursday morning Freddie opens the post and finds £1,200 in cash and £4,000 in cheques. Then Freddie makes up a bag to go to the bank with £4,100, the total of Wednesday’s takings.

Just before Freddie is about to go to the bank on Thursday the internal auditor, Arthur Sleep, arrives to carry out a surprise cash check. Freddie points out a little crossly that he has just put the previous day’s takings together to go to the bank and hasn’t yet had time to write up today’s takings. Arthur doesn’t want to offend him and agrees just to check the takings prepared for the bank. They do indeed tally up to the total of the previous day’s takings, but Arthur is a little puzzled, as the split of amount received between cash and cheques doesn’t seem to be the same as shown in the post-opening book records for the previous day. Freddie explains that he cashed some personal cheques for staff and that altered the split of money. Arthur reminds him that it is company policy not to do this and makes a note.

Arthur is about to leave it at this when he notices something odd about the cheques making up the total of Wednesday’s takings to be banked. Two of the cheques are definitely not from staff but are also not in the post-opening records for Wednesday either. He checks to see if they were accidentally missed off from Tuesday’s post-opening records but they weren’t and, as they both have Tuesday’s date, it seems unlikely that they were received any earlier than that and left off from the subsequent banking.

Before going any further I suggest that you make a note of what you think has happened here. In particular:

Now read on!

Arthur realises that it cannot be possible to have the right total ready for banking, unless Freddie has put in some of the cheques from Thursday morning to cover cash that should be there and isn’t. He confronts Freddie about this and after looking initially very uncomfortable Freddie then says he may have made a mistake in totalling up Wednesday’s cheques.

Arthur looks him in the eye and asks Freddie again. ‘Are you sure that you want me to write down that you think you may have made a mistake recording these two cheques, before I examine the rest of the bankings this week to confirm your explanation?’ Freddie looks even more uncomfortable and tries to persuade Arthur that there is no need to check back, it was a one-off mistake. Arthur is now getting a little irritated with Freddie. What was meant to be a routine surprise check is turning into a problem that will delay lunch for both of them.

He asks Freddie to explain why the ‘one-off mistake’ means he doesn’t have to go back over the earlier records. Freddie then finally admits that he was ‘a little short last night’ and had temporarily borrowed £500, intending to repay it as soon as he had been to the bank today. If Arthur hadn’t arrived to do a surprise cash-up no one would have been any the wiser. He assures Arthur that he’ll put it right at lunchtime when he gets to the bank, provided Arthur can see his way clear not to make a hasty note now, before Freddie has had a chance to replace the missing money.

(My illustrative answers are at the end of this chapter, see if you can do as well or better by noting down your answers now, before reading on.)

The above example is an illustration of how teeming and lading works in practice. In essence the fraudster is able to ‘borrow’ cash without being obliged to return it (i.e., steal!) provided sufficient money comes in to substitute for the stolen cash from future takings before they have to account for their earlier takings. It is often ‘phase one’ before a more serious and sustained fraud takes place. By its nature, the amount that the fraudster can borrow in a ‘teeming-and-lading’ fraud is limited by the amount that comes in for the subsequent banking before having to bank the previous receipts. It only takes one bad day and the fraudster will have insufficient new receipts to cover the money stolen from the old receipts due to be banked. At that point, unless they are able to borrow from someone else, they will be forced either to confess or to commit a fraud and falsify or suppress the records to cover the theft. It may come as a surprise, but in my experience very few people in this position choose to pick the ‘confession’ option!

Variants can be found on the basic cash teeming-and-lading fraud (which our US cousins prefer to call a ‘lapping’ fraud.) Anyone responsible for the receipt of funds from customers can operate such a fraud if they are never subject to surprise checks or proper segregation of duties and independent reconciliations.

Perhaps the most unlikely teeming-and-lading fraud I have ever come across, was in the crime property store of a large police station in London. When prisoners are arrested, any cash or other goods in their possession, from drugs through to possible stolen property and weapons, are taken from the prisoner. Some may go off for forensic examination but all will be placed in tamper-proof evidence bags or secured in locked cupboards in the crime property store. When any forensic examination is complete the property will generally be returned to the property store to keep until the court case or other disposal (e.g., returned to the original owner or confiscated and destroyed or sold off, depending on the nature of the item).

Only the police officer handling the case should have access to the relevant property bags once in the crime property store, as they may need to confront a suspect or show them to a witness in order to gather evidence for possible prosecution. Also they will often need to produce the evidence at court hearings and any eventual trial. They will often take the bag out in such circumstances, returning it still intact after they have finished with it.

This was 1998 and early in my career at Scotland Yard, when I had just a small section to assist with internal investigations. One of my three investigators got a phone call from the local chief inspector asking for our help with tracking the potential theft of crime property from the store at this large police station. During a check of police officers’ personal lockers, the officer conducting the check had found a crime property bag for a case in a detective’s locker. That should simply never happen and it aroused his suspicions. The detective in question was confronted and asked for an explanation. His reply took the officer by surprise. ‘I wasn’t going to give that bag back to the crime property officer, he’s a thief. I don’t want this case compromised by tainted evidence in court.’ The officer was puzzled. ‘How do you know he’s a thief?’ The detective explained: ‘I was running with a 1996 burglary involving cash and cigarettes, but thanks to a number of delays we took two years to get to court. When I went to get the evidence bag out of property, the property officer couldn’t locate it on the system. Later he came up to me in the canteen and handed over a brand new bag, saying that the original one had got accidentally damaged, which is why he couldn’t find it earlier.’ ‘Well, that might have happened.’ ‘Yes, but when I emptied the contents out ready for court I found a 1997 pound coin in the new bag for my 1996 case! I knew then that he must have stolen and then replaced the cash. I wasn’t going to let him tamper with any more of my evidence.’ ‘Why didn’t you report him immediately?’ ‘What? And lose the chance to get my scroat banged up. Are you mad? By the time you’d have sorted out the paperwork my case would have been well and truly down the toilet!’

We joined forces with the local CID to conduct the investigation into that crime property store and the property officer. We searched his office desk with the police present and found all the evidence we needed there. He had been identifying cases that he thought would never come to court and stealing anything of value in the associated evidence bags. However, just in case, as with the instance that had come to light, he had kept a record of what he had stolen in a desk drawer notebook, cross-referenced to the original evidence bag. He had also kept all the tags identifying the evidence bags that had been tampered with and contents stolen in his desk drawer. This was a new variant on teeming and lading to us. He then had one ‘super’ evidence bag, in which he kept a float of cash and other items that he might have to re-constitute, hence his error in including a 1997 coin in a 1996 evidence bag.

When confronted by the investigating CID officer, with one of my team alongside at the interview, the property officer confessed immediately. My investigator had also noted nearly 200 small cash donations to the Police Widows’ and Orphans’ Fund in the front-desk records, but no sign of the money being paid in to the fund. When asked what had happened to this money, he just looked up and said quietly ‘Yes, I stole all of those as well.’ It was one of the shortest and quickest confessions ever witnessed by my investigator, who had 30 years’ experience as a detective before he had retired and been re-employed by me to conduct audit investigations.

The crime property officer was dismissed following a disciplinary hearing and eventually pleaded guilty in court to the theft of some £16,000 in cash from property and donations, as well as a considerable quantity of stolen cigarettes that had been re-stolen by the property officer.

Teeming-and-lading study: Answers