A new report commissioned by the Association of Chief Police Officers puts the cost of Fraud in the UK at more than £20 billion. It’s been arrived at by adding up the costs of reported fraud and then adding a rather conservative 50% extra to take account of under-reporting and tax evasion. This might sound like a lot of money but in my experience it’s a substantial understatement of the problem. Because organizations are not only reluctant to report fraud, they are also ignorant of most of the fraud that occurs right under their noses.
Fraud is hard to crack because it’s invisible, hard to detect and difficult to prosecute. Much of it is the result of weak business controls and a lack of expectation that it will happen. Most managers are far too trusting. They expect their staff and colleagues to be honest and incidents to have a visible impact. But that’s not generally the case. There’s an old maxim that states that if you take any four people, one will be an out-and-out crook, one will be honest to the point of stupidity, and the other two will take a risk assessment to see what they can get away with. I’ve never tracked down the source of this adage or validated the statistics, but it would seem sensible to assume that there are significant percentages of staff in each category. (Can anyone shed any light on this?)
And fraud can carry on for long periods without detection. The Oil and Gas Industry were shocked in the late 80s to discover that networks of so-called “illegal information brokerers” had for many years been manipulating major procurement contracts without their knowledge. Because these activities are very hard to identify and even harder to investigate and prosecute. It’s a fair assumption that most industry sectors face similar issues. But they just haven’t come to light or been adequately investigated. Or worse still, they have been recognized but management has decided that they are simply too difficult and expensive to address.
And who are the people who commit fraud? Well, I once put this question to one of the most experienced ex-police computer security investigators and he replied: “David, it’s often bank mangers who rob banks, and company directors who steal from companies”. I also recall a former CSO from a top international company being quoted as saying that there were three categories of insider who committed crime: single woman under 35, ladies over 50 who want to give the money to charity and older men who feel their careers have left them neglected. I have also noted that the typical profile of an “illegal information brokerer” in the Oil Industry is a middle-aged industry professional, perhaps passed over for promotion. So the lesson to be learned is that it could be absolutely anyone. After reading this you might be inclined to view your colleagues with new eyes.