Understanding Your Vulnerability To The Fraud Risks by Robert Brooker

Have you undertaken an assessment of your fraud risks and measured the maturity of the governance and prevention surrounding the risk of Fraud Bribery or Corruption within your organisation?

Can you identify the Fraud Risks, have you assessed the impact Fraud, Bribery or Corruption may have in terms of financial loss and the commercial challenges it may bring?

Fraud, Bribery and Corruption are becoming more widespread, causing organisations to suffer financially and a loss in confidence of their brand or the service they provide, resulting in damage to their reputation and the ability to operate in the same manner as before the fraud.

There are two types of fraud affecting organisations, “high financial value but low volume of transactions, or low financial value but high transactional volume”.

 Meaning either a one-off incident where the organisation suffers a large loss, or an ongoing fraud that happens regularly, but generally the loss is much smaller.

 The most common fraud type, is low value but high volume, this is generally because organisations have controls in place to mitigate against the large value fraud. Additionally, why as a fraudster would you steal £1M from one person, when they can steal £1 from a million people and generally it goes unnoticed. 

Two key questions to ask yourselves:

  • How vulnerable is my organisation to fraud? 
  • Can my organisation improve its Fraud Risk Management?

Once you have answered the fundamental questions, you need to take account of different factors that may affect your fraud landscape:

  • The extent to which you understand the fraud, bribery and corruption risks within your organisation;
  • As to whether you have an effective strategy in place which is tailored to address the potential problems;
  • Do you have a counter fraud structure which dovetails the strategy; 
  • Are results recorded, are they effectively measured, identified and delivered.

Obviously, the more concise Fraud Risk Management an organisation has in place, the less it will lose to fraud.

Fraud Risk Management is about investing time, whilst seemingly gaining no financial reward, although its difficult to quantify the value, Fraud Risk Management will prevent, detect, deter the areas of risk and therefore lead to savings of the potential loss and the recovery of the actual loss.

Quantifying the cost of work undertaken is difficult to predict but based upon a basic review of the current arrangements in place to assess the maturity of the organisation, This would include ensuring basic Corporate Governance is in place, that is supported by Senior Leadership and approved at Board Level. Depending on the findings, further work can be divided into specific areas of prevention, detection and deterrence varying as to the requirements according to the risks as opposed to encompassing everything at once, regardless of the need.      

The industry needs to embrace transparency, collaboration and clear communication. This starts with the “tone from the top bods” accepting that clients and sponsors no longer wish to work within this culture, who have thankfully followed suit by insisting that they implement a combination of preventative measures and ongoing detection and monitoring.

Let us look at the basics around fraud, I hear far too many people commenting, very proudly “we don’t have any fraud”, wow sounds impressive doesn’t it, but is it really, how do they know that they have no fraud, have they ever looked for it, via pro – active exercises looking into patterns and trends,.

My favourite is to ask how much education and awareness they do. “Why would we do that, we don’t have ANY fraud, so I don’t want to make people aware it exists, this may scare some and may give others’ ideas”

 If you don’t undertake awareness and education, how do staff know what fraud is, what it looks like, what they should do, if they suspect it is happening.

There are many well publicised articles and thoughts of what Risk Management looks like and what it covers but very rarely is fraudulent behaviour a factor. The nuances of Risk Management are there for all to see, but what about Fraud Risk Management does it differ and why?

We say Love is in the eye of the beholder, well to an extent I consider fraud to be too , not because I’ve worked in the area for many years and although I remain extremely passionate about it,  I feel it’s the same for many organisations and how they deal with fraud, do they see it as a threat, or do they embrace the fact that it happens and therefore have to be prepared.

Very few organisations deal with Fraud Risk Management at all, but let’s consider the foundations as to why, the “Tone from the Top” is a very well used message that is pumped across social media and many articles referring to Fraud, but what does it really mean, can it make a difference.

Tone from the Top determines the culture and behaviour of an organisation, whether from a leadership perspective or results driven or the way in which organisations wish to perform or does it and how does fraud fit into this.

How often do we analyse the what it actually means when referring to fraud, is it just hot air from the top table, an MD or CEO on an ego trip? Its often thought of as ‘only words, nothing will change, it never does, despite what they say’ How many times do we hear this, how many of you can resonate with hearing similar.

This to me is why I love Fraud Risk Management, sad I know, but I believe in it, I believe “tone from the top” can really make a difference to an organisation and drives change especially around the behaviours & improve the culture of the organisation but and only but if there are consequences for falling foul of the behaviours that are implemented.

Far too often, we hear of organisations introducing “zero tolerance” towards Fraud, Bribery and Corruption, what does this mean, and is it possible to introduce into any organisation?

Strictly speaking, this means that action will be taken against those who commit the smallest of misdemeanours, whether that be a £ or a pen/pencil. Reality though it is extremely different, many find it difficult to pursue large systemic cases because of reputational risk, loss of confidence in the service or business continuity.

So behaviours/culture starts here, ensuring that we actually do what we say we will do, not just hollow words telling everyone we have this and that in place but reality is its only words or paper but it’s never actioned!


Let us look at why this is, ‘that’s what’s always happened’ nothing will ever change’ unfortunately becomes the norm and Fraud, bribery and corruption will continue because it is common knowledge that the CEO, MD states we are tackling the issues, we are doing this to help prevent and deter but staff know the truth, the culture and behaviours drive the consequences and complacency breeds contempt.

So how can we help your organisations change and what would that look like and what difference, if any, would that make to staff morale, the bottom line, perceptions. It begins at the top so the MD or CEO only communicates verbally or on the intranet, by email  what the Board and Senior Leadership Team are going to actually do and start to make changes, whilst accepting it’s difficult to have “zero tolerance” and actually take action against all so therefore don’t say it, that’s not an issue, it’s the truth. That’s not to say, you can’t have a punishment for all types of fraud, regardless of the value of the loss, it may be as simple as you have to reimburse the organisation, albeit only a £ or two but it can go into a charity fund, similar to the original swear box, people will soon stop doing it, this will help create the right behaviours and see behavioural changes.

In the bigger incidents, the organisation needs to act, it doesn’t always have to be prosecution, it may be disciplinary, it may be recovery of the loss it can obviously be all 3. Not only do you begin taking action you also need to publicise the fact that you have taken action whatever it may be, when I say publicise, I don’t mean National Press although the red tops will love it I know but internally its paramount that you notify everyone that a fraud has taken place, outline what happened but you don’t have to name the individual, merely put on weekly notifications or the intranet that disciplinary action or recovery of the loss has taken place. Why, that’s not good I hear many say, well it is, it’s the greatest deterrence you can implement, all employees will be aware times have changed and action is now being taken and despite the bravado of many, in truth they don’t want to be disciplined, even sacked or see the loss taken from their next salary payment. The message is heard loud and clear, I need to stop or that may be me, the temptation soon disappears into the ether.

The culture and behaviours of the organisation are now changing because there are consequences for their actions and misdemeanours. So, we are making a difference, but we’ve admitted we have fraud, bribery and corruption in our organisation but we are educating the Senior Leadership Team who in turn are cascading that message throughout the organisation and education and awareness are now a daily occurrence.

This will encourage employees to report suspicions they may have because they now know what fraud looks like and they have the confidence that something will be done so it’s worth reporting it.

By imposing Fraud Risk Management throughout an organisation and taking a proactive approach to tackling the risks you will prevent, detect and deter against the Fraud, Bribery or corruption risks, ensuring less likelihood of it happening and minimising the impact if potential issues do arise, to ensure resources can be focussed in areas where they are needed most.

So, we have come a long way but there is more to be done to purify the industry overall of the fraud, bribery or corruption risks and this can be achieved, “if” and it may seem a big If, as an industry we work together as opposed to silos trying to tackle it alone.

Behaviours, Culture and Consequences are no longer just words, they really can make a difference and it starts at the top.

Robert Brooker

Robert Brooker is Head of Forensics and Fraud within PKFL/GM and formerly Head of Fraud at Transport for London (“TfL”). He is an Accredited Counter Fraud Specialist (“ACFS”), Accredited Financial Investigator and Wicklander – Zulawski Non-Confrontational Interview Technique trained.

Robert has led disciplinary and criminal investigations, concerning Fraud, Bribery and Corruption, security breaches, cybercrime, intellectual property breaches and procurement allegations. He has worked in the private, public and not for profit sector within fraud, bribery and corruption, in addition to Fraud Risk Management, for over 20 years.

Robert is also Chair of the London Fraud Forum, a public/private partnership dedicated to best practice in preventing, detecting and investigating fraud, bribery and corruption.