KPMG’s Fraud Barometer for the period April to September 2015 shows 91 frauds with a value of $128.6 million, and an average value per case of $1.4 million.
Gary Gill, Head of Forensic at KPMG Australia said: “The ‘inside job’ continues to be a key theme of frauds involving business and government organisations, with almost $89 million of the total fraud being perpetrated by management and employees. Management are responsible for the large frauds – this is likely due to them having more access to information and hence greater scope and opportunity.”
While these frauds include hardy perennials such as fake invoices being produced to misappropriate funds, theft of client funds, and corporate credit cards being used to fund personal expenses, a number of these cases also involved elements of cyber-crime.
Gary Gill said: “Although the cyber threat is often seen as an external threat to businesses, cyber-crimes are increasingly being perpetrated by insiders, who already have access to key business systems. Given the significant opportunities offered by digital, online business platforms, and the increasing threat of technology disruption, it seems reasonable to assume that Australian business will continue to embrace technology in pursuing growth. But we can also assume that organised criminals will increasingly focus on these digital channels – so business needs to understand the risks posed by cyber-crime and adapt their approach to manage these evolving risks. We welcome the government’s pledge in its Innovation Statement this week to create a new CyberSecurity Growth Centre, which should help in the fight against cyber-crime.”
Some of the larger and more interesting frauds in Australia include the following:
Three of these six large frauds involve perpetrators who are aged 55 or over, and all six of these frauds were committed by men.
Government agencies and investors together were the victims of more than $57 million of frauds, including three of the large cases referred to above. Frauds against government also include a number of instances of benefit fraud. A number of the investor frauds involved con artists duping their victims into parting with their money and the theft of client funds by advisors.
Victoria and Queensland top the fraud charts at $38.7 million and $36.9 million, respectively. In Queensland, there were more cases by number involving government agencies and investor frauds than any other state.
Gary Gill said: “The findings demonstrate that public and private sector organisations must be constantly vigilant to the threat posed by fraud, particularly the insider threat. Many organisations still do not have sufficient and appropriate controls in place to mitigate risks effectively. Common control deficiencies include those around segregation of duties and the monitoring processes for bank account details to be changed for suppliers.
“Corporate credit card approval is also a key control deficiency, as there have been several instances of cards being used for significant personal expenditure. Organisations need strong controls in place for more traditional high risk areas of fraud such as payroll. This risk is heightened by the growing threat of cyber-crime and organised criminals, who recognise that the digital age offers them new opportunities to perpetrate fraud.”
A number of frauds in the research were uncovered by whistle-blowers, who noticed suspicious behaviour and appropriately raised these concerns so they can be actioned. This is often the way that many fraudsters are caught and held accountable for their actions.
Gary Gill said: “No matter what systems and controls are put in place, the best defence is often an employee noticing something amiss. It is important that they have a safe and confidential mechanism to report suspected fraud. Many organisations are now using such a service.”
Senior Communications Manager, KPMG Australia
Mobile: +61 400 818 891
KPMG has launched a state of the art digital platform that enhances your experience and provides improved access to our content and our people, whatever device you are on.