Salami Fraud is Not About Stealing Salami From a Kitchen
As one of the top anti fraud and fraud investigation companies in Mumbai, I write a weekly column on our company blog on anti fraud measures that a business leader must employ to protect their money and assets. Because at the end of the day remember that it is a lot easier and cheaper to prevent fraud than detect and recover the money once it has been siphoned off! Let us shed some light today on a type of fraud known as salami fraud. It is so named because the big fraud is simply a collection of smaller items. The most famous example of this is that of an employee in the US who stole from his company by taking coins home with him by hiding them in his bag. Over 7 years he took $375,000 or an average of $200 per day in quarters, dimes, and nickels!
But in todays times salami fraud is centered around computer applications and programs. In a high volume automated environment, if one can divert a small piece of each transaction, it might not be detected. A classic salami fraud is changing a rounding routine in a financial application program. If the program can be altered to change calculated amounts even a small amount, in a high volume environment, it could equate to big money for an unscrupulous employee. This is common in the banking and financial services industry.
For example, there have been numerous reports about dishonest computer programmers who altered payroll computer programs. In one scheme, the programmer altered the program such that certain amounts, which were required to be rounded to the nearest paise, were all rounded down and the amount left over was put into the programmers personal bank account. In this very high volume environment, the money added up incredibly fast. Since many of the underlying reports tied out, it took a long time to discover this fraud. The lesson learned here is to ensure that you have adequate controls over your IT infrastructure and ensure that you will alerted of any program changes that are made. You must also make sure the programs are adequately tested before they are put back into production.
Many times the central issue allowing salami frauds is improper control of testing programs and how programs are placed back into production after alterations. Make sure that it takes at least two employees to perform such a task and establish an audit trail to help deter or detect this type of fraud.
How Can You Protect Your Company From Employee Fraud
Establish Anonymous Whistle Blowing Measures
So what can you do to protect your business? According to the Association of Certified Fraud Examiners the best anti-fraud controls are as follows-
Employee hotlines & employee support programs 59% reduction
Surprise internal audits 52% reduction
Fraud education 50% reduction
Job rotation/mandatory vacation 47% reduction
Codes of conduct 47% reduction
Most fraud is uncovered by whistle blowers or by accident. The number one method for catching fraud is getting tips from employees. Set up an anonymous reporting system so employees can voice their concerns and suspicions. Be careful with electronic employee fraud reporting systems. If employees do not trust that it is truly anonymous, they will not use it. They may be worried about retribution or
making a mistake regarding their observations or allegations. To be
effective, it should be absolutely guaranteed anonymous!
If you cant prove anonymity to the employees with an electronic system, go low tech. Consider a paper-based or phone system. Your employees must be confident the system is truly anonymous so they are secure and not afraid to report their suspicions. All allegations and suspicions must be investigated and followed up promptly for the system to be effective.
Set a tone at the top that any allegations regarding impropriety will be investigated, have a zero tolerance policy regarding employee fraud, establish an ethics policy, and have appropriate document retention policies so people cant perpetrate fraud and destroy the evidence. Consider annual employee meetings to discuss these policies and consider having all employees acknowledge that they have read the policies and understand the policies are a condition of employment.
Be careful who you hire and do business with!
Employee theft should result in immediate termination and prosecution. Employee background checks are important but you should also consider doing some investigative work on new and existing customers, suppliers, and other business partners. Insist that asset record keeping and asset custody be performed by two or more separate people.
Study your business processes and try to think how the processes might be subverted by a dishonest employee and then try to design a simple control to prevent it. Most employees will be deterred if they think they will be caught. Know that a financial statement audit is not designed to detect fraud. Some firms will perform a fraud audit separately but it is generally very expensive and there are no guarantees. You are generally much better off spending time and money on your internal control system. Its always better to prevent the fraud than to detect it after the money is gone.
Dont be penny-wise and pound foolish. Bring in professionals like us to help you design appropriate controls to help protect your company. Its much easier to prevent fraud than to detect it; most fraud is discovered by accident. Taking sensible actions to protect your company may help you avoid being a statistic being quoted on some blog like ours as a case study in the future! You can call me on my personal number 072084 17557 for a consultation.
Read more about our due diligence services here.
As one of the top anti fraud and fraud investigation companies in Mumbai, I write a weekly column on our company blog on anti fraud measures that a business leader must employ to protect their money and assets. Because at the end of the day remember that it is a lot easier and cheaper to prevent fraud than detect and recover the money once it has been siphoned off! Let us shed some light today on a type of fraud known as salami fraud. It is so named because the big fraud is simply a collection of smaller items. The most famous example of this is that of an employee in the US who stole from his company by taking coins home with him by hiding them in his bag. Over 7 years he took $375,000 or an average of $200 per day in quarters, dimes, and nickels!
But in todays times salami fraud is centered around computer applications and programs. In a high volume automated environment, if one can divert a small piece of each transaction, it might not be detected. A classic salami fraud is changing a rounding routine in a financial application program. If the program can be altered to change calculated amounts even a small amount, in a high volume environment, it could equate to big money for an unscrupulous employee. This is common in the banking and financial services industry.
For example, there have been numerous reports about dishonest computer programmers who altered payroll computer programs. In one scheme, the programmer altered the program such that certain amounts, which were required to be rounded to the nearest paise, were all rounded down and the amount left over was put into the programmers personal bank account. In this very high volume environment, the money added up incredibly fast. Since many of the underlying reports tied out, it took a long time to discover this fraud. The lesson learned here is to ensure that you have adequate controls over your IT infrastructure and ensure that you will alerted of any program changes that are made. You must also make sure the programs are adequately tested before they are put back into production.
Many times the central issue allowing salami frauds is improper control of testing programs and how programs are placed back into production after alterations. Make sure that it takes at least two employees to perform such a task and establish an audit trail to help deter or detect this type of fraud.
How Can You Protect Your Company From Employee Fraud
Establish Anonymous Whistle Blowing Measures
So what can you do to protect your business? According to the Association of Certified Fraud Examiners the best anti-fraud controls are as follows-
Employee hotlines & employee support programs 59% reduction
Surprise internal audits 52% reduction
Fraud education 50% reduction
Job rotation/mandatory vacation 47% reduction
Codes of conduct 47% reduction
Most fraud is uncovered by whistle blowers or by accident. The number one method for catching fraud is getting tips from employees. Set up an anonymous reporting system so employees can voice their concerns and suspicions. Be careful with electronic employee fraud reporting systems. If employees do not trust that it is truly anonymous, they will not use it. They may be worried about retribution or
making a mistake regarding their observations or allegations. To be
effective, it should be absolutely guaranteed anonymous!
If you cant prove anonymity to the employees with an electronic system, go low tech. Consider a paper-based or phone system. Your employees must be confident the system is truly anonymous so they are secure and not afraid to report their suspicions. All allegations and suspicions must be investigated and followed up promptly for the system to be effective.
Set a tone at the top that any allegations regarding impropriety will be investigated, have a zero tolerance policy regarding employee fraud, establish an ethics policy, and have appropriate document retention policies so people cant perpetrate fraud and destroy the evidence. Consider annual employee meetings to discuss these policies and consider having all employees acknowledge that they have read the policies and understand the policies are a condition of employment.
Be careful who you hire and do business with!
Employee theft should result in immediate termination and prosecution. Employee background checks are important but you should also consider doing some investigative work on new and existing customers, suppliers, and other business partners. Insist that asset record keeping and asset custody be performed by two or more separate people.
Study your business processes and try to think how the processes might be subverted by a dishonest employee and then try to design a simple control to prevent it. Most employees will be deterred if they think they will be caught. Know that a financial statement audit is not designed to detect fraud. Some firms will perform a fraud audit separately but it is generally very expensive and there are no guarantees. You are generally much better off spending time and money on your internal control system. Its always better to prevent the fraud than to detect it after the money is gone.
Dont be penny-wise and pound foolish. Bring in professionals like us to help you design appropriate controls to help protect your company. Its much easier to prevent fraud than to detect it; most fraud is discovered by accident. Taking sensible actions to protect your company may help you avoid being a statistic being quoted on some blog like ours as a case study in the future! You can call me on my personal number 072084 17557 for a consultation.
Read more about our due diligence services here.