Some Australian companies overlook internal security and rogue employees are getting away with millions of dollars, according to KPMG Forensic Australia associate director, Stan Gallo.
Speaking at Attachmate’s A Powerful Connection conference in Sydney, Gallo said more than 70 per cent of company fraud in Australia is committed by staff members.
Not only are companies suffering from funds and intellectual property losses but there are side effects, such as reputational damage and team retention problems.
Gallo shared the example of a not-for-profit organisation in Brisbane where a male staff member with a gambling problem stole $1.2 million and fled to Sri Lanka. KMPG Forensic caught the man and brought him back to Australia where he was charged and sentenced to seven years in jail.
“The problem was that the organisation did not look at the affect this had on staff,” he said. “Two valued employees who worked with this man left within three months. It turns out they were a close-knit group and shared computer user IDs and passwords.” Gallo said the man exploited his co-workers' trust to approve false invoices.
Another trick of fraudsters, who often handle large amounts of cash, is accessing files which contain account numbers.
“Some companies keep their account details in a text file which gets sent to the bank,” he said.
“We have seen people being able to modify that file and change the bank account number to their own before submitting a real invoice later on to pay the supplier,” he said.
Gallo added that 60 per cent of the cases KPMG Forensic investigated did not lead to a recovery of funds. If it was successful in tracking down money, it would only amount, on average, to nine per cent of the funds stolen.
He warned delegates, based on information gathered by KPMG Forensic, that the typical fraudster in Australia is most likely to be an executive male aged between 36 and 45 who has worked at a company for about four years.
“About 70 per cent of the frauds we see are committed internally,” he said.
“Everybody has a rock solid external security policy in place but employees have trust and they [fraudsters] exploit that.”
According to KPMG Forensic, fraudsters do not usually have a history of dishonesty, and earn about $113,000 a year. Greed, rather than an addiction to gambling, is the main motivation for committing fraud.
Gallo said many convicted fraudsters will use the excuse in court that they have a gambling addiction but in reality, they commit fraud to fund a lifestyle beyond their means.
The average amount stolen per fraud for 2010 was $230,000 while the average loss per company was $3 million, some of which included staff resignations.
Gallo said the most common cause of fraud is poor internal security controls, such as the lack of audit checks.
However, human error is also making it easier for rogue employees to find information.
“We come across executives who have corporate credit card information, including pin numbers, stored in their Outlook profile because they can’t remember it,” he said.
“When you’re synchronising email with a laptop or an unsecured phone than it’s a disaster waiting to happen.”
His advice is to use monitoring technology to keep an eye on employees and turn on audit checks and controls in software.
Got a security tip-off? Contact Hamish Barwick at hamish_barwick at idg.com.au
Follow Hamish Barwick on Twitter: @HamishBarwick
Follow Computerworld Australia on Twitter: @ComputerworldAU
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.