I have written and presented many articles for member organisations on the incidence of fraud in modern business. What continues to come to light is that the bulk of fraud perpetrated on businesses remains very unsophisticated but plays on traditional system and control weaknesses. Further, some of the new fraud methodologies play on all of our standard deference to government institutions (think the tax office) and those in positions of authority (think the Police and the Federal Government).
We Australians likes to think of ourselves as a light hearted larrikin country with a passion for life, a healthy degree of disrespect for the authorities and a flexible approach to following the rules. However, throughout the pandemic, Australia has shown itself, in terms of the behaviour of the population, to very much aligned with that of Asia versus the USA or the EU. In Asia, where in general the populations agreed to hard lock-downs (with personal freedom of movement and private actions being very much restricted) handled the pandemic response extremely well. In contrast, regions such as the United States and the EU, with a very strong civil sense of personal rights, freedom of movement and entitlements to civil liberty, handled the pandemic response very poorly.
The reason that I raise this comment about Australian behaviour with deference to the government is that it helps explain how Australian businesses are being repeatedly duped by very unsophisticated frauds.
HELLO THIS IS “INSERT NAME” CALLING FROM THE AUSTRALIAN TAXATION OFFICE
Increasingly, businesses and taxpayers in Australia are being targeted by very unsophisticated fraud / scamming measures. Typically, these scams involve a telephone call from someone purportedly from the Australian Taxation Office (ATO) advising:
- that you owe the ATO money;
- that collection is about to commence;
- this will affect your credit rating;
- can you provide a credit card now to facilitate payment?;
- or can you transfer money to a bank account that they will provide you?;
- alternatively, there has been a breach of your tax file number;
- can you confirm your tax file number?
- next step – please send a clear copy of your drivers license and medicare card to an email address.
Unbelievably, some taxpayers have even purchase Amazon or Apple vouchers to make the payments as a result of a phone call from this “ATO officer”.
The ATO will never ask you for personal details or information over the phone like this, nor will they take a credit card over the phone. So why do these clumsy schemes work? Simply put, most people are rattled when they get a call from the ATO telling them they have done something wrong, and in an attempt to mitigate the issue / make good – people often make silly mistakes. If you ever get such a call, sms or email, take down the details and call your accountant urgently.
Most of our clients will experience an incidence of fraud at some stage in the business life. Typically, I’m happy to say, most of these events are relatively minor and quickly identified, however almost every year we see a major fraud event take place in a practice that jeopardises the financial wellbeing of the principal, and in turn the practice itself. In most cases the missing money or stock is unrecoverable. The money is usually unrecoverable because it was stolen to fund lifestyle issues (gambling, drugs etc).
COMMON FRAUD STRATEGIES
Your practice has three key areas of risk:
- Collecting of patient fees and insurance payments.
- Ordering and receiving stock.
- Paying suppliers.
COLLECTING OF PATIENT FEES AND INSURANCE PAYMENTS
- An appointment is paid for in cash, the staff member deletes the patient record in the computer system and takes the cash. The new daily total sheet then reconciles to the daily credit card takings / insurance totals. The banking records align and no fraud is initially detected. This is increasingly more uncommon these days given how few people pay in cash.
- A staff member deletes the patient record in the computer system, they do an under-the-counter deal or provide a significant discount in return for a benefit to the staff member outside of work. This is very difficult to track unless you have audit trail set up and operational in your software.
- If the system will not allow a transaction to be deleted, the staff member backdates a transaction to a date many periods previous, thus the record doesn’t show on the daily takings sheets. Closing prior periods, and an audit trail module, can usually address this.
- A staff member is constantly unable to reconcile the day sheet, blaming credit card / insurance payment delays. This is a common occurrence used to hide skimming.
- A staff member deletes old cases or matters, generates a credit in the system and is able to offset on the day sheet a payment receipt or lack thereof with a credit. The staff member then takes the payment.
- Systems – Ask yourself the following: How have I designed the daily total sheets? Does the day sheet get run off each morning and get cross-checked at the end of the day with daily takings, and then the end-of-day sheet? Are variances explained? If not, why not?
- Credit card / Cash / Cheque can’t be reconciled each day – This is unacceptable. Most practices have in place a method for reconciliation. If you, or staff, can’t do this then training is required.
- Audit trail – Review your software permissions and authorisations. There are a myriad of practice software solutions available in the market place. Many offer an integrated customer relationship management system (CRM), billings and patient booking software. They all offer a varying level of permissions—this means your staff may be able to enter appointments and cases but cannot alter or delete patient records. All software systems have an audit trail function, which you can run off each day or each week and review which transactions have been deleted or altered. You can remove the permissions allowing staff to make these changes, thus partially eliminating a risk. Many practices have this available to them already but are not utilising it. This function needs to be utilised and reviewed, and the staff need to know that it is occurring. If many changes are being made in the system it is quite likely that it isn’t fraud, it may just be that a staff member needs more training on the software.
ORDERING AND RECEIVING STOCK
The fraud strategies around stock and consumables in a practice tend to revolve around ways to obfuscate theft of stock and consumables (check Ebay, Gumtree and Craigslist for supplies). In large organisations the person who receives the stock is different to the person that orders the stock who is different again to the person who counts the stock / does the stocktake.
The key to mitigating shrinkage in stock involves policy and stocktake. Matters to consider include: Who is in charge of the ordering? How often is a stocktake done? What are the limit and order thresholds? Are all items ticked off on receipt? Are the invoices and statements from suppliers cross-checked with receipt dockets? If variances occur, what is the review process?
The most common strategy we are now seeing in this space is either the staff member updating bank account details in the system for suppliers, which then involve the practice making a payment to an alternate bank account (sometimes with a name set up very similar to the suppliers name). Even more insidious are direct emails you may receive purporting to be from a supplier advising an update in their bank account details, increasingly common with digital crime and fraud.
Always ring a supplier and speak to the accounts team or business principal before changing bank accounts in your system. The person reviewing and processing the accounts payable should always (where possible) be a different employee to the staff member ordering and receipting items.
WARNING SIGNS A STAFF MEMBER MAY BE AT RISK OF FRAUD
- They are under significant financial hardship, regularly asking for advances on their wages and requesting financial assistance such as a payout of annual or long service leave.
- They are determined to be indispensable – they never take holidays, are never sick, wont delegate jobs to other staff, work through holidays when the practice is closed, and often want to work outside standard business hours.
- They have an addiction problem such as gambling or drugs.
- They are fiercely territorial and resist others doing anything in the practice at all. They want to control all jobs and functions, are aggressive towards the book-keeper and accountant, won’t allow software advisers to engage with the principal and won’t train other staff.
- They are resistant to change – again, exhibiting highly bellicose behaviour and being fiercely resistant to more transparency, new systems, new procedures and any other changes.
- They exert significant influence in the choice of external advisers.
- They seem to be living a lifestyle far more extravagant than their salary would permit.
WHAT TO DO IF YOU SUSPECT FRAUD
If you suspect fraud in your practice our recommendation is at first instance to do nothing. Continue with business as normal and do not confront the staff member immediately. Get specific advice from your advisers on how to address the situation.
Don’t assume that you are insured against fraud as most professional indemnity policies don’t adequately cover fraud.
When operating a business of any size, the tone at the top usually sets the tone of the behaviour of the staff. Consider how you deport yourself as a principal within the practice. Do you encourage ethical, transparent behaviour? Do you do things by the book or is “rough enough good enough”?
Owning the numbers is particularly important. Practices that operate with regular management accounts, with ratios and margin reviewed on a regular basis, have a significantly reduced risk of fraud. Fraud rapidly identifies itself in the numbers and ratios of a small business: your profit % drops, material and lab costs increase above industry benchmarks and cashflow becomes impaired.
Finally, trust your gut. If you are working hard and not seeing the fruits of your labour, and if you are seeing some warning signs, don’t convince yourself everything is okay.
By Heath Stewart, Director and Chartered Accountant.