Risk specialists and auditors often fail to consider collusion in their fraud risk assessments. According to the ACFE, when two or more people are involved in a fraud scheme, the median losses quadrupled those from single perpetrators. In addition, collusive fraud is one of the most difficult types of risks to identify. In this post, I am discussing about collusive schemes and measures to prevent them.
When one employee has permission to make a transaction and other employee has the right to approve the same transaction, fraud may exist if they collude with each other. Some collusive schemes may involve redirecting payments, creating false invoice payments, asset misappropriations or creating non-purchase payments. These schemes can be done “bellow the radar” since insiders usually know well the company controls and loopholes, and they can plan the scheme better.
Besides effective segregation of duties practices, mitigation measures involve disclosure of vendor relationship by directors and employees, monitoring by business intelligence software and reporting unwillingness to share duties.
There are several business intelligence tools to detect and report transactions with collusion risks. Generally, they match the execution of critical transaction codes in SAP or other ERP with email or phone communications between related users in a short time. Some research was recently done to test collusion scenarios and its results were positive to properly identify transactions involving collusion risks. Data mining was also tested to be accurate to detect collusive fraud networks. To be effective, both business intelligence and data mining tools have to link ERP information with other databases (emails, call logs, business directories)
Fraud 2.0 is here to stay.
Get the latest in corporate governance, risk, and compliance on Twitter