News broke earlier this month that the Alberta Motor Association has been the victim of an $8.2 million fraud. The alleged perpetrator? Their own IT vice president. The VP is accused of spending millions of stolen dollars on homes, boats and expensive cars. He is accused of fabricating invoices and electronic transfers to U.S. bank accounts (it’s important to note that these allegations have not yet been proven in court). You can read more about the story here.

When this kind of fraud is uncovered, businesses can’t help but ask themselves: could this happen to us? We collaborated to create this Q & A to help you understand how this kind of fraud goes undetected and how businesses can take steps to avoid it.

How did this happen? Was this an IT issue?

Ultimately, it was a business management issue.  It touched accounting, operations, HR and IT – and I’m sure if we really tried we could show you how it relates to sales, customer service etc. etc.   The one thing we are happy to admit is that technology could have helped mitigate this particular risk. Don’t underestimate the value of good IT practices.

What does it have to do with good IT practices?

Many good accounting systems that include checks and balances depend on software these days. Using software to gain multiple approvals for purchase orders is a standard feature of most accounting packages. The thing is: you need to know how to use it!

In this case, there was a vendor confirmation issue. Nobody ever confirmed the fraudulent vendor was legitimate or required. An easy recommendation may be to add a software catalog that is shared with executives and mapped to each of their vendors would have shown this software wasn’t being used for a business requirement.

How could this have been avoided?

Firstly, there should have been someone to review and verify purchases from all different vendors, especially ones with varying costs.

Second, large companies should verify their vendors by running extensive checks on their credit and background. Many companies do this for clients, but they should absolutely also do it for vendors.

Lastly, if something doesn’t add up, it’s usually wrong and you should trust your gut and look into it.

Oh and since Michelle isn’t writing this article, we’ll add our own HR thoughts on it: If someone is never taking vacation (and he/she is fairly senior) you might want to ask yourself, “Why?”

Did the employer place too much trust in their Vice President of IT?

The short answer is yes. The long answer is that there was an issue with the segregation of duties. This employee had control over  over a bank account used to make e-transfers. This allowed him to make payments to invoices that he approved.  That’s terrible business practice.

This circumstance arose out of trust. Even if you trust someone, it is still imperative to have controls in place as a preventative measure. The truth is, it is difficult to understand the motives for committing fraud. If an opportunity for fraud exists, that makes it easy for someone to act on it.  This is why this crime is often called, “A Crime of Opportunity”.

What can businesses to do protect themselves from fraud?

We can’t always know why someone commits fraud, but sometimes authority figures override processes using intimidation tactics. Team members are usually afraid to speak out for fear of losing their jobs. A whistleblower policy is typically good to mitigate this issue but then again, the AMA had a whistleblowing policy and it still didn’t change anything.

So beyond that, depending on the size of organization, an internal audit function can help detect and deter fraud.

Here are the process improvements we recommend:

  1. Conduct background checks for new vendors. Some companies also have a bidding process where vendors are selected based on a certain set of criteria. The ultimate decision is made by two or more members of management.
  2. The person who approves invoices should not have authority over making payments. Bank accounts should have dual signatures for any disbursements.
  3. Minimize the number of bank accounts to what is necessary for the business to operate. Some companies have far too many accounts, which makes it hard to manage, therefore creating opportunities for fraud.
  4. There should be an approvals matrix that requires approval from certain management personnel or multiple authorizations based on amounts spent.
  5. Really ask why Joe or Jane isn’t taking vacation. What could you potentially uncover if you suddenly asked them to take some time off. Maybe nothing. But maybe something. Besides the fact that taking time off is just good for you in general, you may have another reason to look under the hood as well!

About the Authors:

Shawn Freeman is the founder of IT services company TWT Group. After completing a degree in Computer Science at the University of Calgary and a Masters degree in Management Science, Shawn worked in IT for several big companies before leaping off the corporate ladder in 2011 to start his own shop. He founded TWT Group with the goal of making IT easy instead of infuriating.

Quan Ly a partner at McRally Accountants and Advisors. He is a highly experienced professional accountant with a very diverse background. Quan spent eight years honing his craft at a worldwide “Big Four” accounting firm dealing with everything from small businesses to multinational corporations. Whether it is assisting on a start-up, dealing with foreign expansion or asset acquisitions, or winding up a business, Quan has seen it.

Want to know what you can do to improve your HR capacity?

Let us help you reimagine your HR

Contact Us