Supervision critical in preventing employee fraud

04 March 2009 8:33am

As economic conditions worsen, employers that cut back on supervision and communication face a growing risk of employee fraud, warns workplace relations lawyer Chris Molnar.

"The systems, policies and procedures a business has to prevent fraud will be one area of pressure as workers become concerned over declining income levels and their future job prospects," says Molnar, a partner at McKean Park Lawyers.

First line of defence

Robust accounting systems and processes, including strong internal and external audit processes, are the first line of defence in combating fraud, Molnar says. "The system, including the accounting personnel, should be set up and structured to ensure that transactions, including receipt of payments, are appropriately validated and checked internally by the accounting system and also, as required, by more than one person."

An appropriate authorisation system for payments and transactions - particularly high risk or significant payments - needs to be developed and enforced, he says. Levels of authority, and sign-off policies, should be created and adhered to.

Supporting the accounting systems should be an effective board-level oversight process, to ensure checks on the CEO and senior managers.

Communication and supervision vital

Often, Molnar says, cases of employee fraud occur when the offending worker has been permitted to work on their own without adequate supervision or accountability.

For this reason, effective communication and supervision should be a key part of any fraud prevention system.

"Accountabilities and responsibilities between workers and their supervisors need to be formalised and implemented. Supervisors need to audit their subordinates to ensure they are complying with systems."

Molnar recommends that workers - both employees and contractors - should be effectively inducted into the systems and procedures which prevent fraud, and that the original induction be refreshed from time to time through training, particularly if there are changes to the processes.

Contracts, he says, need to emphasise that workers have a legal obligation to comply with the policies of the business on authorisations, communication, records management, accounting, audit, and email and internet usage.

"The detail of these obligations should not be fixed," he says. "The contract should enable these obligations to be varied by the business as policies and operating procedures are changed to meet new and varied circumstances. Such contracts should also protect the confidential information and intellectual property of the business.

"Clear contractual obligations perform the dual task of communicating to the worker the expectations of the business and, if there is a breach, enabling the enforcement of the expectation."

Record management

Most businesses will need some form of record management system (RMS), Molnar says.

"The existence of an effective RMS will often be critical in being able to prove employee misconduct, possibly as part of an investigation process, which may lead to a lawful termination of employment and may enable the employer to resist third party claims or establish an insurance claim in relation to any loss."

The RMS should outline:

what records (electronic or otherwise) should be created in relation to transactions, meetings and conversations;

where those records should be stored and for how long; and

whether the records can be lawfully destroyed and, if so, when.

"In our electronic age, the question of storage and back-up is critical."

The RMS should also address (in conjunction with the business's email and internet policy, which should have regard to proper usage and issues of privacy):

Which emails, text messages and other documents (along with data that specifies when and by whom such documentation is created), are to be permanently stored and where; and

Whether documents kept on personal equipment (such as personal mobiles, blackberries, home computers and laptops) need to be provided to the employer for storage and whether the documentation can be, or must be, deleted in a lawful way either during the employment or after the employment.

Stress test the system

Molnar urges employers to "stress test" their fraud prevention systems by hypothesising potential fraud scenarios.

"It's all very well to theoretically develop these systems and structures, but you need to think of some working examples of what an employee can do... and work out 'if that happens, what part of our systems will pick that up, and what parts of the systems won't pick it up? Where do we need to improve?'"

If fraud does occur, the systems in place should detect it quickly and take action to preserve the evidence and deal with the worker.

"It will be important that the business has a process of quickly engaging computer forensic experts who can preserve electronic documentation before it is altered or lost by well-meaning - but possibly inadequately qualified - IT departments or co-workers."

If you have some HR news to share or would like to suggest a topic for an article, click here to email the editor.

Comments closed

Employer wins $160k+ damages over reference check failure
Compliance cuts are risky business in volatile times

Latest headlines

Advanced search

search for	from date

	to date

employment market