Sunday, 21 July 2013
Protecting against when the gamekeeper turns poacher
Last September, Lloyds former head of fraud and security pleaded guilty and was sentenced to five years in prison for theft of £2.4m. She had submitted 93 false invoices between 2007 and 2011. Yes, this was the person the bank had charged with protecting them from fraud.
In an echo of Lloyd's, on 18th June, Oxfam's former chief of counter fraud was accused of stealing £62k and a laptop. Let's be clear though, he is accused but the court have yet to make a judgement.
It would have been expected both the anti-fraud gurus would have been carefully vetted and 'above suspicion'. They would also, however, have been in the ideal position to identify the weaknesses in the system and the scope for avoiding detection. Yet, in both cases, it is alleged, they 'broke the system' and no doubt there are plenty of examples of more successful adept anti-fraud gurus who have so far escaped detection. The lesson must therefore be that there is a need for some form of independent testing of the anti-fraud system, but that seems rarely evident. Another lesson must be to put in place the system which also 'polices the police'.
I have long lost count of the number of risk managers, who, when I interviewed them about procurement risk, had not given any meaningful consideration to procurement fraud, therefore they lacked appropriate protections. Yet it has been estimated that procurement fraud cost the UK public sector alone somewhere in the region of £2.3bn – closing that down would make a painless but worthwhile contribution to the UK economic recovery.
In the procurement world, who better to know how to break the system, with minimal chance of detection, than those who understand procurement - systems are required to reduce that risk. But just as important a question is, 'are the processes in place to protect the CPO against mischievous allegations of procurement fraud?'
Sadly, I see a lack of robust anti-procurement fraud systems - have you got one in place? Such a system needs to be proportionate, pragmatic, risk based, comprehensive, tested and regularly reviewed. Without such a system how will you be able to prove 'not guilty'?
First published as a guest blog on Spendmatters, 26 June 2013