Importance of Corporate Governance for Fraud Prevention

Importance of Corporate Governance for Fraud Prevention

As the fraud environment becomes increasingly complex, especially with the COVID-19 pandemic, it is now more important than ever that businesses develop robust fraud prevention programs. One method of doing so is ensuring effective corporate governance. 

Corporate governance is the framework of rules, relationships, systems and processes within and by which authority is exercised and controlled in corporations. The key players involved in corporate governance include the board of directors, audit committee, firm management, internal auditors, and fraud risk assessment. 

While it may be impossible to stop all cases of fraud within a business, fraud can be more easily identified, reported, and its outcomes minimised with strong internal systems and a management culture that encourages employees to speak out about their concerns.  

The Role of the Board

The board of directors of a company is an elected group of individuals that represent the company’s shareholders. They have many roles within the company, but overall the board will “oversee” rather than “do”. In contrast, management is the group responsible for the actual running of the business. 

Some responsibilities of the board of directors include:

    • Maintaining oversight of fraud risk assessment
    • Monitoring management fraud and control-related activities
    • Implementing an effective business ethics program
    • Hiring management, setting their compensation and evaluating their performance
    • Setting the appropriate tone at the top

In Australia, directors are subject to 2 different sources of law. The Corporations Act 2001 (Cth) is the primary piece of legislation that governs the board of directors. Some of the key duties this Act imposes are:

    • Act with care and diligence: There is an obligation to ensure a basic understanding of the company’s activities, size, distribution of functions and financial position.
    • Act in good faith in the interests of the company and for a proper purpose.
    • Not use their position to gain advantage for themself or another or to cause detriment to the company.
    • Not use information to gain advantage for themselves or another to cause detriment to the company

    Failure to comply with these regulations will result in significant financial penalties for the director involved.

    Besides the duties under legislation, the board of directors must also act as fiduciaries under general law. A fiduciary is a person that acts on behalf of another person or persons, putting their clients’ interests before their own. Their duties are similar to those under the Corporations Act, and include duties to:

      • Act in good faith and in the best interests of the company
      • Exercise their powers for a proper purpose
      • Not fetter their future discretion – i.e. not bind themselves to a particular future decision
      • Avoid conflicts of interest and duty

    Remedies exist in the event of a fiduciary breach, such as injunctions, claims for damages or compensation, and recissions of any contracts improperly entered into by the director. 

    The board of directors owe a duty towards the shareholders of their company, with serious penalties in place if they breach this duty. Not only does this prevent the board from engaging in fraudulent activities themselves, it also encourages them to look out for and prevent instances of fraud within their company.


    What Can the Board Do About Fraud?

    Whistleblower Hotline

    The board should engage in corporate governance via an effective whistleblower hotline in place so that employees can easily report any suspicious activity they see. This will lead to more positive outcomes for the company, since companies will be better off relying on their employees for internal information rather than facing the uncertainty associated with inquiries from government agencies like ASIC. 

    Some of the most important features for a whistleblower hotline include:

      • Have a variety of communication channels
      • Implement different metrics
      • Complaints should have a means of follow up by investigators 
      • Employees should remain anonymous unless otherwise stated
      • Its existence should be made known to all employees, vendors, and other stakeholders

    Aside from the fact that whistleblower hotlines will effectively collect valuable information from employees, it will also deter potential perpetrators from engaging in fraud, and promote a culture of compliance.

    Ethical Culture 

    Without a strong ethical culture within an organisation, fraud is almost an inevitability. The guiding principles of a company are what all employees will be led by.

    If employees see that the company has taken a strong stance against all forms of fraud, they will be less likely to engage in this kind of behaviour. A company’s core principles will be set by the board of directors and be a strong indicator of the company’s strategic direction. 

    The board should therefore implement a code of ethics or conduct as a form of corporate governance. This will deter any wrongdoing and promote honest and ethical conduct by their employees.

    Additionally, such a code will clearly outline the activities that the company deems as appropriate and inappropriate, and the consequences for violation. 

    Directors, trustees, and staff should all be familiar with the code, and regularly be educated as to the importance of compliance. Written acknowledgement of adherence to the code should also be obtained on an annual basis. 

    Risk Management

    As mentioned above, one of the roles of the board is to oversee the management of risk, which includes the risk of fraud. Fraudsters are constantly looking for new ways to exploit companies, so the board must be agile in their fraud risk management. 

    Corporate governance can take place through the implementation of a board committee, such as the audit committee, to focus on the oversight of risk management. This is particularly useful if the committee currently lacks capacity or does not consist of the optimal board members for risk oversight. The board will also have the opportunity to periodically review the committee’s effectiveness of fraud risk management processes and controls. 

    Next, the board can conduct a comprehensive fraud assessment. This involves creating an exhaustive list of potential risks that the company is exposed to. There are a number of methods of identifying such risks, which include:

      • Employee fraud awareness surveys
      • Hiring a cyber security firm to detect hacking vulnerabilities
      • Monitoring social media
      • Conducting exit interviews

    The board should also include any measures that are currently in place to manage each risk, such as metrics, reports, insurance and contingencies. 

    Once the risk areas have been recognised, they should each be reviewed to determine whether they involve a vulnerability to fraud. These may include the movement or retention of funds, company records or confidential information, or system interfaces with vendors and customers. Providing a risk rating for each area will be an effective way to periodically assess the strength of anti-fraud control measures. 

    Polonious’ risk management software may be the perfect solution for you. Not only is it ISO compliant, this software is easy to navigate, reduces administration time, and can easily export reports. You can find out more here


    What should the board do if a fraud has occurred? For lower level fraud in a large company, it may be sufficient to let it be handled by a manager or human resources.

    However, for a significant fraud or a small company, the board must investigate how the fraud occurred and if/how it might have been prevented, or at least oversee and review a report on the investigation. Key considerations when conducting an investigation include:

      • Categorising issues
      • Confirming the validity of the allegation
      • Defining the severity of the allegation
      • Escalating the issue or investigation when appropriate
      • Conducting the investigation and fact-finding
      • Resolving or closing the investigation
      • Managing and retaining documents and information

    Finally, the board should consider using outside resources, since internal resources may already be compromised. 

    Polonious’ investigation case management software can do all this work for you. The system is incredibly flexible and adaptable to your needs. It allows you to access everything you need in one convenient place, and can be easily implemented into your current IT resources. More information can be found here.


    Governance Systems

    Governance systems are an important preventative measure of corporate governance because they ensure oversight and minimise the ways fraud can occur.

    For example, effective policies and procedures around procurement and tender processes help to ensure that choice of suppliers are not influenced by bribery or corruption. These policies may include:

      • Introducing additional approval processes for orders over a certain amount
      • Assigning someone to identify and regulate vulnerabilities in your processes
      • Conducting background checks on potential employees including reviewing expenditure habits

    Additionally, while they may be implemented by the board, effective governance systems operate independently and can help to prevent fraud at the board level. These systems will provide the overall framework that the organisation is expected to operate within, so the board must appoint the right managers to oversee them.

    Additionally, independent, third party auditing, as part of the governance system, also helps to prevent fraud that may occur within the board itself.


    Corporate governance plays an invaluable role in identifying and putting a stop to all kinds of fraud within their organisation. Some activities that the board of directors should engage in include implementing a whistleblower program, developing a code of ethics, engaging in risk management, and investing in governance systems. By doing so, the board will send a clear message to potential perpetrators of fraud that they will not tolerate this sort of behavior in their company.

    Corporate Governance

    The board of directors are required to act in good faith.

    Corporate Governance

    The board must investigate how fraud has occurred and if/how it might have been prevented.

    Book a Demo Now

    Learn more about how Polonious can help you investigate and respond to fraud.

    6 Alarming Fraud Schemes to Look out for During the Pandemic

    6 Alarming Fraud Schemes to Look out for During the Pandemic

    The COVID-19 pandemic has forever changed the way that we live our lives. Social distancing, mask wearing, and hand sanitising have all become common activities these days. However, a more sinister by-product of the pandemic is the overall increase in the level of fraud as people spend more and more time online. Fraudsters have been able to exploit the loss of jobs, financial vulnerability and shortage of supplies experienced by most businesses.

    According to PWC, 35% of Australian entities have experienced fraud in the previous 24 months from 2020, a figure that is expected to rise over the next two years. 

    While the pandemic has triggered this growth in the rate of fraud, the overall response to the fraud has been limited. With physical restrictions placed on staff, difficulties in conducting remote interviews, and a lack of access to evidence, investigation efforts have hit many roadblocks in the current environment. 

    This blog will explore the latest trends in fraud and how your business can effectively investigate and prevent these frauds from occurring. 

    Payment Fraud

    Consumers are now doing more of their shopping online rather than in person as a result of the lengthy lockdowns. This has led to a boom in the e-commerce industry, with total online sales in Australia increasing 67.1% from March to October 2020. 

    Fraudsters hope to slip by unnoticed within this flood of consumers, using stolen or fraudulent information and digital wallets to make bogus transactions that businesses will be left paying for. In 2020, 68% of anti-fraud professionals noticed an increase in payment fraud.

    Not only does this inundation of online transactions create the perfect veil for payment fraudsters, it also introduces inexperienced consumers and businesses to the market. These newer parties are less aware of and thus more susceptible to these types of frauds. 

    To protect against payment fraud, businesses should:

    • Pay close attention to the size of the transactions, since the average fraudulent transaction is three times greater than normal transactions.
    • Use a fraud protection platform like Address Verification Services to confirm that the cardholder’s billing address matches the respective card issuer.
    • Be wary of orders using payment types other than credit cards and contact the buyer for information if something looks suspicious. 

    Identity Theft

    In response to the decline in economic activity, governments around the world have issued grants aimed at supporting small businesses. In NSW, sole businesses, sole traders and not-for-profit companies whose revenue fell by 30% or more during the lockdown qualified for a $1,500 fortnightly payment

    However, due to the large number of applicants and minimal due diligence involved with these applicants, fraudsters are able to exploit this system and receive payments they are not entitled to. One method they use to do so involves stealing the identity of a legitimate business. These businesses are often operating with reduced or overworked staff, with limited resources to keep these fraudsters at bay and are thus easy targets. 

    Another scheme fraudsters will engage in is using publicly available information about these businesses and posing as a lender. Fraudsters will request further information about a business’s claim application, scamming them out of sensitive information. You may get emails, SMS texts, instant messages and social media posts:

    • With links claiming to have important updates about the latest COVID-19 safety measures, or claiming to have information on the location of possible cases in your area.
    • Pretending that you or your employees have been in a COVID affected area and asking for personal information.
    • Offering to help you access a government “benefit” or “subsidy”
    • Claiming to assess you or your employees’ eligibility for the vaccine, or placing you on a fake waitlist. 

    To avoid being scammed by these fraudsters, consider undertaking the following actions:

    • Only search for financial assistance via the official government website available here.
    • Do not click any links or open any attachments if you are unsure of an email, call or SMS, and contact the organisation using contact details that you have found yourself (e.g., through a Google search)
    • Ignore emails that claim to be about online government or business services which include links to sign in pages, or ask for your personal information, account details, PIN or passwords.

    Cyber Fraud

    More businesses are now encouraging their employees to work from home, even when there are no lockdowns in place. Studies have shown that 67% of workers are either partially or wholly working from home, compared to 42% pre-COVID. The pivot towards online work has also brought with it relaxed information security protocols and workers who are unfamiliar with new technologies, which leaves businesses more vulnerable to attacks from fraudsters. 

    Phishing and malicious software are the most common instances of cyber fraud. Phishing involves sending fraudulent communications that appear to come from a reputable source, with the goal to steal sensitive information like credit card and login details. Fraudsters will also encrypt the victims’ data and will offer the victim a passcode to retrieve it in return for cryptocurrency payments. 

    There are many ways that you can protect yourself against cyber fraud, which include:

      • Training employees to spot and avoid cyber attacks, reminding them that only “one wrong click” can give fraudsters access
      • Ensure strong passwords are being used
      • Check that any software you use is up-to-date with the latest versions of fixes
      • Turn on multi-factor authentication as an additional level of security
      • Identify key personnel who are critical to the effective running of your business, and have a plan of action when they are not available.
      • Formulate an incident response so that your response to an event is swift 

        Fake Charities

        Another common example of fraud in this pandemic-era involves scammers impersonating a charity that is collecting money for people affected by COVID-19. They will either pretend to be a well-known charity or create one with a name similar to a real charity, and even set up a fake website to lure unsuspecting victims in.

        Falling for this scam can be avoided with the following actions:

        • Check the supposed charity’s credentials by using this website, since all genuine charities must be registered.
        • Be wary of communications that use highly emotive language or stress urgency. Fraudsters will use high-pressure tactics to manipulate people into performing actions. 
        • Ignore emails that ask you to send funds to a foreign bank, as these are highly unlikely to be legitimate.

        Business Email Compromise

        A fraudster may pose as a supplier or employee to request payment or change their bank details. They will do so by compromising an existing employee email or using your company’s logo and brand. For example, the fraudster will pretend to be a supplier and ask that you send your usual payments to a different account and use COVID-19 as an excuse.

        To avoid this situation, make sure each employee has a secure password, and know your supplier’s contact details so that any other communications can easily be flagged as suspicious. 

        Supply Scams

        This type of fraud involves fraudsters using fake websites and social media to sell you COVID-related products you will never receive, like hand sanitiser, gloves, or surgical masks. They may also ask you to pay for the vaccine or get early access for you or your employees. 

        Again, training your employees to look out for and avoid these scams is vital. You should also be aware that COVID-19 vaccines are voluntary, free, and available to all people in Australia.

        Protecting Your Customers

        Your customers are also vulnerable to the attacks of fraudsters who will pose as your business and steal revenue from you. To reduce the risk of this occurring, you can:

        • Advise your customers that you will never contact them to ask for their customer login or payment details.
        • Monitor who is mentioning your business name online through services like Google Alerts.
        • Create strong passwords for your business accounts and update passwords with staffing changes.


        Due to the major disruptions caused by the pandemic, businesses must be on high alert to the new frauds that scammers have devised in this new environment. Not only will these frauds have a large impact on your business’ revenue, it will also hurt your reputation, customer trust and employee morale. Overall, businesses need to be more wary of the communications they receive from unknown sources, and implement strategies that will improve the overall security of the business. 



        Whistleblower hotlines are a key asset in preventing internal fraud

        Fraudsters will use stolen information and digital wallets to make bogus transactions.

        Making your hotline confidential will ensure employees feel comfortable using it.

        Ensure your employees are using strong passwords to avoid cyber fraud.

        Book a Demo Now

        Learn more about how Polonious can help you investigate and respond to fraud.

        Virtual Fraud in Financial Services Forum

        Virtual Fraud in Financial Services Forum

        On 9 December 2021, Polonious will be attending and speaking at the Virtual Fraud in Financial Services Forum run by Transform Finance. This event connects the entire financial services industry across the Asia Pacific region in an exclusive online environment. 

        At this event, you will get to hear about the ever-changing global fraud landscape from industry experts. The latest topics currently transforming the fraud industry will be covered, such as:

        • Cybercrime Challenges
        • Global Perspectives and Regulatory Insights
        • Disruptive and Emerging Technologies
        • Application and First Party Fraud, Synthetic Identity and Transaction Fraud

        You will also have the opportunity to network with more than 200 C-suite, VP and Director level executives across a range of fraud prevention, detection, and investigation roles. These include roles in Financial Crime, Risk, Compliance, Legal, AI, and Data Analytics. 

        The organisations in attendance are also diverse in nature, covering financial services industries such as Banking, Fintech, Insurance, Securities, and of course Polonious will be representing the Case Management industry. 

        Polonious will be manning a virtual booth at this event, speaking on why you need an investigation management system, and where it sits in your anti-fraud program. This booth will be run by Polonious’ Senior Systems Configurer and ISO Systems Manager, Nicholas Fisher. Nicholas has worked with clients across banking, insurance, investigation firms, education and child protection. He knows exactly what key pain points companies experience in their fraud prevention and detection, and how Polonious can step in and help. 

        Nicholas will be able to give you a crash course on why you need an investigation management system. He will cover what investigation management systems are, how they can be implemented, and their benefits to you. You will no doubt leave this event with a better understanding of why investigation management systems are more attractive than other alternatives.

        If you work for a bank, fintech, payments, insurance company or the wider financial services, this event is perfect for you! Learn from live case studies, Q&As, and panel discussions at the most important event for digital innovation and fraud prevention this year. 

        You can find out more about the event, including the agenda, speakers, and more general information here

        We look forward to seeing you there!

        Fraud in Financial Services virtual event - 9th December 2021

        Thinking about attending?

        You can claim a free VIP pass to the event using this link

        5 Tips for Setting Up an Effective Whistleblower Hotline

        5 Tips for Setting Up an Effective Whistleblower Hotline

        Whistleblowers are often depicted as controversial figures (as evidenced by the media’s portrayal of Edward Snowden) and some even go as far as to call them traitors. In the workplace however, these groups of individuals should be hailed as heroes, as they are key in preventing internal fraud from occurring and are a huge asset to their company. 

        In fact, 49% of serious misconduct is reported by a colleague

        Therefore, companies should endeavour to create a safe and effective means for whistleblowers to call out this serious misconduct. This blog will outline (number) tips for setting up a whistleblower hotline that employees will feel comfortable using, and that management can easily create investigation reports with. 

        1) Consider Whether An Internal or External Whistleblower Hotline is Appropriate

        The first decision any company needs to make regarding their whistleblower hotline is whether it should be run internally or externally. Should it be operated within the company or subcontracted to an external source? Both options have its benefits and downsides, which management must consider before they can start investigating internal fraud reports.

        An internal hotline is often run by the company’s HR or internal audit department. The advantages of this strategy are that it eliminates the need for a middle man, so the company can speak directly with the whistleblower and get all the details directly from the source. It also prevents information leaks that could damage the company’s reputation, since all reports are kept within the company. However, conducting the hotline in-house will involve many considerations, such as budget, resources, implementation, training and policies among others. 

        On the other hand, an external hotline is developed, implemented and operated by a third party, and avoids many of these considerations. They often offer a 24/7 multilingual service, with quick response times and employees may feel safer knowing they are talking to an independent third party. The downside is that there is some risk some of this information may be leaked to the public since it is not under the direct control of the company. 

        2) Have Different Communication Channels

        If your company does decide to set up an internal whistleblower hotline, you must then consider how your whistleblowers will communicate to management. Although the term “hotline” implies that employees can only report internal fraud via the phone, whistleblower hotlines can contain a variety of communication channels that will help management become aware of potential concerns. 

        In today’s world, there are so many different ways to connect with others, without even speaking to them. Social media has completely changed the way we interact with one another. For the more tech-savvy younger generations, it is rare for them to pick up the phone and talk to someone, unless it is a close friend or family member. In the context of whistleblowing, it is important that companies create a reporting channel that employees are comfortable with using.

        Younger employees may feel anxious about making a phone call to report internal fraud. There are many factors that can induce fear and prevent employees from picking up the phone, which can include:

        • Fear of revealing their identity
        • The serious nature of the phone call
        • A hesitation to pick up the phone
        • They are speaking to someone they don’t know

        Furthermore, the quality of the investigation report will be highly dependent on the training and skill of the person on the other side of the line. Hence, it is vital that companies implement different communication channels besides a phone-based hotline. 

        Companies should include an online platform with a web-based form as part of their whistleblower hotline, which employees can fill in and report any internal fraud that they see. Not only will this allow for easy categorisation of complaints, it will also give the employee the piece of mind that they can express themselves without being put on the spot. 

        As alluded to above, there is also no third party who may get the details of the report incorrect, so the company can work directly with the whistleblower. Additionally, an online platform can include an anonymous chat function that the case manager can use to build trust with the employee and ask further questions if necessary. 

        For employees who do not wish to remain anonymous, another whistleblower communication channel that companies should include is in-person reporting. Often the chance to speak directly to another person about the matter will help the whistleblower come forward with their information. The main benefit for the company is that they can easily follow up with the employee throughout their investigation for more information or to update them on the status of their investigation. 


        3) Implement a Case Management System

        One critical component of any whistleblower hotline is a case management system to complement it. Once a report has been made, a company must swiftly investigate the issue, determine the appropriate course of action, then implement it within the company. This is where Polonious can help. 

        Polonious’ ISO27001 certified security ensures your evidence and case files are stored securely. Our detailed security configuration will also ensure that you can keep whistleblowers fully anonymous, or known only to an external or internal whistleblower team, depending on the level of anonymity requested. We can then help generate an investigation report for you at the click of a button.

        Polonious’ configurable workflows ensure a fair, consistent, and compliant process for all internal investigations.

        4) Know What Metrics You Are Using

        Your company should now have an efficient system of collecting whistleblower reports and investigating them in a timely manner. The next step is the measurement of certain metrics, which allows companies to gain insights into their hotline and make informed decisions to optimise the process over time. Some of the most essential metrics are discussed below.

        Cases Over Time

        A fundamental metric that any whistleblower hotline should include is cases over time. Although it is a common belief that the less cases of whistleblowing the better, managers should actually be concerned if they receive no reports. It is unrealistic to believe that absolutely no internal fraud is occurring within a company, and whistleblowers are central to uncovering this internal fraud. 

        More cases being reported may indicate that the program is working and employees feel comfortable using the communication channel. If there is a downward trend in cases, this may point to employees not embracing a culture of compliance. 

        Displaying cases reported over time in a graph will also allow the case manager to easily discern if there is seasonality in cases, or if certain events trigger employees to report cases. 

        Cases by Department

        Another key measurement is where in the business the cases are being reported from. If a specific department is reporting more cases than others, this may be a signal that there is poor training or a culture of corruption within the department. Management can therefore be agile and make adjustments to the department. 

        Cases by Channel

        By measuring where cases are sourced, a company will have a better understanding of which channels employees prefer when reporting internal fraud. This metric can be combined with the above two metrics to discover if employees prefer a channel at a certain time, or if one department prefers a certain channel over another. It will reveal insights into which channels are easiest for employees to engage with. 

        Anonymous Ratio

        A useful metric to keep in mind is the number of anonymous reports compared to non-anonymous reports. If the majority of reports come from anonymous sources, this may suggest that employees are afraid of speaking out and facing retaliation. Although not a direct correlation, this ratio can point to the culture of compliance within the organisation. 


        5) Ensure Clear Messaging from Management

        Once the whistleblower hotline has been successfully implemented within the company, management must then let their employees know about it. The messaging from management should clearly emphasize the importance of speaking up and promote a culture of compliance.

        This will motivate employees to use the hotline whenever they see something out of line. The more they use the hotline, the more cases of internal fraud that management can investigate, and the better it is for the company. 


        Employees are on the ground floor of an organisation, seeing and hearing things that management can easily miss. It is therefore crucial for management to establish an effective means of listening to their concerns if they spot instances of internal fraud. Key points of consideration include whether a company’s whistleblower hotline should be internal or external, what communication channels it will use, the implementation of a case management system, what metrics it should measure, and what messaging should come from management. With these in mind, companies should be able to create a successful whistleblower hotline.

        Whistleblower hotlines are a key asset in preventing internal fraud

        Whistleblower hotlines are a key asset in preventing internal fraud.

        Making your hotline confidential will ensure employees feel comfortable using it.

        Making your hotline confidential will ensure employees feel comfortable using it.

        Book a Demo Now

        Learn more about how Polonious can help you implement an effective and confidential whistleblower hotline.

        Common Phrases That Are Red Flags for Internal Fraud

        Common Phrases That Are Red Flags for Internal Fraud

        Prevention is very often the best way of dealing with internal fraud. Being able to nip the problem in the bud will produce much better outcomes for a company than finding out that fraud is already occurring when it is already too late. With that being said, all companies should be aware of the warning signs that may flag when an employee is planning to, or is currently engaging in internal fraud.

        Software developed by the FBI and Ernst & Young has discovered the most common phrases that are used in email conversations among perpetrators of internal fraud. Through this technology, more than 3,000 words and phrases were identified. The software can also detect unusual changes in tone that can suggest an underlying problem. 

        List of Phrases

        The phrases identified by the Ernst & Young software are a good indication that fraud may be occurring within a company, especially if they come up on a regular basis. The top 15 phrases are listed below:

        1. Cover up
        2. Write off
        3. Illegal
        4. Failed investment
        5. Nobody will find out
        6. Grey area
        7. They owe it to me
        8. Do not volunteer information
        9. Not ethical
        10. Off the books
        11. Backdate
        12. No inspection
        13. Pull earnings forward
        14. Special fees
        15. Friendly payments

        Some phrases describe the fraud itself, including “Cover up,” “Write off,” “Illegal,” and “Grey area.” Other phrases suggest that employees want to defend their actions, such as “Nobody will find out,” and “They owe it to me.” Phrases like “special fees” and “friendly payments” are used in cases of bribery. Further phrases indicate that the employee is acting with a co-offender, describing how the fraud will take place in phrases like “Do not volunteer information,” “Off the books,” and “Pull earnings forward.” 

        The software also searches for outside events such as “call my mobile” and “come by my office,” which suggests that the employee does not want to be overheard. 

        Employees who do not wish to partake in these fraudulent activities with a fellow employee often use words like “no inspection,” “do not volunteer information,” “want no part of this” and “don’t leave a trail.

        It may seem improbable at first instance for employees to directly mail other employees about their fraudulent actions. However, it is more than likely that they are colluding with someone else or are searching for acceptance from others about their activities.

        According to the developers, this targeted means of analysing suspicious email conversation will save companies millions, as it is able to warn companies before major frauds have occurred. The software also highlights the success of analysing words as a method of investigating fraud, which is typically only conducted by looking at a company’s numbers. 

        The Fraud Triangle

        A commonly used framework in auditing, the fraud triangle explains why an individual may decide to commit a fraud. It comprises the three components: Opportunity, Rationalisation, and Pressure. Many of the phrases that were identified by the software could be classified under one of these components.


        Fraud is more likely to transpire when there is an opportunity to commit it in a concealed way. This can manifest in a few different ways, for example, having limited approval processes, weak internal controls, or poor communication from leadership. 

        The Ernst & Young software identified a number of phrases relating to this section of the Triangle, such as:

        • Nobody will find out
        • No auditor will review it
        • Nobody asks anything
        • The policy does not say anything about it
        • Bosses don’t ask


        This component refers to the individual’s justification for committing the fraud, to the point where they feel that their actions are acceptable. They may feel that management is treating them unfairly and fraud is a way of getting payback. They may see upper management committing fraud and follow in their footsteps. They may feel that they have no other choice, for example losing their job, and fraud is the only option. Whatever their reasoning, dramatic changes in company culture are required to tackle this issue.

        The common phrases associated with this element of the Triangle include:

        • They owe me
        • Everybody does it
        • I’m not hurting anyone
        • They don’t pay me enough
        • Nobody has to know


        The final segment of the Triangle refers to an employee’s mindset towards committing fraud. Employees may be under pressure to meet targets that are tied to their remuneration, which may cause them to commit fraud to meet these objectives. There may also be pressure from investors and key stakeholders to increase the company’s share price, which can further impel them to commit fraud. 

        The phrases discovered by the software relating to pressure include:

        • My bonus depends on this
        • Bosses are pushing me to do this
        • I should reach the numbers
        • The goal is very high


        What was said about the Software

        In a press release for the software, Rashmi Joshi, director of Ernst & Young’s Fraud Investigation & Dispute Services, noted that “Despite being the prime means of all conversations, unstructured email data plays almost no role in the compliance efforts of firms.

        “Most often such email traffic is only seized upon by regulators or fraud investigators when the damage has been done.” 

        Clearly, email plays an important role in fraud detection and should be one of the first things managers look into when trying to uncover the warning signs of fraud. This technology is especially relevant for financial services companies, who demand more effective and less costly compliance monitoring. Joshi goes on:

        “Firms are increasingly seeking to proactively search for specific trends and red flags – initially anonymously – but with the potential for investigation where a consistent pattern of potential fraud is flagged.”

        One of the main benefits of detecting these key indicators of fraud is that the company is one step ahead of the game. It is one thing to merely identify the red flags, the company should then be proactive and launch an investigation into whether internal fraud is occurring and its extent within the company. 

        How Polonious can help 

        Polonious has seamless integrations with analytics engines, so we can pick up flags like these and automatically create an investigation.

        Our case management system is flexible and adaptable to your needs. Once these warning signs have been spotted, any information that is needed for an investigation is just a few simple clicks away via our extensive list of integrations. 

        We can design and build workflows for you that are compliant with relevant legislation. Our Status Action Metric Evidence methodology ensures that investigators can only perform allowed actions at the relevant stage of an investigation, while gated decision points ensure that the investigation cannot move forward without a decision and a justification. Strict security and a full audit trail also ensure that you are compliant with any audit requirements. All of this while adding minimal administrative/compliance burden to your investigators.

        One of the biggest complaints we hear from investigators is the considerable amount of time spent on administration. Our system has a number of administration time saving features to combat this issue, including triage steps (so you can quickly remove false positives) and automation of communication. This results in a dramatic reduction in phone calls, follow ups, and requests for updates.

        Overall, this leads to a 38% reduction in the total time to complete an investigation, or 134 minutes on average. Since this time is non-billable, the savings are translated into an immediate ROI for your company.

        Other key features of Polonious’ case management system include fully customisable dashboards, and an ‘entity mapping’ report builder that lets you pick and report on any field in the system using a simple checkbox system. These features emphasise ease of use and cater towards what you want from your system.

        The system also allows integration with Tableau, and more recently, is able to integrate with Maltego for graphical link analysis. These reporting tools allow you to spot trends in identified and confirmed fraud cases and so better target your detection efforts.

        There are many warning signs that there may be fraud occurring within your business. These warning signs can be categorised into the three main drivers of fraud, which are Opportunity, Rationalisation, and Pressure. It is worthwhile launching an investigation if these red flags come up consistently to ensure that any fraud is stopped at the source. 

        Polonious’ easy-to-use case management system can pick up on these flags and immediately launch an investigation that reduces administration time and caters towards your needs. 


        Workplace bullying can cause significant psychological distress and put your organisation at risk of litigation as well as absenteeism and staff turnover.

        EY has developed a method of detecting phrases relating to internal fraud.

        However workplace bullying is not limited to aggressive behaviour, and includes many other forms of treatment including ostracising particular employees.

        The fraud triangle can classify the common red flags of internal fraud.

        However workplace bullying is not limited to aggressive behaviour, and includes many other forms of treatment including ostracising particular employees.

        Excessive workplace pressure can lead to internal fraud, as employees struggle to meet targets without altering the numbers.

        Book a Demo Now

        Learn more about how Polonious can help you investigate internal fraud.

        SIU Insights report 2021How do you compare to other SIUs?

        Check out some interesting results from our SIU management survey. Submit below form to receive the download link and related updates going forward.

        GICOP changes 2021Download the GICOP whitepaper and stay compliant.

        Our whitepaper covers all aspects you need to know to stay compliant with the latest GICOP changes coming into effect in 2021. Submit below form to receive the download link and related updates going forward.