Virtual Fraud in Financial Services Forum

Virtual Fraud in Financial Services Forum

On 9 December 2021, Polonious will be attending and speaking at the Virtual Fraud in Financial Services Forum run by Transform Finance. This event connects the entire financial services industry across the Asia Pacific region in an exclusive online environment. 

At this event, you will get to hear about the ever-changing global fraud landscape from industry experts. The latest topics currently transforming the fraud industry will be covered, such as:

  • Cybercrime Challenges
  • Global Perspectives and Regulatory Insights
  • Disruptive and Emerging Technologies
  • Application and First Party Fraud, Synthetic Identity and Transaction Fraud

You will also have the opportunity to network with more than 200 C-suite, VP and Director level executives across a range of fraud prevention, detection, and investigation roles. These include roles in Financial Crime, Risk, Compliance, Legal, AI, and Data Analytics. 

The organisations in attendance are also diverse in nature, covering financial services industries such as Banking, Fintech, Insurance, Securities, and of course Polonious will be representing the Case Management industry. 

Polonious will be manning a virtual booth at this event, speaking on why you need an investigation management system, and where it sits in your anti-fraud program. This booth will be run by Polonious’ Senior Systems Configurer and ISO Systems Manager, Nicholas Fisher. Nicholas has worked with clients across banking, insurance, investigation firms, education and child protection. He knows exactly what key pain points companies experience in their fraud prevention and detection, and how Polonious can step in and help. 

Nicholas will be able to give you a crash course on why you need an investigation management system. He will cover what investigation management systems are, how they can be implemented, and their benefits to you. You will no doubt leave this event with a better understanding of why investigation management systems are more attractive than other alternatives.

If you work for a bank, fintech, payments, insurance company or the wider financial services, this event is perfect for you! Learn from live case studies, Q&As, and panel discussions at the most important event for digital innovation and fraud prevention this year. 

You can find out more about the event, including the agenda, speakers, and more general information here

We look forward to seeing you there!

Fraud in Financial Services virtual event - 9th December 2021

Thinking about attending?

You can claim a free VIP pass to the event using this link

Why project management apps fall short for investigation management

Why project management apps fall short for investigation management

How Polonious compares to project management apps

How Polonious compares to project management apps

Many organisations end up relying on SaaS and other project management apps to handle their case and investigation management.

In the race to collaborate quickly, project managers offer an easy way to start a case management journey, but fall short when it comes to the complexity of properly dealing with investigations.

Let’s take a look at how project management apps fail to offer the features and compliance of an investigation management system.


Starting from scratch

If your team is tasked with managing projects that relate to customer case and investigations then SaaS project management apps like Trello and Basecamp look like great starting points.

Teams realise they need something that is online and collaborative, and all members need to work together. They also realise that it is a case management and workflow challenge they are facing, which are often not met by office documents.

Project management apps often have complete to-do lists, the ability to record statuses, and can add participants in an ad-hoc manner: All of which are key attributes you need in an investigation system.

Many also allow you to collect artifacts like images, videos and documents.

SaaS project managers are generally available and people will use them because they require little, if any, procurement process. They are used throughout the business for general things like customer support, which can morph into “case management”.

This is how organisations typically end up using SaaS project managers for case and investigation management.


Discovering the drawbacks

While easy to procure, and offer some positives, there are numerous disadvantages with project management apps for investigation management.

What they generally lack is rigour. One of the key things in investigations is understanding how you arrived at the conclusions you make.

At numerous steps along the way key decisions have to be recorded as to whether you proceed or don’t proceed and how you proceed in an investigation. And the people making those decisions and their reasoning have to be auditable.

Project managers generally follow a predefined process, but those processes are not designed to ensure procedural fairness, regulatory compliance or track provenance of evidence collected.

They also lack the detailed compliance requirements and controls which would have to be added into the system and maintained separately.

For example, project managers often enable users to delete comments and documents without having a full audit trail, or the ability to recover those documents.


But I’m already using a project manager for investigations…

If you are already using project management apps for investigations then you need to be wary of the pitfalls.

At their core project managers address some of the requirements for investigation management, but they lack the focus of an investigation management tool miss many of the features you would find in a dedicated application.

The reality is there are not many benefits to using a project tool for investigation management as they quickly struggle with the intended purpose and often lack the ability to cross reference entities that are involved in multiple cases.

For example, simple things like sharing documents and applying security often results in you having to apply this to every case which requires a lot more manual work.


Moving up to dedicated investigation management

If you find yourself using a project manager for investigations look at moving to a purpose built system to avoid a lot of headache and compliance problems in the future.

A big problem is getting the case data out of the SaaS project management app and then being able to use it for better investigation management, so be wary of that if your team is starting to rely more on project managers.

Another thing to note is separating the cases that have more compliance requirements, these are likely to demand proper investigation management as you grow.

Additional steps to take include:

  • Identify the key risks that need to be managed within the process such as the ID of vulnerable people, protection of whistleblowers, regulatory reporting requirements.
  • If you need to conduct cases within a legislative framework.
  • Getting the right stakeholders. Are the right people in your organisation seeing the case data and what should be deemed an investigation?

It is rare that a project management tool has the ability to share data well outside the project team.

Polonious can share data with all of the participants involved appropriately whether they are working as part of the team; line managers or senior management; or external suppliers and vendors; and even participants in the process such as claimants and customers.

With proper investigation management you can be transparent without exposing restricted data outside those who should have access.

New General Insurance Code of Practice: What changes for investigation teams?

New General Insurance Code of Practice: What changes for investigation teams?

Access Polonious' free guide to GICoP compliance in investigations.

Australia’s insurance industry is undergoing the biggest regulatory and compliance changes in its history, and these changes will significantly impact investigation teams.

The Insurance Council of Australia (ICA) has released a new General Insurance Code of Practice, and all insurers were required to implement the changes by July 1, 2021. The changes are legally binding and, as of July 1, 2021, organisations can be fined for non-compliance. These fines can amount to hundreds of thousands of dollars.

To avoid penalties and compliance headaches, insurers will need to change their business to comply with the new regulations, which must be met in their entirety, as opposed to a piecemeal approach. The new Code is a result of a two-year review by the ICA, which invited input and recommendations from various organisations.

Australia’s insurance industry leaders must act now to bring their investigation teams, and the wider organisation, in line with the changes. Investigation teams will be pressured by the more detailed compliance requirements, but this does not mean there are no business imperatives.

Polonious’ report, New General Insurance Code of Practice: A reference guide to how changes will impact fraud investigations, gives insurance industry leaders an overview of the required changes, and details of how the impending requirements can go a long way to benefiting the business.

I this blog, we will look at what changes for investigation teams.

Teams must adapt immediately

The Insurance Council’s Code of Practice changes will have an immediate impact on investigation teams and how they conduct their work, including much more detailed measurements of the actions being taken.

An extensive summary of the Code of Practice can be downloaded from the Web site. The many changes to the Code of Practice will apply significant pressure on insurers’ investigation units, including:

  1. Stricter requirements in relation to actions being taken by the investigators (e.g. 90-minute time limits
    For investigation interviews)
  2. More mandated regulation which will override any self-regulation, with penalties for non-compliance
  3. A push for more transparency for claimants

To cite a simple, but profound, example, there will now be a cap of 90 minutes on the length of an interview that an investigator can undertake. Previously, there was no time limit. Moreover there is a total limit of four (4) hours during the complete course of the investigation.

Changes such as these will apply a degree of pressure on insurers to get the information they need within that timeframe so they don’t fall foul of the requirements.

Having an unlimited amount of time previously meant that investigators did not need to worry about the pace of the interview. Now, if they go over that allotted time, they will need to explain why, and justify it.

Collecting all the necessary details to make a determination of a claim in 240 minutes of allowed interview time will be challenging in complex cases, so investigators will need to be better prepared in order to meet those strict requirements.

Should they need more time, the investigator will need to ask permission from insurers to extend the interview time and will need to record the agreement and the reasons behind it.

In another example, Part 15 of the new Code speaks to the claims investigation standards. In paragraph 73 it states, “If we appoint someone to investigate your claim, then within 5 business days, we will inform you of their appointment and what their role is”.

These are just a few of many requirements specified for investigation teams in the new Code.

What triggered the changes?

The changes come after the Insurance Council of Australia identified a number of failings in the investigation industry which have resulted in claimants being treated in an unfair manner. And little has been done to address this, despite many opportunities to do so in recent years.

Previously, the industry was self-regulated, which didn’t lead to the changes the industry needed. Neither did it bring any well-defined rules. It remains to be seen if existing investigation units will be capable of meeting the new requirements as insurers typically have thousands of investigations running at any given time.

The reforms are also designed to create more openness and transparency for the claimant, with clearly defined processes requiring strict compliance. Investigators not informing the claimant of the progress of their claim, or their obligations around the investigation, can lead to many people dropping out of a claim. If the process drags on indefinitely, many people just want it to end and will withdraw the claim.

5 Tips for Setting Up an Effective Whistleblower Hotline

5 Tips for Setting Up an Effective Whistleblower Hotline

Whistleblowers are often depicted as controversial figures (as evidenced by the media’s portrayal of Edward Snowden) and some even go as far as to call them traitors. In the workplace however, these groups of individuals should be hailed as heroes, as they are key in preventing internal fraud from occurring and are a huge asset to their company. 

In fact, 49% of serious misconduct is reported by a colleague

Therefore, companies should endeavour to create a safe and effective means for whistleblowers to call out this serious misconduct. This blog will outline (number) tips for setting up a whistleblower hotline that employees will feel comfortable using, and that management can easily create investigation reports with. 

1) Consider Whether An Internal or External Whistleblower Hotline is Appropriate

The first decision any company needs to make regarding their whistleblower hotline is whether it should be run internally or externally. Should it be operated within the company or subcontracted to an external source? Both options have its benefits and downsides, which management must consider before they can start investigating internal fraud reports.

An internal hotline is often run by the company’s HR or internal audit department. The advantages of this strategy are that it eliminates the need for a middle man, so the company can speak directly with the whistleblower and get all the details directly from the source. It also prevents information leaks that could damage the company’s reputation, since all reports are kept within the company. However, conducting the hotline in-house will involve many considerations, such as budget, resources, implementation, training and policies among others. 

On the other hand, an external hotline is developed, implemented and operated by a third party, and avoids many of these considerations. They often offer a 24/7 multilingual service, with quick response times and employees may feel safer knowing they are talking to an independent third party. The downside is that there is some risk some of this information may be leaked to the public since it is not under the direct control of the company. 

2) Have Different Communication Channels

If your company does decide to set up an internal whistleblower hotline, you must then consider how your whistleblowers will communicate to management. Although the term “hotline” implies that employees can only report internal fraud via the phone, whistleblower hotlines can contain a variety of communication channels that will help management become aware of potential concerns. 

In today’s world, there are so many different ways to connect with others, without even speaking to them. Social media has completely changed the way we interact with one another. For the more tech-savvy younger generations, it is rare for them to pick up the phone and talk to someone, unless it is a close friend or family member. In the context of whistleblowing, it is important that companies create a reporting channel that employees are comfortable with using.

Younger employees may feel anxious about making a phone call to report internal fraud. There are many factors that can induce fear and prevent employees from picking up the phone, which can include:

  • Fear of revealing their identity
  • The serious nature of the phone call
  • A hesitation to pick up the phone
  • They are speaking to someone they don’t know

Furthermore, the quality of the investigation report will be highly dependent on the training and skill of the person on the other side of the line. Hence, it is vital that companies implement different communication channels besides a phone-based hotline. 

Companies should include an online platform with a web-based form as part of their whistleblower hotline, which employees can fill in and report any internal fraud that they see. Not only will this allow for easy categorisation of complaints, it will also give the employee the piece of mind that they can express themselves without being put on the spot. 

As alluded to above, there is also no third party who may get the details of the report incorrect, so the company can work directly with the whistleblower. Additionally, an online platform can include an anonymous chat function that the case manager can use to build trust with the employee and ask further questions if necessary. 

For employees who do not wish to remain anonymous, another whistleblower communication channel that companies should include is in-person reporting. Often the chance to speak directly to another person about the matter will help the whistleblower come forward with their information. The main benefit for the company is that they can easily follow up with the employee throughout their investigation for more information or to update them on the status of their investigation. 


3) Implement a Case Management System

One critical component of any whistleblower hotline is a case management system to complement it. Once a report has been made, a company must swiftly investigate the issue, determine the appropriate course of action, then implement it within the company. This is where Polonious can help. 

Polonious’ ISO27001 certified security ensures your evidence and case files are stored securely. Our detailed security configuration will also ensure that you can keep whistleblowers fully anonymous, or known only to an external or internal whistleblower team, depending on the level of anonymity requested. We can then help generate an investigation report for you at the click of a button.

Polonious’ configurable workflows ensure a fair, consistent, and compliant process for all internal investigations.

4) Know What Metrics You Are Using

Your company should now have an efficient system of collecting whistleblower reports and investigating them in a timely manner. The next step is the measurement of certain metrics, which allows companies to gain insights into their hotline and make informed decisions to optimise the process over time. Some of the most essential metrics are discussed below.

Cases Over Time

A fundamental metric that any whistleblower hotline should include is cases over time. Although it is a common belief that the less cases of whistleblowing the better, managers should actually be concerned if they receive no reports. It is unrealistic to believe that absolutely no internal fraud is occurring within a company, and whistleblowers are central to uncovering this internal fraud. 

More cases being reported may indicate that the program is working and employees feel comfortable using the communication channel. If there is a downward trend in cases, this may point to employees not embracing a culture of compliance. 

Displaying cases reported over time in a graph will also allow the case manager to easily discern if there is seasonality in cases, or if certain events trigger employees to report cases. 

Cases by Department

Another key measurement is where in the business the cases are being reported from. If a specific department is reporting more cases than others, this may be a signal that there is poor training or a culture of corruption within the department. Management can therefore be agile and make adjustments to the department. 

Cases by Channel

By measuring where cases are sourced, a company will have a better understanding of which channels employees prefer when reporting internal fraud. This metric can be combined with the above two metrics to discover if employees prefer a channel at a certain time, or if one department prefers a certain channel over another. It will reveal insights into which channels are easiest for employees to engage with. 

Anonymous Ratio

A useful metric to keep in mind is the number of anonymous reports compared to non-anonymous reports. If the majority of reports come from anonymous sources, this may suggest that employees are afraid of speaking out and facing retaliation. Although not a direct correlation, this ratio can point to the culture of compliance within the organisation. 


5) Ensure Clear Messaging from Management

Once the whistleblower hotline has been successfully implemented within the company, management must then let their employees know about it. The messaging from management should clearly emphasize the importance of speaking up and promote a culture of compliance.

This will motivate employees to use the hotline whenever they see something out of line. The more they use the hotline, the more cases of internal fraud that management can investigate, and the better it is for the company. 


Employees are on the ground floor of an organisation, seeing and hearing things that management can easily miss. It is therefore crucial for management to establish an effective means of listening to their concerns if they spot instances of internal fraud. Key points of consideration include whether a company’s whistleblower hotline should be internal or external, what communication channels it will use, the implementation of a case management system, what metrics it should measure, and what messaging should come from management. With these in mind, companies should be able to create a successful whistleblower hotline.

Whistleblower hotlines are a key asset in preventing internal fraud

Whistleblower hotlines are a key asset in preventing internal fraud.

Making your hotline confidential will ensure employees feel comfortable using it.

Making your hotline confidential will ensure employees feel comfortable using it.

Book a Demo Now

Learn more about how Polonious can help you implement an effective and confidential whistleblower hotline.

Common Phrases That Are Red Flags for Internal Fraud

Common Phrases That Are Red Flags for Internal Fraud

Prevention is very often the best way of dealing with internal fraud. Being able to nip the problem in the bud will produce much better outcomes for a company than finding out that fraud is already occurring when it is already too late. With that being said, all companies should be aware of the warning signs that may flag when an employee is planning to, or is currently engaging in internal fraud.

Software developed by the FBI and Ernst & Young has discovered the most common phrases that are used in email conversations among perpetrators of internal fraud. Through this technology, more than 3,000 words and phrases were identified. The software can also detect unusual changes in tone that can suggest an underlying problem. 

List of Phrases

The phrases identified by the Ernst & Young software are a good indication that fraud may be occurring within a company, especially if they come up on a regular basis. The top 15 phrases are listed below:

  1. Cover up
  2. Write off
  3. Illegal
  4. Failed investment
  5. Nobody will find out
  6. Grey area
  7. They owe it to me
  8. Do not volunteer information
  9. Not ethical
  10. Off the books
  11. Backdate
  12. No inspection
  13. Pull earnings forward
  14. Special fees
  15. Friendly payments

Some phrases describe the fraud itself, including “Cover up,” “Write off,” “Illegal,” and “Grey area.” Other phrases suggest that employees want to defend their actions, such as “Nobody will find out,” and “They owe it to me.” Phrases like “special fees” and “friendly payments” are used in cases of bribery. Further phrases indicate that the employee is acting with a co-offender, describing how the fraud will take place in phrases like “Do not volunteer information,” “Off the books,” and “Pull earnings forward.” 

The software also searches for outside events such as “call my mobile” and “come by my office,” which suggests that the employee does not want to be overheard. 

Employees who do not wish to partake in these fraudulent activities with a fellow employee often use words like “no inspection,” “do not volunteer information,” “want no part of this” and “don’t leave a trail.

It may seem improbable at first instance for employees to directly mail other employees about their fraudulent actions. However, it is more than likely that they are colluding with someone else or are searching for acceptance from others about their activities.

According to the developers, this targeted means of analysing suspicious email conversation will save companies millions, as it is able to warn companies before major frauds have occurred. The software also highlights the success of analysing words as a method of investigating fraud, which is typically only conducted by looking at a company’s numbers. 

The Fraud Triangle

A commonly used framework in auditing, the fraud triangle explains why an individual may decide to commit a fraud. It comprises the three components: Opportunity, Rationalisation, and Pressure. Many of the phrases that were identified by the software could be classified under one of these components.


Fraud is more likely to transpire when there is an opportunity to commit it in a concealed way. This can manifest in a few different ways, for example, having limited approval processes, weak internal controls, or poor communication from leadership. 

The Ernst & Young software identified a number of phrases relating to this section of the Triangle, such as:

  • Nobody will find out
  • No auditor will review it
  • Nobody asks anything
  • The policy does not say anything about it
  • Bosses don’t ask


This component refers to the individual’s justification for committing the fraud, to the point where they feel that their actions are acceptable. They may feel that management is treating them unfairly and fraud is a way of getting payback. They may see upper management committing fraud and follow in their footsteps. They may feel that they have no other choice, for example losing their job, and fraud is the only option. Whatever their reasoning, dramatic changes in company culture are required to tackle this issue.

The common phrases associated with this element of the Triangle include:

  • They owe me
  • Everybody does it
  • I’m not hurting anyone
  • They don’t pay me enough
  • Nobody has to know


The final segment of the Triangle refers to an employee’s mindset towards committing fraud. Employees may be under pressure to meet targets that are tied to their remuneration, which may cause them to commit fraud to meet these objectives. There may also be pressure from investors and key stakeholders to increase the company’s share price, which can further impel them to commit fraud. 

The phrases discovered by the software relating to pressure include:

  • My bonus depends on this
  • Bosses are pushing me to do this
  • I should reach the numbers
  • The goal is very high


What was said about the Software

In a press release for the software, Rashmi Joshi, director of Ernst & Young’s Fraud Investigation & Dispute Services, noted that “Despite being the prime means of all conversations, unstructured email data plays almost no role in the compliance efforts of firms.

“Most often such email traffic is only seized upon by regulators or fraud investigators when the damage has been done.” 

Clearly, email plays an important role in fraud detection and should be one of the first things managers look into when trying to uncover the warning signs of fraud. This technology is especially relevant for financial services companies, who demand more effective and less costly compliance monitoring. Joshi goes on:

“Firms are increasingly seeking to proactively search for specific trends and red flags – initially anonymously – but with the potential for investigation where a consistent pattern of potential fraud is flagged.”

One of the main benefits of detecting these key indicators of fraud is that the company is one step ahead of the game. It is one thing to merely identify the red flags, the company should then be proactive and launch an investigation into whether internal fraud is occurring and its extent within the company. 

How Polonious can help 

Polonious has seamless integrations with analytics engines, so we can pick up flags like these and automatically create an investigation.

Our case management system is flexible and adaptable to your needs. Once these warning signs have been spotted, any information that is needed for an investigation is just a few simple clicks away via our extensive list of integrations. 

We can design and build workflows for you that are compliant with relevant legislation. Our Status Action Metric Evidence methodology ensures that investigators can only perform allowed actions at the relevant stage of an investigation, while gated decision points ensure that the investigation cannot move forward without a decision and a justification. Strict security and a full audit trail also ensure that you are compliant with any audit requirements. All of this while adding minimal administrative/compliance burden to your investigators.

One of the biggest complaints we hear from investigators is the considerable amount of time spent on administration. Our system has a number of administration time saving features to combat this issue, including triage steps (so you can quickly remove false positives) and automation of communication. This results in a dramatic reduction in phone calls, follow ups, and requests for updates.

Overall, this leads to a 38% reduction in the total time to complete an investigation, or 134 minutes on average. Since this time is non-billable, the savings are translated into an immediate ROI for your company.

Other key features of Polonious’ case management system include fully customisable dashboards, and an ‘entity mapping’ report builder that lets you pick and report on any field in the system using a simple checkbox system. These features emphasise ease of use and cater towards what you want from your system.

The system also allows integration with Tableau, and more recently, is able to integrate with Maltego for graphical link analysis. These reporting tools allow you to spot trends in identified and confirmed fraud cases and so better target your detection efforts.

There are many warning signs that there may be fraud occurring within your business. These warning signs can be categorised into the three main drivers of fraud, which are Opportunity, Rationalisation, and Pressure. It is worthwhile launching an investigation if these red flags come up consistently to ensure that any fraud is stopped at the source. 

Polonious’ easy-to-use case management system can pick up on these flags and immediately launch an investigation that reduces administration time and caters towards your needs. 


Workplace bullying can cause significant psychological distress and put your organisation at risk of litigation as well as absenteeism and staff turnover.

EY has developed a method of detecting phrases relating to internal fraud.

However workplace bullying is not limited to aggressive behaviour, and includes many other forms of treatment including ostracising particular employees.

The fraud triangle can classify the common red flags of internal fraud.

However workplace bullying is not limited to aggressive behaviour, and includes many other forms of treatment including ostracising particular employees.

Excessive workplace pressure can lead to internal fraud, as employees struggle to meet targets without altering the numbers.

Book a Demo Now

Learn more about how Polonious can help you investigate internal fraud.

8 Tips for Preventing Internal Fraud

8 Tips for Preventing Internal Fraud

What is Internal Fraud?

Internal or corporate fraud is the deliberate misuse or misapplication of a company’s resources or assets by an employee for their own personal gain. Put simply, internal fraud occurs when an employee, manager, or executive commits fraud against their employer. This is as opposed to external fraud in which customers, vendors or other parties commit fraud against a company.


Some examples of internal fraud include:

    • Skimming: A form of theft where the offender steals money before it is registered in the accounting system. A common skimming method involves an employee collecting payment from a customer for the sale of a product and then retaining the money for themself without actually registering the sale.
    • Theft: Money or stock is stolen by the offender that is already registered in the accounting system, often by stealing money from the cash register immediately after processing sales transactions.
    • Invoice Fraud: The offender draws up fraudulent invoices and processes them in the supplier system, for example using company credit or debit cards for personal use.
  • Wage Fraud: Similar to invoice fraud, the offender forges invoices, this time to force the company to pay a salary to third parties that they may be an accomplice with. 
  • Expense Fraud: For this form of fraud, the offender manipulates expense claims to be reimbursed for non-commercial expenditure. 


According to the Australian Institute of Criminology, internal fraud resulted in a loss of $2.7 million to Australian businesses in 2018-19, which includes stolen stock, cash, and damaged business reputation. More concerning is the fact that much fraud still goes undetected and unreported each year. 


However, there are many ways that managers can prevent internal fraud from occurring within their businesses, and deter employees from engaging in this form of fraud in the future.


1) Develop Clear Policies

It is important to establish clear and easy to understand policies to keep rules from becoming arbitrary and ensure that all employees are conscious of what the company expects of them. These policies should cover areas such as:

  • Serving or processing transactions for friends or family
  • Personal purchases and transactions
  • Personal use of company equipment like telephones, computers and printers


The reason for having these policies is twofold. Firstly, those who intend to commit internal fraud will be deterred knowing that management is aware of this fraud and has enacted clear policies to prevent it. Secondly, honest employees who will not commit internal fraud will become familiar with the possible signs of fraud and will be more likely to report it. These employees will also gain more clarity on what constitutes fraud so they can avoid accidentally committing it.


2) Have Clear Transaction Procedures

For similar reasons as above, companies should have clear procedures for dealing with transactions as this is often where internal fraud occurs. These procedures can include petty cash limits, keeping registers closed unless they are in use and the provision of receipts to acknowledge transactions. 


Companies should also segregate the processes of purchasing, receipting and paying, and have two people conduct daily banking if possible. The segregation of duties is an essential element of preventing internal fraud as it ensures that no employee has the ability to perpetrate and conceal errors or fraud during their normal course of duties. Additionally, employees will also be able to provide checks and balances on one another. 


3) Implement Strong Supervision of Staff

Employees are less likely to commit fraud if they know that they are being watched by management. When an employee is able to perform duties without supervision or authorisation from a higher up, there is a risk that they will act in their own self-interests. Some points to consider when implementing supervision include:

  • Supervise employee compliance with procedures
  • Regularly review cash shortages and investigate instances where an explanation is unsatisfactory
  • Have supervisors consistently check receipts and documentation
  • Look into suspicious transactions
  • Review of personnel


4) Set up a Reporting System

Although supervisors may catch employees engaging in fraud by looking into suspicious activities, an important source of detecting fraud are the employees themselves. Although employees are often hesitant to report incidents to their employers, this can be overcome by setting up an anonymous reporting system. Other sources also include customers, vendors and competitors. 

The Association of Certified Fraud Examiners reports that 40% of occupational fraud is detected because of a tip, the most of any other source. Consequently, businesses must ensure that they have appropriate reporting systems in place. 


The most common formal reporting mechanisms used by whistleblowers that businesses should consider implementing are:

  • Telephone hotline
  • Email
  • Web-based/Online Form
  • Mailed Letter/Form


Reporting systems will act as an effective deterrent against employees who would engage in fraud but are afraid of being reported by their fellow employees.


5) Perform Accounting Reconciliations

Fraud is often successful when it is well concealed. A way of combating this issue is performing regular accounting reconciliations and catching irregularities that may point to a case of fraud. Again, potential perpetrators of fraud will be deterred from committing fraud if they know that the accounts are being frequently looked over. 


The accounting reconciliations that business should undertake at least on a monthly basis include:

  • Bank reconciliations (for all accounts)
  • Accounts receivable reconciliations (both month to month and general ledger to sub-ledger)
  • Accounts payable reconciliations (both month to month and general ledger to sub-ledger


Not only will performing accounting reconciliations give an indication of potential fraud, it will also have the added benefit of helping managers make decisions and ensure the accuracy of the accounting records.


6) Establish Strong Human Resource Procedures

One of the best ways to prevent a problem is to stop it from the source. For fraud, this means hiring the right people and training them. 


Businesses can implement procedures such as:

  • Check references and perform background checks. This includes employment, credit and criminal history. 
  • Have formal, specific job descriptions. A red flag for fraud is when employees perform duties outside their job description.
  • Appropriately train employees. Not only will employees learn what constitutes fraud, they will also be able to recognise and report any suspicious behavior.
  • Implement an equitable remuneration system. Some employees may engage in fraud if they feel their remuneration is inadequate.


7) Constantly Monitor Your Assets

Although quite a simple measure, constantly monitoring your physical assets is a crucial step to prevent employees from engaging in stealing. Businesses should also have stringent control over their intangible assets, such as their knowledge and information. 


Examples of measures that businesses can put in place include:

  • Conducting regular stocktakes
  • Restricting physical access to only those who require it to perform their job function
  • Locking doors, desks and filing cabinets
  • Implementing electronic surveillance systems
  • Using employee IDs and passwords


These measures are the most visible to potential offenders of fraud and are therefore the strongest deterrent. While these measures do not necessarily entirely eliminate the risk of fraud, reducing the potential offender’s access to these assets will reduce the likelihood of fraud occurring.


8) Get Expert Help

Sometimes the numbers still won’t add up, even after implementing all of the above fraud prevention recommendations. If that is the case, then it may be worthwhile hiring a professional auditor to have a look at the company’s books. 


A Certified Practising Accounting (CPA) or Certified Fraud Examiner (CFE) can perform an extensive review of the company’s accounts and control processes, without having any personal relationship with the company to cloud their judgement. They can help with fraud detection and prosecution if necessary. 


These auditors will also ensure the books comply with government regulation, add credibility to the financial statements after their review, and point out key processes that may need improvement. However, a key factor to consider is the steep cost of hiring these auditors.


Employee fraud can take on many forms, but all of them represent a detriment to the business. It should be the priority of all businesses to implement procedures that prevent and deter internal fraud to prevent further losses. Not only will this have a substantial financial benefit, it will also promote a healthy company culture, with new employees learning the correct way of doing their job, that minimises errors and promotes good communication throughout the organisation.

Internal fraud can come with consequences for your organisation beyond merely what the employee took.

Internal fraud can come with consequences for your organisation beyond merely what the employee took.

Internal fraud cost Australian businesses $2.7 million in 2018-2019, and that's just what was detected.

Internal fraud cost Australian businesses $2.7 million in 2018-2019, and that’s just what was detected.

The most important thing you can do when investigating internal fraud is 'follow the money'. People commit fraud to benefit themselves, and they won't accidentally send it to the wrong person. Wherever the money ends up, they are likely the perpetrator or a close contact.

The most important thing you can do when investigating internal fraud is ‘follow the money’. People commit fraud to benefit themselves, and they won’t accidentally send it to the wrong person. Wherever the money ends up, they are likely the perpetrator or a close contact.

Book a Demo Now

Would you like to see how Polonious can help you investigate internal fraud?

GICOP changes 2021Download the GICOP whitepaper and stay compliant.

Our whitepaper covers all aspects you need to know to stay compliant with the latest GICOP changes coming into effect in 2021. Submit below form to receive the download link and related updates going forward.

SIU Insights report 2021How do you compare to other SIUs?

Check out some interesting results from our SIU management survey. Submit below form to receive the download link and related updates going forward.