Part 2: Main survey findings and international comparisons

2.1
In this Part, we set out the high-level results of our survey and compare them with the results from other recent Australasian fraud surveys.

2.2
Despite New Zealand's generally "clean" image, fraud is a fact of business life here. Anyone who has been part of an entity that has been defrauded knows that financial loss is only part of the effect of fraud. Additional costs include loss of trust in workmates and colleagues, the loss in productivity when assessing and repairing internal systems, and the sense of betrayal and consequent loss of trust.

2.3
Australasian surveys also identify that entities that experience fraud suffer a damaging loss of trust as well as the loss of money. Fraud damages an entity's public reputation² and internal working relationships. Because fraud involves dishonesty, managers and staff may feel shocked, betrayed, disillusioned, and demoralised.³ They may find it difficult to re-establish trust in the people they work with. When entities fail to prevent fraud, the disruption distracts them from delivering effective and efficient services.⁴ As these effects can never be entirely reversed, it is better for entities to protect themselves against fraud.

Public sector is committed to preventing fraud

2.4
Our survey confirms a strong commitment within the public sector to protecting public resources. Respondents throughout the public sector told us that their entities generally have the essentials in place. These include:

• mature and connected policies and approaches for mitigating fraud risks;
• a clear commitment from their governing bodies and management team to preventing fraud; and
• receptive environments for talking about fraud.

2.5
Minimising the opportunity and removing the temptation to commit fraud are the best ways that entities can protect the public's resources. This can be done by building a culture where governing bodies, managers, and staff are receptive to talking about fraud.

More awareness of emerging fraud risks is needed

2.6
Ongoing vigilance is particularly important in the current global economic climate, because the risk of fraud increases when many people struggle to make ends meet. Experience internationally generally confirms a greater incidence of fraud in recessionary economic climates, with fraud increasing because of "need" rather than "greed". There have been well-publicised large frauds during the global financial crisis⁵ and an increase internationally in frauds in small entities.⁶ Staff may feel less secure in their employment and, with the entity's suppliers also under pressure, public entities are at real risk from fraud and other economic crimes.⁷

2.7
Despite this, 69% of respondents to our survey did not feel that their public entity had a change in risk because of the current economic climate. Australasian surveys also found that, although people identify fraud as a risk for other entities, they are much less concerned about risk in their own entities.⁸

2.8
Our survey found that most known frauds were committed by one internal person acting alone. Australasian surveys also found that public sector frauds are more likely to be committed by internal perpetrators (except for benefit-paying entities, which are vulnerable to external perpetrators).⁹ The Australian Institute of Criminology found that, although the incidence and financial losses of public sector internal fraud are generally lower than those of external fraud, reported losses from internal fraud had increased by 10%.¹⁰ KPMG found that internal staff (usually acting alone) committed 65% of major frauds, which accounted for 98% of frauds by value.¹¹ In a breakdown of public sector perpetrators from a small sample size, KPMG found that:

• non-managers committed 62% of the fraud incidents, which accounted for 7% of the fraud by value; and
• managers committed 26% of the fraud incidents, which accounted for 85% of the fraud by value. The value of frauds committed by managers was on average 29 times higher than those committed by non-managers and five times higher than those committed by external perpetrators.¹²

2.9
Respondents to our survey told us that the main perpetrator in fraud incidents that they were aware of was an operational (46%) or administrative/support service (22%) person. However, in the current challenging economic environment, international data shows that fraud is increasingly committed by those at a managerial level or above. People in these positions can often override controls and may be able to conceal their offending better.

2.10
According to our survey, the most frequent types of fraud within the New Zealand public sector were:

• theft of cash (21%);
• theft of plant, equipment, or inventory (17% combined);
• fraudulent expense claims (14%);
• payroll fraud, such as falsifying timesheets (9%); and
• false invoicing (8%).

2.11
In comparison, the main types of fraud for the Australian public sector included:

• misuse of entitlements (for example, a credit card);
• financial reporting (intentional misstatements to deceive the users of financial reports); and
• intellectual property theft.¹³

Trusting staff is not a fraud control

2.12
Respondents to our survey often commented that they trusted their staff and colleagues to "do the right thing". This was one of the most common reasons people gave for not responding to our survey when we rang to follow up. They did not feel the survey would be relevant to their circumstances.

2.13
Although many of these people did then respond to our survey, their initial decision not to underlines how we can inadvertently fail to protect our entities from loss and our staff from suspicion. Our values, integrity, culture, and systems protect us only to a certain extent. If we become complacent, they can also become a weakness that provides the opportunity for fraud. Our survey found that nearly 80% of known frauds were committed by an internal person acting alone. These individuals were trusted employees until their betrayal of that trust was discovered. Most of these individuals thought they would not get caught.

2.14
New Zealand is a country of small businesses, and the public sector is similarly small. In our survey, 579 respondents were in entities with fewer than 50 full-time equivalent staff. Understandably, when people work closely together, they want to be able to trust each other. However, KPMG found that warning signs were overlooked or ignored in 38% of major frauds.¹⁴ This indicates that the risks from fraud could be reduced by being vigilant and responding when concerns are first identified.

2.15
Preventing fraud is not only about protecting resources. Fraud distracts people from their jobs, is organisationally corrosive, and undermines public trust and confidence in the public sector. Fraud prevention is important not just to limit loss but also to protect the culture of an entity and the public's trust that taxes and rates are used for proper purposes.

2.16
The combination of a lack of perceived risk from the wider economic climate and a reliance on trust in each other suggests that the public sector could do more to ensure that we are aware of emerging fraud risks. This includes sharing information about incidences of fraud.

Maintaining a culture of integrity keeps fraud at bay

2.17
Overall, the incidence of fraud in our public sector appears to be relatively low compared to the results suggested by other surveys. Less than a quarter of our survey respondents (22.5%) were aware of any fraud having been committed in their public entity in the last two years.

2.18
In the Australasian surveys, the proportion of survey respondents whose entities had detected fraud ranged from:

• 37% to 53% for all respondents; and
• 23% to 61% for public sector respondents.

2.19
Our survey showed the smallest amount of public sector fraud in any of the comparable surveys.

2.20
PwC's international findings agree with our survey findings that there is a correlation between the size of the entity and the number of incidents reported. Larger entities experience more fraud than smaller ones.¹⁵

2.21
It is important to have strong controls and to follow the systems that are laid out. KPMG found that weak controls created the opportunity for 32% of frauds and overridden controls created the opportunity for 22% of frauds.¹⁶ In small entities that have fewer controls, organisational culture and compliance with controls play a significant part in maintaining an effective anti-fraud culture.¹⁷

2.22
The results of our survey reinforce that informing employees about the risks of fraud, how to protect the public entity from fraud, and what to do if a fraud has been detected is important in minimising incidents of fraud. These are steps that all public entities can take, and our survey shows that many are doing so already.

2.23
Our survey showed a strong correlation between the culture of a public entity and the incidence of fraud, and the results suggest that communicating regularly about fraud helps to keep fraud at bay. A culture of integrity is built and maintained by public entities being receptive to, and communicating about, fraud prevention, risks, and incidence. This means:

• setting the tone at the top;
• putting in place appropriate controls, including policies and procedures;
• talking openly about fraud and the risk of fraud;
• making sure that staff feel safe to report fraud;
• making sure that staff know about fraud policies and procedures – regularly telling them that fraud is not tolerated, how they can help prevent it, and how to raise their concerns; and
• telling staff about incidents of fraud and how they have been dealt with.

2.24
Having appropriate policies and procedures is a good first step. However, for these to be effective, managers need to ensure that employees know about them and how to use them. Openly discussing fraud prevention practices and the checks that are in place to identify offenders can increase the perception of risk of being caught, which may deter potential perpetrators.¹⁸

2.25
Communicating previous incidents of fraud has also been shown to be an effective way to reduce fraud. Currently, communication of fraud incidents to staff is poor. Slightly less than 30% of respondents to our survey said that management communicates incidents of fraud. However, our survey indicates that those entities that had communicated previous incidents of fraud to staff generally had fewer incidents of fraud. This again highlights the importance of sharing information and communicating with staff to minimise the risk of more fraud being committed.

A culture of integrity is most effective when supported by strong internal controls

2.26
Systems do not commit fraud, people do. Controls must be in place. Public entities need to ensure that they have the right systems in place and that their staff are always vigilant. The best way a public entity can protect itself from fraud is for managers to be willing to talk with staff about fraud risks, hear from staff about suspected fraud risks, and take action in response to incidents of fraud.

2.27
Public entities with effective management controls do well in minimising fraud risk. According to our survey, 36% of all fraud incidents that respondents were aware of had been detected by internal controls. Internal controls are the frontline of fraud protection and detection. They were the single largest means by which frauds were detected in our survey. This finding is consistent with Australasian survey results, which confirm that fraud is most likely to be detected using internal controls.¹⁹ In one survey, internal controls detected 42% of identified frauds.

2.28
Tip-offs are another successful way of detecting fraud.²⁰ In our survey, internal whistle-blowers detected less fraud than in some other surveys. For instance, in the Australian public sector, 29% of internal frauds were identified by whistle-blowers, suggesting that having good protected-disclosure systems can be helpful.²¹

2.29
Some people expect that external audit will detect fraud. The purpose of an external audit is to give assurance about the representative fairness of an entity's financial statements, not to detect fraud. Entities that rely on external audits to detect fraud are at risk.²² In our survey, less than 1% of frauds were detected by external auditors.

Reporting deters fraud

2.30
Our survey showed that there is a high level of trust within public entities that managers would take action on any suspected or detected frauds. In our survey, 95% of respondents said that they would be willing to raise concerns about fraud and believed that their concerns would be taken seriously, and 78% were confident that fraud would be reported if it were discovered. Consistent with these views, 87% considered that, when risks are raised, their entity takes proactive steps to reduce those risks.

2.31
Despite this confidence, only 39% of fraud incidents that respondents were aware of had been reported to enforcement agencies. The Auditor-General expects public entities to consider reporting matters of fraud to an appropriate authority. This authority is usually the New Zealand Police and, if the incident is believed to be serious, the Serious Fraud Office. Entities that report fraud to the Police protect themselves and send a clear "zero tolerance" message. Entities are also expected to advise their auditor as soon as possible of any alleged, suspected, or actual fraud that requires management action.

2.32
The Australasian surveys also showed a marked difference between how people thought their entity would respond and how the entity did respond when fraud arose.²³ For instance, only 51% of public entities dismissed fraud perpetrators.²⁴ Many entities did not have, or did not intend to implement, reporting mechanisms for responding to fraud incidents.²⁵

2.33
We recognise that a range of factors have to be balanced when deciding whether to refer suspected offending to enforcement agencies. These factors may include the scale and nature of wrongdoing, the likelihood of securing a conviction, how long ago the event(s) took place, the attitude and situation of the alleged offender, and any reparation that has been made.

2.34
However, our survey shows that reporting fraud to the Police appears to be effective in preventing more fraud from being committed. Public entities that had reported fraud matters to the Police had fewer known incidents of fraud. Of those who said that fraud had been reported to the Police, 21% told us that fraud had been committed in the last two years. Of those who said that fraud matters had not been reported to the Police, 49% told us that fraud had been committed in the last two years. Increased transparency and awareness of fraud reduces the chances of repeat offending.²⁶ Without formal records, offenders are free to reoffend – sometimes within the same entity.²⁷

2.35
If fraud has been committed and managers are not seen to take action, staff confidence in managers can be seriously eroded. This may have an adverse effect on staff who would otherwise report their suspicions of fraud. Public entities should be aware that reporting fraud to enforcement agencies maintains the willingness of staff to speak up about fraud concerns. Managers should take reactive steps, such as disciplinary action, as well as proactive steps to strengthen controls and ensure that staff are aware of how the public entity handles fraud and how staff can help prevent it.

---

2: KPMG (2010), Fraud and misconduct survey; PricewaterhouseCoopers (2009), Fighting fraud in the public sector.

3: PricewaterhouseCoopers (2009), Fighting fraud in the public sector; Damian Bennett (2010), Fraud in recessionary times, Hayes Knight.

4: Lindley, J., Jorna, P., and Smith, R. G., (2012), Fraud against the Commonwealth 2009-10 annual report to government, Australian Institute of Criminology; KPMG (2010), Fraud and misconduct survey.

5: KPMG (2010), Fraud and misconduct survey.

6: PricewaterhouseCoopers (2011), The 2011 Global Economic Crime Survey Results for New Zealand.

7: PricewaterhouseCoopers (2011), The 2011 Global Economic Crime Survey Results for New Zealand.

8: In the not-for-profit sector, 86% believed that fraud was a problem for others, but only 8% for their entity. See BDO New Zealand (2012), Not-for-profit Fraud Survey. Only 20% of respondents thought that fraud was a serious problem for their own entity. See KPMG (2010), Fraud and misconduct survey.

9: Lindley, J. and Smith, R. G., (2011), Fraud against the Commonwealth 2008-09 annual report to government, Australian Institute of Criminology.

10: Lindley, J., Jorna, P., and Smith, R. G., (2012), Fraud against the Commonwealth 2009-10 annual report to government, Australian Institute of Criminology.

11: KPMG (2010), Fraud and misconduct survey.

12: KPMG (2010), Fraud and misconduct survey.

13: Lindley, J., Jorna, P., and Smith, R. G., (2012), Fraud against the Commonwealth 2009-10 annual report to government, Australian Institute of Criminology.

14: KPMG (2010), Fraud and misconduct survey.

15: PricewaterhouseCoopers (2011), The 2011 Global Economic Crime Survey Results for New Zealand; KPMG (2010), Fraud and misconduct survey.

16: KPMG (2010), Fraud and misconduct survey.

17: Association of Certified Fraud Examiners (2010), Report to the nations on occupational fraud and abuse.

18: Schaefer, P. (2006), Employee theft: Identify and prevent fraud, embezzlement, pilfering, and abuse, www.businessknowhow.com/manage/employee-theft.htm.

19: PricewaterhouseCoopers (2011), Fighting fraud in the public sector; KPMG (2010), Fraud and misconduct survey.

20: BDO New Zealand (2012), Not-for-profit Fraud Survey.

21: Lindley, J., Jorna, P., and Smith, R. G., (2012), Fraud against the Commonwealth 2009-10 annual report to government, Australian Institute of Criminology; KPMG (2010), Fraud and misconduct survey.

22: Association of Certified Fraud Examiners (2010), Report to the nations on occupational fraud and abuse.

23: BDO New Zealand (2012), Not-for-profit Fraud Survey.

24: PricewaterhouseCoopers (2011), Fighting fraud in the public sector.

25: KPMG (2010), Fraud and misconduct survey.

26: Association of Certified Fraud Examiners (2010), Report to the nations on occupational fraud and abuse.

27: Lindley, J., Jorna, P., and Smith, R. G., (2012), Fraud against the Commonwealth 2009-10 annual report to government, Australian Institute of Criminology; PricewaterhouseCoopers (2011), Fighting fraud in the public sector.

page top