Internal control frameworks have grown in importance in recent years and improvements have been driven by the US Sarbanes-Oxley Act, which places great importance on internal control systems.

But according to KPMG, lenient systems can be blamed for fraud-related losses of more than $456 million experienced by organisations in Australia and NZ since 2002.

“Effective internal controls are crucial to preventing and detecting fraud,” said Dean Newlan, executive director at KPMG Forensic. “The major factor allowing fraud to occur was the overriding of internal control or poor internal controls generally.” Newlan added that lax internal controls were the major cause of 43 per cent of fraud cases.

The KPMG report also pointed to a major fraud awareness problem on the part of corporates.

There were 27,657 incidents of fraud reported in the study’s period by 221 organisations. Average losses were more than $2 million, but despite this, less than 10 per cent of respondents believed that fraud was a major problem for their organisation.

“This may suggest that fraud — although acknowledged by 39 percent of respondents as a major problem for business generally — involves losses that are not regarded as significant by the organisation,” said David Van Homrigh, national managing partner at KPMG Forensic. “Alternatively, it may mean that businesses believe their own systems and controls are more effective than prevailing standards.

“Organisations that fail to take a proactive approach to fraud control are prime targets for fraudsters — especially as the perpetrator will typically come from within the organisation, have no known history of dishonesty and will have been with the organisation for around six years.

“In most cases, the person that will defraud corporations in Australia and NZ will be someone the organisation trusts,” Van Homrigh said.

Newlan said that often fraud is not viewed as manageable.

“Some people don’t see fraud as a business risk,” he said. “We do see a lot of headlines on fraud but the linkage with risk management is not made.

“A lot of people feel that fraud is not something that is inherently controllable in that although you can have internal controls, they can be bypassed and fraud can be committed. That needs to be brought back into the mainstream field of risk. It’s not accepted but it is tolerated.”

According to fraud prevention experts, traditional fraud identification techniques lack the sophistication to effectively manage fraud risk.

“We have found that where an organisation has analysed fraud risks as part of an overall risk management exercise, the resultant analysis has listed only generic fraud risks, not specific methods of fraud which could succeed in individual job functions,” wrote Martin Samociuk and Nigel Iver in their recent book, Fraud Resistence: a practical guide.

According to Samociuk, there is too much emphasis on control systems and not enough on behavioural issues.

Stuart Fagg is the editor of Lawyers Weekly’s sister publication Risk Management magazine, which won the 2004 Bell Award for Best B2B Magazine Launch of the Year.

Get Risk Management magazine this month for an in-depth look at how to implement the COSO internal controls framework. Contact Stuart Fagg for details on (02) 9422 2355