9 minute read

Cybercrime on the rise…and so is the demand for forensic accountants

Next Article
Victoria/Tasmania

Victoria/Tasmania

Cybercrime on the rise

…and so is the demand for forensic accountants

Advertisement

By Melissa Lau*

In 2020-21 Australian businesses and individuals lost more than $33 billion to cybercrime – and it’s on the rise. Which is why credit professionals need to be on their guard, more than ever, for the sake of their own businesses and those of customers. And with the increase in cybercrime, there’s now an even greater need to implement good cybersecurity strategies to protect against businesses being compromised.

Melissa Lau

In late 2020 I wrote an article about the rising demand for forensic accountants – particularly in light of increasing fraud around the globe. I noted that since the pandemic had begun, more unusual fraud cases had been appearing and occurring more quickly.

Fast forward 14 months and cyber crime is flourishing. In 202021, Australian businesses and individuals lost a massive $33 billion as a result of cyber-attacks, with a cyber-attack occurring every eight minutes, according to the Australian Cyber Security Centre (ACSC). And no sector of the Australian economy was spared. In its Annual Cyber Threat Report 2020-21, the ACSC revealed there were 67,500 cybercrime reports over the year, a 13 per cent increase compared with the previous year.

What’s behind this rise? The increase in Australians working remotely, not to mention depending on the internet to access services and information and to communicate. “This dependence has increased the attack surface and generated more opportunities for malicious cyber actors to exploit vulnerable targets in Australia,” the report stated.

Harking back to my article in late 2020 and my observation that more unusual fraud cases had been occurring, it’s a viewpoint echoed by the ACSC, which said that “the increasing frequency of cybercriminal activity is compounded by the increased complexity and sophistication of their services. The accessibility of cybercrime services – such as ransomware-as-a-service (RaaS) – via the dark web increasingly opens the market to a growing number of malicious actors without significant technical expertise and without significant financial investment”.

Be aware

At a business level, being aware of the dangers and staying on your guard is crucial. For credit professionals, the reason for this is two-fold: credit managers are an intrinsic part of the cash-flow

cycle of a client’s business, so any disruption to that cycle could be detrimental to their own business; and credit management firms are a key target for cyber-crime, as they liaise with customers around payments owed to their business.

Dealing with the ramifications of COVID-19 may have caused some businesses to take their eye off the ball when it comes to fraud monitoring. It is impossible to know exactly how much fraud goes undetected or unreported, although a global fraud study believed a median estimate was that fraud costs organisations five per cent of revenues each year.

A 2018 study on occupational fraud and abuse cited fraud training for employees can reduce the median loss of fraud by 23 per cent, and its detection is 33 per cent faster. Lack of internal controls was the primary weakness that contributed to occupational fraud in 25 per cent of cases.

Wayne Williamson, chief information security officer (CISO) with Equifax Australia & New Zealand, sums it up well: “Cyber

“A 2018 study on occupational fraud and abuse cited fraud training for employees can reduce the median loss of fraud by 23 per cent, and its detection is 33 per cent faster.”

crime is a $33 billion people issue, and there is an increased sophistication of attacks exploiting the human link, including advanced ransomware crimes, internal staff being manipulated by threat actors, and cyber criminals exploiting gaps in critical systems. It’s important that organisations are looking closely at the human elements of the threat and human elements of the corporate response.”

At an Equifax-hosted panel discussion to assess cyber trends in the corporate world, Williamson commented that: “Cyber security preparedness is ever-evolving, and the responsibility lies with the entire organisation, not just CISOs, to address cyber risks head-on. Common themes emerged from our conversations with security leaders at the top of their field: namely, involving a business’ security culture driven from the top and conducting threat assessments on people and technology remain core principles to managing these risks.”

Credit professionals are uniquely placed to be able to identify any irregularities in their own business operations. And being aware of the nature and ‘recipe’ for fraud can help identify those customers that perhaps don’t understand or don’t respect the risks they’re facing, which may then help with assisting credit worthiness.

The problems of over-trusting

Fraud can occur in businesses where there is an over-trusting environment, which small businesses are often guilty of having. While it may help with the smooth running of the business ➤

The main types of fraud SMEs should look out for include:

z Cyber fraud –when a criminal uses malicious software to send phishing emails that contain false, inflated or duplicate invoices with the intent to defraud. This type of fraud also includes hackers who send fraudulent emails pretending to be the CEO to a member of staff requesting a bank transfer. SMEs are just as much at risk of cyberattacks as larger businesses. z Mandate fraud– when fraudsters pose as legitimate suppliers and advise changes to existing payment arrangements.

The fraudster tricks staff into changing a direct debit, standing order or bank transfer payment from an organisation or person the company makes regular payments to. Another common type of small business fraud is when an employee forges company cheques or makes electronic payments that haven’t been authorised. z Fake invoicing and fake suppliers– business owners must have basic oversight over every vendor in their business because false invoicing is an increasingly popular fraud method. It is often committed by an employee, contractor, supplier or external fraudster.According to a recent Xero survey of 1,000 small businesses, 18 per cent of respondents had fallen victim to invoice fraud, falsely paying out a huge $15,500 on average. z Cash theft – stealing cash through skimming (cash that hasn’t been reported into the accounting system but taken by employees), cashing customer cheques, larceny (cash that has been reported which has been taken) or fraudulent disbursement/ reimbursements (releases of funds which have not been authorised by the owner). z Payroll fraud – payroll fraud occurs twice as often in small businesses (fewer than 100 employees) than larger ones.

A classic example is “ghost employees” when a fake or ex-employee is kept on the payroll and is still receiving a wage.

when staff trust each other enough to, for example, share log-in details for the accounting system, this is likely to be damaging in the long run. This makes it difficult to restrict permissions as appropriate and prevents documentation of whom has made changes.

Unfortunately, fraud detection in small businesses often only happens when it is too late. However, there are a few warning signs to watch out for which may indicate a business is at risk. If a business has that one member of staff who ‘never takes a holiday’, it is worth understanding the reason for this. Is this really because they don’t want a break? Or is it because nobody else can do what they do? If it is the latter, and nobody else understands how to make the month-end supplier payments or process payroll, then there is a risk that too much responsibility is concentrated in this employee’s role.

Another red flag is where businesses have one employee doing all the accounting and bookkeeping. This makes it easy for cases of fraud to go unnoticed. Small businesses often feel immune to fraud, and we should encourage clients to maintain robust internal controls and processes.

For businesses that rely largely on their information technology systems to detect and prevent fraud, that can also be a concern. Information technology is a significant part of the day-to-day operations for most organisations these days. However, with this increased dependence on IT, the incidence of technology fraud is increasing and is expected to continue.

The role of forensics

In its simplest form, forensic accounting means the application of accounting techniques and concepts in issues concerning legal matters. The requirement for forensic accounting is due to the high rate of white-collar crimes like fraudulent financials, embezzlement and various other financial wrongdoings. We are called on to investigate various financial frauds by employees, clients or customers. We also help government in the enforcement of regulatory requirements. Put simply, forensic accountants assess whether the numbers add up with reality.

As a forensic investigator, I’ve seen the huge and rapid changes in fraud over the past two years. Prior to COVID, typical forensic investigation cases involved employees, bookkeeping, account takeovers, credit and securities. However, COVID saw a seismic shift, with the dramatic rise in cybercrime threats. And while forensic accounting is always an ever-evolving practice, the arrival of COVID has meant we’ve had to be more agile than ever.

Despite the recent changes, the nature of forensic investigations remains broadly the same. Our role is to answer the ‘who, what, when and how much’ in situations where perception and reality aren’t aligned.

The main roles of forensic accounting specialists are to analyse and prepare financial information for a court of law. Forensic accounting is a field that requires a combination of accounting, auditing and investigative skills. In addition to fraud matters, accountants in this field of work will typically be engaged to review financial records and information in a post-acquisition dispute, economic damages and calculations bankruptcy. Business valuations and insolvency issues also typically require the skills of a forensic accountant.

We meticulously search through documents and often have to follow long and winding paths through financial records, and we regularly find that pools of money travel through various departments, companies and entities. That involves interviewing many types of people, ranging from other accountants to managers to CEOs, in order to get individual stories about any irregularities. A big challenge is identifying who we need to interview and how to conduct an interview that helps accountants solve the case, reveal fraud or recover money. A vital skill is having the ability to observe; to pick up subtle hints or suspicious clues that may lead us to the ‘perpetrator’.

The importance of forensic accounting is growing year on year. We can support and protect business owners from anybody looking to defraud them – regardless of whether they’re a start-up or have been in business for many years.

With the rapid shift to using the internet for business activities – from financials to communication – and the increase in the level of fraudulent activity, the modern forensic accountant becomes even more important than ever. Businesses can protect themselves and the future of their business.

“The importance of forensic accounting is growing year on year. We can support and protect business owners from anybody looking to defraud them...”

*Melissa Lau Partner, Jirsch Sutherland T: 1300 547 724 M: 0472 703 365 E: MelissaL@jirschsutherland.com.au

This article is from: