One of the most annoying aspects of writing Bad Buying was reading dozens of fraud and corruption cases that came to court. Whilst the cases were often fascinating, the comments from the CFO or CEO of the organisation that suffered the fraud were always predictable. This is what I said in the book.
“But again and again, I see organisations failing to take basic precautions, and then once fraud is discovered, claiming that “this was a very sophisticated fraud”. In most cases, that remark is nonsense and is a fig-leaf for an embarrassed CFO or CEO who didn’t have basic fraud prevention measures in place.
Indeed, one way that fraud could be reduced globally is if CFOs in particular were told that their jobs are on the line. If a fraud takes place on their watch, that could have been prevented through simple actions, then they’ll be fired for incompetence. Implement this, and there will be a measurable drop in such cases very quickly”.
In recent weeks, a fraud committed by an IT manager in the UK’s National Health Service hit the headlines. Barry Stannard of Chelmsford in Essex, was “head of unified communications” for the Mid Essex Hospital Trust, which has since been merged into Mid and South Essex NHS Foundation Trust. He defrauded his employer of £806,229, which came out of the trust’s IT budget. He created two “fake companies” that he controlled, and then authorised payments against invoices from these firms – invoices he obviously produced himself. He failed to declare any interest in these firms (obviously), no products or services invoiced were ever actually provided to the NHS, and he was sentenced to 5 years and 4 months’ imprisonment on June 30th.
At least the hospital did eventually spot this fraud. According to the Digital Health website, “Concerns first arose after the trust ran a data matching exercise on its payroll and accounts payable records, alongside Companies House records. After a comprehensive initial investigation by the Local Counter Fraud Specialist provider (RSM), the investigation was escalated to the NHS Counter Fraud Authority’s National Investigation Service”.
Stannard also charged VAT, which was never paid onwards to the tax authorities, so that was a further fraudulent element. All of the hundreds of invoices submitted by his companies to the trust were individually for less than Stannard’s personal authorisation limit so he got away with it for some time.
At least here nobody used the “sophisticated” word in describing the fraud, which is just as well because it wasn’t. It was a pretty basic fraud and pretty basic best practice was not followed. That means there is a good case for sacking the CFO – and perhaps even the Procurement Head. They certainly should answer these questions.
- Why was there no proper “onboarding check” before a new supplier was first paid? Basic Companies House and Dun & Bradstreet checks would have shown a firm with Stannard as Director and presumably no other income.
- Why was there no “separation of duties”? You should never have the same person able to choose a supplier, sign off the purchases, and approve the invoice (which includes confirmation of receipt of goods / services)?
- Why did his boss not question the expenditure? Actually, it is not clear whether the budgets were his own or belonged to other managers (in which case why didn’t they query these costs for non-existent products)?
It all looks very negligent by the Trust and smacks of a poor attitude to spending taxpayers’ money, which unfortunately we’ve seen before in the case of public sector fraud of this nature. So whatever your role, do think about whether such a fraud would be possible in your organisation. If you wanted to extract money, how would you do it? Would you need an accomplice or could you do it yourself, as in this case. If you do find gaps, then tell the CFO, CEO or equivalent.
I reckon every organisation needs a few creative, cynical but trustworthy employees who can put themselves in the shoes of wrongdoers and have evil thoughts – for the greater good, of course!