Bad Buying was published last week, and whilst there wasn’t exactly a rush of media appearances, it was reviewed in the Times on Saturday (behind the paywall unfortunately).

The reviewer (Robert Colvile) enjoyed it, although he found it annoying / depressing that governments seem to make the same mistakes time and time again when it comes to spending public money. Well, yes, I’d agree of course, that being one of my reasons for writing the book! He also picked up on one important point that is mentioned in the book but perhaps deserves more focus.  As Colville put it in his review,

“And the mistake was usually pretty elementary (as a rule, anyone who talks about how their organisation was victim to a “very sophisticated” gang of thieves is telling porky pies: far more likely is that there was a failure to attend to the absolute basics).”

This is so true. We see it almost every time there is a fraud case – the organisation that has lost out claims it is the cleverness of the fraudsters, not the stupidity of management that is to blame. That is the case even if all the fraudsters have done is phoned up the finance department and said “hello, this is IBM here, we’ve changed our bank details, please can you pay our outstanding invoices now to this new account”. Very sophisticated…

But it is  certainly not just the public sector that gets caught out. EssilorLuxottica, the worlds leading lens and eyewear firm, was the target of a 190 million euro ($213 million) fraud at one of its factories in Thailand. At the end of last year, the firm announced that it had fired employees associated with the incident (well, you would, wouldn’t you) and was looking to recover the money.

An intelligent guess would suggest that this was a “fake supplier” fraud, where money was paid under the authorisation of someone internally to external firms that were controlled by the fraudsters.  Those firms would not in reality be supplying anything to EssilorLuxottica of course, and by the  time the fraud was spotted, those bank accounts would have been closed and the cash long since extracted.  But this was a huge amount of money to disappear from a single factory in Thailand – it  sounds like it could be equivalent to the firm’s entire annual revenue in that country.

Assuming that was the nature of the fraud, how on earth could such large sums of money be extracted without anyone noticing? What were the policies in place and processes to check up on those new “suppliers” and their legitimacy? Who was allowed to approve high value payments?  Did the firm outsource any part of the payment process to a third party services provider? (That can sometimes lead to weaknesses in the process and less focus on what is going on).  Maybe there was some sophistication here in the fraud, but it really does smack of poor internal management and controls.

Anyway, that story is really told to demonstrate that it is not just the public sector that can waste money and fall down on basic anti-fraud processes. I’d suggest that every procurement or finance leader and every Board should consciously think about this question – “if I wanted to defraud my organisation, how would I do it”? 

Think  through the different options and potential points of weakness, and evaluate whether there are processes, checks or policies in place that would stop you getting away with it. If the answer is “no”, then either tighten up quickly or accept that you might be the next person waffling on to the press about “sophisticated criminals”!  Personally, I would also fire the CFO if such a basic fraud was committed on his or her watch.

The Bad Buying book might be useful too if you are concerned about these issues.  It contains seven key anti-fraud principles, with some practical and clear advice on how you can at the very least reduce the chances of fraud and corruption affecting your organisation.