It pays to tackle the taboo of internal fraud

Internal fraud poses the most important threat to your organization

By Laurent Colombant and Stavros Stavrinoudakis, SAS

Who’s most likely to defraud your company: a young brilliant hacker lurking in the dark net? A seasoned criminal who now commits cybercrime? Or a well-organized, overseas crime gang with a long reach? It could be any one of the above. But in more than 70 percent of cases, they’ll either be assisted or entirely replaced by an in-house swindler to commit internal fraud. And in more than one-third of those cases, it won’t be an isolated employee: It will involve collusion.

Finding Internal Fraud

Internal fraud is employee fraud

Given their knowledge of internal systems and procedures, insiders are the ones who pose the most important threat of internal fraud to your organization. Current or former employees, contractors and business partners who have (or had) access to internal systems are most likely to set up a scheme to successfully defraud your organization’s money or data.

Usually, insiders apply a low and slow approach that proves to be insidious. According to a recent study by the CERT Insider Threat Center, on average it takes five years before an offending employee starts to defraud his employer and 32 months between the start of the internal fraud and the moment of its detection – if it ever gets detected.

The role of internal audit

Auditors play an important role when it comes to detecting internal fraud. But is it enough?

KPMG’s 2015 Global Audit Committee Survey  highlighted that the job of auditors has become more challenging: Three out of four auditors responded that the time required to carry out their responsibilities has increased significantly. One out of two surveyed said the job continues to grow more difficult each passing year because of time and expertise restraints. Therein lies a clear challenge of resources, time and expertise. But those aren’t the only issues; internal controls and policies are well known by insiders who have all the necessary information in their hands to work around them. Internal audit departments need a second line of defense against internal fraud – this is where advanced analytics comes in.

Employees not taking vacations, accessing data at odd hours and frequently accessing the accounts of elderly people may be signs of fraud.

An application of analytics

Limited internal controls and data silos are the Achilles’ heel of most companies in their protection against internal fraud. It’s a lack of continuous checks and balances and systematic detection that gives knowledgeable people a chance to obtain undue benefit from their employer. The employer runs both an important reputational risk – as well as the risk of seeing the phenomena spread ­– if it’s not stopped.

State-of-the-art detection solutions use a combination of various techniques, such as business rules, access to lists, anomaly detection, text mining, predictive modeling and social network analysis, to enable an investigator to connect the dots and identify abnormal or suspicious behaviors.

For example, employees not taking vacations, accessing data at odd hours and frequently accessing the accounts of elderly people may be signs of fraud. With in-memory and event-streaming technology, these alerts can be instantly delivered to the fraud team for immediate action. Furthermore, data visualization tools help the fraud detection team conduct ad hoc investigations and confirm hunches. To prosecute suspected fraudsters, you need substantiated proof based on a systematic and objective approach. Analytics enables you to identify root issues and budding trends, and provide detailed results.

These methods greatly improve the efficiency of internal control systems by building upon them and consolidating information while rendering a single, constantly updated score based on the analysis of every single transaction and event.

Communication as a deterrent

All too often, employee fraud is considered a taboo and companies are hesitant to tackle the matter for fear of reputational harm. Common reactions may be: “All of our employees are trustworthy,” “That person has been with us for so many years,” and “It’s not in the DNA of our corporate culture.” However, trust doesn’t exclude control. Moreover, the mere existence of an intelligent system that constantly monitors employee behavior on a 24/7 basis sends a clear signal to employees and serves as a deterrent. An automated detection system goes a long way in introducing objectivity in such a program. Analytics brings efficiency and communication while serving to prevent internal fraud.

Then what can you do? Act now! Internal fraud is not a taboo; it’s a constant threat to every organization, and in many cases, is already an issue.

Explore what you can do to detect and prevent internal fraud within your organization. For more information, check out the SAS® Security Intelligence web pages.

Laurent Colombant is a Business Development Manager for SAS fraud solutions for banks and insurance companies. Working mainly in France and Luxembourg, he has over 15 years of experience in the fields of fraud detection, anti-money laundering and counterterrorist financing. He holds an MBA in finance from the University of Michigan.

Stavros Stavrinoudakis is the Professional Services and Presales Senior Manager for SAS Greece-Cyprus-Bulgaria. Stavros has great experience in the business intelligence and analytics areas, having previous roles of CIO, MIS Manager, Member of Strategic IT councils, Business Intelligence Consultant and working either in the software vendor side or inside large scale organizations where he has developed strong expertise in design and implementation of innovative business applications.


Internal Fraud

Get More Insights


Want more Insights from SAS? Subscribe to our Insights newsletter. Or check back often to get more insights on the topics you care about, including analytics, big data, data management, marketing, and risk & fraud.

Back to Top