What are You Doing About the Risk of Fraud in Your Organisation?

Part I

The Menace of Corporate Fraud                                

Let me tell you a little story.

Sometime during my Fraud Detective years in Bulawayo in the 90s, I had occasion to investigate a case which had been reported and recorded as a Fraud at one of the police stations in Bulawayo.

When I interviewed the person who had been named as the “accused”, he confessed to the crime of Fraud as indicated on the police report. However, upon preliminary examination I noticed that the elements of the crime did not amount to Fraud. Theft matched the circumstances better. In fact, I concluded that the crime at hand was Theft and not Fraud. When I relayed this new reality to the accused, he was not amused. “No”, he said, “I did commit the crime of Fraud not Theft”. My explanation of the difference between the two could not help; he was proud to be a fraudster not a mare thief!

This short story, true to the dot, is a testimony to the predicament we face in our organizations in Zimbabwe. Fraud is somehow viewed as cool, trendy, even sexy. It’s a sad fact of life. It makes the prevention, detection, investigation, and prosecution of Fraud a trifle burdensome. One has the feeling (if you are in the fraud fighting community like me) of sailing against the wind.

What about the business leaders? How do they react to this “sad fact of life”? The ostrich comes to mind here! But at what cost? The global statistic, according to the Association of Fraud Examiners [http://www.acfe.com/rttn/2010-rttn.asp], is 6% of medium to large enterprises’ turnover lost to fraud annually, on average. With the attitude exhibited in my Bulawayo story, we can only imagine what the situation, in dollar terms, is like in Zimbabwe.

Ladies and gentlemen, Fraud is a manageable risk. 

I ‘ll be examining the framework of fraud risk management in Part II, in my next post.

© Caleb Mutsumba

Auditor Outsource Advantages

Below is the template of a letter that I have used to highlights the benefits of outsourcing the Internal Audit function for a small to medium organisation.


Dear Sir/Madam

I refer to your online advert quoted above.

You require an Internal Auditor to join your staff. We at FiveWH Corporate Services (Pvt) Limited (“5wh”) offer internal audit services – a convenient outsource solution that costs you no more than the gross salary of the auditor or auditors concerned. A great saving considering that salaries are only a portion of the total cost of running an audit department.
I know that your organisation had to plan and approve the Chief Internal Auditor position (let alone the Internal Audit department) at the highest level. I also know that changing that arrangement may not be easy. Nevertheless, here are some of the benefits you derive from outsourcing the Internal Auditor function:-

  1. Top flight skills: Not only do you get an effective skills-set, you also have knowledge and research backup from the 5wh “back office” at no extra cost to you.
  2. Cost: You get these skills at a fraction of the cost of running an in-house audit department. That’s because of not only the savings arising out of staff benefits and administration, but also because as 5wh our costs are spread across a portfolio of many clients – economies of scale.
  3. HR: Staff administration is a necessary hassle that many an employer love to pretend does not exist. When you outsource, you get the HR benefit while avoiding the administration costs and risks.
  4. Related services: Forensic audit and internal controls tune-up are skills that many audit professionals pretend to have. We do have these skills.
  5. Experience: Because we have clients across many sectors of the Zimbabwe economy, we have “war stories” to share, on a no-names basis, of cause.
  6. We have worked, and a currently working, with various profit and not-for-profit organisations.

Please feel free to contact me any time to explore areas of mutual interest. Meanwhile, let me know if you would want me to send you our company profile. I have attached a schedule on in-house v outsource  cost comparatives of the issues highlighted above.

Caleb Mutsumba

FiveWH Corporate Services (Pvt) Limited
+263 772 466540/ +263 712 620287
Please note that this email is not spam. It is a response to the advert referred to above.


Below is an article which appeared in the July/August 2003 issue of Business Digest, a now defunct Harare publication.


In the March/April issue of this journal, we carried an article by Caleb Mutsumba on ‘Fraud At Your Workplace’. This outlined the common problems of theft and false accounting and referred to the importance of developing a contingency plan to implement when fraud is detected.

In this article, Caleb Mutsumba gives specific guidance on developing such a plan.

In terms of our Companies Act (Chapter 24:03 of the Statute Law, Section 140), it is the responsibility of management to establish and maintain an adequate internal control structure and procedures for financial reporting.

In the new Sarbanes-Oxley Act of 2002, the USA goes one step further than this statement of the obvious when it stipulates that management should report on the company’s internal controls, and the auditor should give an opinion on the effectiveness of those controls.

The grave risks posed by occupational fraud – reflecting adversely on management – can be greatly mitigated by a well-thought-out company policy on fraud and an operational Fraud Response & Contingency Plan.

A ‘policy’ may be regarded as providing standing answers to recurring questions.

The two purposes of a Fraud Policy are to –
 provide an outline as to what may constitute fraud, and
 detail procedures to be followed where fraud is suspected or discovered.

A fraud policy also reduces the moral burden of one employee reporting on a fellow employee (‘dobbing’, in the slang term). Because it usually makes it clear that not informing management about possible fraudulent activities may lead to a drawing of negative inferences against the employee-in-the-know, such a policy makes it easier for employees to, to ‘blow the whistle’ on wrong-doing – from which is derived the term ‘whistle-blowing’.

Where an organisation has an ‘Ethics Policy’, the expected behaviour regarding reporting fraudulent activities may be incorporated therein. Alternatively, the obligation to report where fraud is suspected or discovered – and the procedures to be followed by various parties – may be crafted into a composite policy document known as a Fraud Response & Contingency Plan.

When a fraud is discovered, there is a need for clear, prompt and appropriate action. Yet, if managers have not experienced the situation before, the existence of a Fraud Response & Contingency Plan increases the likelihood that the crisis will be managed effectively.

Individual Responsibilities
A Fraud Response & Contingency Plan should spell out officials’ responsibilities regarding various procedures, as follows.

  • The official from the management team who is responsible for the preliminary investigation.
  • Depending on the outcome of the preliminary investigation, there may be a need to involve independent investigators to perform a thorough investigation.
  • Other designated personnel in the organisation who should be informed immediately if a fraud is detected or suspected.
  • Who should decide when and which lawyers and/or forensic auditors should be instructed, and who should liaise with them.
  • Who should decide on the involvement of the police and/or regulators, and who should liaise with them.
  • What steps will be followed and actions taken after the investigation is referred to the police and/or regulatory agencies.

Dealing with employees suspected of fraud

The Contingency Plan should –

  • Specify that the suspected fraudster should have no rights of physical access to company buildings – or to clients (see Footnote 1  below).
  • Emphasise that the investigation team should not allow the suspect to have unsupervised access to company records or computer equipment during the investigation (see below – Where Computers are involved).
  • Specify that procedures followed will be fair – e.g. the employee will be provided with an opportunity to answer allegations (see Footnote 2)
  • Emphasise that management needs to be fully aware of legal termination procedures. Take legal advice as necessary.
  • • Mention the need to consider consultation with union/workers representatives, where appropriate.

Interviewing the suspect

The Contingency Plan should state that where lawyers and/or the police indicate that the company should interview the suspect –

  • The requirements of the disciplinary legal process have been considered and balanced.
  • The interview is held by a senior member of staff with a note-taker.
  • Detailed notes of all conversations and meetings held with the suspected fraudster are made, as these notes may be used for prosecution purposes (see Footnote 3).

Collecting and handling evidence

The Plan should outline steps to follow in collecting and handling evidence –

  • Collect all related original documents from the premises and from external sources (e.g. banks).
  • Record from whom, from where and when the document was collected (include date & time, so as to make a clear ‘audit trail’).
  • Take care not to ‘contaminate’ evidence, as it may be needed for evidence purposes. For example –

 Do not mark any of the original documents
 Limit the number of times the documents are handled.

Where Computers are involved

  • Obtain details of all the suspect’s passwords and computer rights.
  • Freeze the suspect’s IT network and remote access until the investigation has reached a conclusion.
  • Do not turn off the suspect’s computer, as important and vital information may be lost.
  • Contact an independent specialist for help, as necessary.

Communicating to staff

  • Keep as much information as possible confidential. In the early days of an investigation, it is often not possible to identify all those who may be involved.
  • Ensure that a consistent message in line with the press release (see below – Publicity) is issued to staff still at work.
  • Remind staff of the confidentiality clause within their employment contracts, to try and restrict additional details of the story being leaked outside the workplace.


  • Inform the designated press officer of the suspected fraud at the earliest opportunity.
  • Agree on a statement that can be used when necessary.
  • Ensure that all calls received by employees about the suspected fraud are routed to the press officer.

Contact Numbers

The contingency plan should record contact details for those involved in operating the plan, such as appropriate board members  and  third parties who may have to be contacted, including:

  • Police
  • Lawyers
  • Forensic Auditors/Accountants
  • Auditors
  • Insurers
  • Regulators.

Professional Forensic Services

I hope this brief outline shows that it is vital to have a contingency plan laying down quick and effective steps to be taken when fraud is detected. Professional fraud examiners, such as 5wh Forensic Services, besides investigating fraud, assist businesses to outline strategies to minimise the risk of fraud. These include assistance with crafting and operationalising effective fraud policies and contingency plans.

© Caleb Mutsumba


Footnote 1

Preventing physical access to company premises necessitates suspending the employee from duty. New Termination of Employment Regulations contained in Statutory Instrument 130 of 2003 gazetted on 23rd May 2003 provide for ‘summary suspension without pay … where an employer has good cause to believe that an employee is guilty of any of the conduct mentioned in paragraph (b) of subsection (2) of section 12B of the Labour Act’. Section 12B(2)(iv) of the Labour Act refers to ‘theft or fraud’.

What constitutes ‘good cause’? You just need a reasonable basis for believing that the employee has a case to answer – you do not need to be able to prove him guilty before suspending him. His guilt or innocence – on a balance of probabilities – will have to be established at the Disciplinary Hearing that you need to carry out after the investigation. Note that in terms of labour law you will need to hold an internal hearing to regularise dismissal, even where the police prosecute successfully and the employee is found guilty in criminal court. Until you formally terminate his employment, and have a written record of evidence proving his guilt, he remains employed by you.

Footnote 2

Section 101 of the Labour Act deals with Codes of Conduct and 101(3)(e)& (f) spells out the rights of an accused employee to –
 Be notified that disciplinary proceedings are to be commenced against him in terms of a                specific breach of the Employment Code (or Section 12B(iv) of the Labour Act if there is no            company Code or National Employment Council Code in existence)
 Be given the opportunity to answer allegations at a hearing.

Footnote 3

When you hold your own internal Disciplinary Hearing –regardless of whether you call in the police – note that :–
 It is easier to prove ‘guilt’ in an internal administrative hearing than in a criminal court.
This is because the ‘burden of proof’ in a Disciplinary Hearing requires only that you prove            the employee to be guilty on a balance of probabilities, rather than on the more strenuous            basis of beyond reasonable doubt.
How do you do this? Labour consultant George Makings advises the Hearing Officer or Committee to –
 list in one column on a sheet of paper the strong evidence presented against the suspected            fraudster (and then the weak evidence).
 In the neighbouring column, then list the strong (and weak) defences the employee                           presented in denying the allegations.
 Appraise the columns – and decide ‘on the balance of probabilities’ whether the employee is        guilty of fraud.

 The Labour Act [Section 101(3)(g)] states ‘a written record or summary (must) be made of             any proceedings or decisions taken in terms of the employment code’. This would obviously         also apply if you proceed in terms of Section 12B, where there is no employment code of                 conduct. The reason for having a written record is that appeals against decisions are often             done on the written record of the hearing, not by means of a new hearing.

The above material is from George Makings’ 2003 Commentary on the New Labour Act.