Fraud. It seems a great business to be in, unfortunately. A recent survey estimated that 70 per cent of organisations globally are affected by it.
It suggests that losses from fraud amounted, on average, to 1.4 per cent of revenue in 2013 alone, but for one in 10 firms cost more than four per cent of revenue . So we are not talking small change.
Fraud is not a victimless crime, either, and if it was called 'theft' would be more accurately described. Stealing from a company not only robs it of revenue, on which investment and employment decisions rely, but destroys trust within an organisation. Often the thief is an employee.
Our advancing corporate civilisation seems to have hit a wall when it comes to second-guessing human nature, with its tendency to sometimes do more than swipe the odd office felt tip pen.
I see fraud regularly as a forensic accountant, a job that involves following financial inconsistencies and sleights of hand to find out where stolen money is going. What is striking is not how complex fraud usually is, but how pitifully obvious. There are rarely great criminal minds at work, just the usual suspects, Greed and Opportunity.
The good news is that this makes avoiding your business becoming a victim easier than many think. The key is to replace blind trust with professional scepticism.
Blind trust is the belief that an employee with access to company accounts chooses to stay late and work weekends, unobserved, out of selfless devotion.
Professional scepticism is what allows those motives to be questioned, possibly using discrete checks. It is surprising how little we question motives, perhaps out of embarrassment, but often out of inertia.
The profile of a typical corporate fraudster is quite straightforward: Male and trusted. Women are less likely to try it, possibly because of a natural risk aversion, but they still account for a quarter of all cases.
There are also other markers. A typical fraudster has been with an organisation for less than five years; and most fraud is not a one-off, but in 90 per cent of cases involves multiple offences.
An idea called 'the fraud triangle' is a help in countering the risk. This is a simple rule stating that a fraud arises where there is motive, opportunity and ability. It is very hard to remove or anticipate motive. Even the most honest employee may feel driven to steal by circumstance, and some people do it just for kicks.
But it is possible to limit opportunity and ability. Fear of detection is the best way to prevent and deter fraud; and this involves checks and balances. The first step is a robust risk assessment to work out where vulnerabilities lie.
Ensure that a whistleblower system is in place to allow both employees and external parties to report suspicions in confidence. Detecting fraud does not generally involve complicated software, just commonsense.
Once a fraud is spotted it is vital to get professional help. It may be endemic, not just one individual.
One fraud of my acquaintance involved a financial controller forging the managing -director's signature, and the financial director simply assuming the cheques were correct. Where was their professional scepticism?
If your organisation is big enough to support one, then human resources departments must be involved at an early stage, not least to ensure that investigations are carried out in a way that does not backfire by breaching rights and obligations.
Larger businesses should consider an external check on their purchase ledger. These audits not only uncover fraud, but often overpayments.
Professional scepticism also means looking long and hard at exceptional success, either from a division or an individual. Good performance should be subject to as much management scrutiny as bad.
After many years tracking down missing money I have learned a truth: often the only people more simple that the fraud are those whose job it is to make sure it doesn't happen.