/>
X
Business

EDS' BoQ disaster: The fallout

There was a time when EDS Australia contractor Reecson Denford was living the dream. After taking advantage of his position to steal $2.9 million from EDS client Bank of Queensland (BoQ), Reecson spent $450,000 on French champagne, bought himself a $100,000 BMW and his wife $320,000 worth of jewellery.
Written by Suzanne Tindal, Contributor on

There was a time when EDS Australia contractor Reecson Denford was living the dream. After taking advantage of his position to steal $2.9 million from EDS client Bank of Queensland (BoQ), Denford spent $450,000 on French champagne, bought himself a $100,000 BMW and his wife $320,000 worth of jewellery.

Things aren't so great now for the 24-year-old — he's been sentenced to nine years in jail, with Australia's ICT industry reeling at the audacity of his actions. But what's next for EDS (now HP Enterprise Services) and Bank of Queensland itself?

In the aftermath the bank has looked to its agreement with HP Enterprise Services to protect itself.

The EDS employee had discovered a loophole with which he could make unchecked credit voucher transactions under $10,000 to a body corporate looked after by his wife, money which was then forwarded onto his personal account. He made hundreds of transactions between November 2006 and August 2008.

Denford spent the money to impress his "much older" wife, buying luxury items such as $450,000 worth of French champagne, a $100,000 BMW and $320,000 worth of jewellery. He even made a trip to the world's only seven-star hotel in Dubai. The nature of his purchases meant that from the $2.935 million Denford stole, the bank has only been able to recover $536,374, leaving it $2.4 million out of pocket.

The question of who footed the bill was something that would have caused a lot of poring over contracts and discussing service level agreements, according to Ovum analyst Jens Butler. "Will EDS/HP have to wear this or will it be covered by BoQ?" he mused.

A comment by the bank seemed to indicate that it would be looking to be compensated via the terms of its contract. "It would be inappropriate for BoQ to comment on the particulars of any employee of one of our outsourcing partners except to say we consider such breaches seriously and rely on the contractual guarantees to protect BoQ," a spokesperson for the bank told ZDNet.com.au.

"They've certainly got something in place," Butler said of the statement. He said the bank could possibly impose penalties on the outsourcer or receive credits for future work.

"[It's] $2.5 million out of pocket. [It'll] be looking for service credits at the very least," Intelligent Business Research Services (IBRS) advisor James Turner agreed.

EDS owner HP did not shed any light on the matter. As far as the company is concerned, the matter is over, and not for discussion. The company said: "HP is satisfied that this unfortunate matter has drawn to a conclusion. Being a legal matter lead by the Department of Public Prosecutions, HP has no further statements to add at this time."

Yet according to analysts, such occurrences will be more frequent as disgruntled employees in the wake of the financial crisis see opportunities and take them, so HP may not be able to just put the issue in its rear-view mirror.

The bottom line is that a lot of people were laid off. That's definitely driven a high level of fraud. I suspect we'll see more

KPMG forensic partner Gary Gill

"The bottom line is that a lot of people were laid off. That's definitely driven a high level of fraud. I suspect we'll see more," KPMG Forensic partner Gary Gill said.

Redundancies and low morale exacerbate what is called the fraud triangle, which consists of need, justification and opportunity. Employees might need money because of the crisis, and feel justified as their colleagues are laid off so utilise opportunities they see, according to IBRS' Turner.

So although automatic controls watching transactions and employee identities will help keep track of fraud, Turner also believed that communication was an important aspect for preventing and detecting criminal activity.

Turner thought it strange that Denford's colleagues didn't notice the fraud earlier considering how much money he had spent. "One of the best alarms is the line manager if they're doing their job," he said. "It's hard to imagine being able to flush $3 million through your lifestyle without someone noticing."

The 2008 fraud survey by KPMG of 420 Australian organisations showed that the average number of days fraud went undetected was 211 for a manager, 233 for a non-management employee, 240 for a director, 423 for employees who acted together, 558 for external offenders and 720 for a senior executive.

The year and nine months that Denford carried out his fraud puts him in the upper range of those numbers. The amount of the fraud also put Bank of Queensland on par with only seven organisations in the fraud survey of 420 who had experienced fraud worth over $3 million.

Poor internal controls were the most important factor contributing to major fraud, according to the survey. Certainly, Denford seemed to have found a loophole in the controls, Turner surmised, which made him wonder whether EDS had made its auditing buffer too thin. "There are some areas where you actually need spare capacity. Were they running too close to the line?" he asked.

Some people take staples from the cupboard, some people make personal phone calls. You get bad eggs everywhere.

IDC analyst Matt Oostveen

Yet IDC analyst Matt Oostveen said it was a given that outsourcers would spend less on watching their people because of the pricing. That's why the financial institutions usually monitored the outsourcers closely themselves, sometimes with militant precision. One example of a measure they could take is to get contractors to take leave in at least two-week blocks so that the company can send fraud detection teams in for in-depth checking.

He didn't think that there was anything in the case which pointed to something wrong with EDS or that there should be a shake-up. Fraud was just a constant in businesses. "Some people take staples from the cupboard, some people make personal phone calls," he said. "You get bad eggs everywhere."

This realist attitude that "fraud occurs anywhere" meant that, although Bank of Queensland may be able to use the incident as a bargaining chip, EDS was unlikely to suffer unduly from the behaviour of its one bad egg, according to the analysts. The outsourcer's long-term contract, which runs out in 2014, will also give it time to repair relations. "The timing is not bad," Ovum's Butler said. "It's got another 3.5 years to rebuild the relationship, to go beyond the call of duty to clean up the mess."

There was the possibility that the highly publicised fraud case could put more pressure on outsourcers to keep their auditing up to scratch, Turner said. Yet whatever actions were taken, some fraud would always slip through the net. Fraud, like terrorism, was an "asymmetric war", according to the advisor, which saw lots of money spent to catch the few who acted up. "It's bloody hard," he said.

Carousel champagne image: Champagne glasses by Mocanu Bogdan, royalty free.

Editorial standards

Related

How much RAM does your Windows 11 PC need?
adobestock-339222220

How much RAM does your Windows 11 PC need?

What is ChatGPT and why does it matter? Here's what you need to know
chat bot

What is ChatGPT and why does it matter? Here's what you need to know

How to nail the 'Do you have any questions for me?' part of the interview
job interview

How to nail the 'Do you have any questions for me?' part of the interview