IT fraud, damages triple for S'pore companies

Study shows estimated financial cost of insider or third-party fraud last year jumped 224 percent over 2004, and nearly two-thirds of incidents involved the use of IT.

Computer-related fraud is on the rise for businesses in Singapore, a new study has found.

Released Thursday, the KPMG Singapore Fraud Survey Report 2008 revealed that fraud involving the use of IT plagued 59 percent of companies last year, compared to 19 percent in 2004, when the survey was last conducted.

Bob Yap, KPMG's head of forensic in Singapore, noted in a company statement that the effectiveness of controls implemented appeared to be "falling behind" the rapid usage growth of complex IT systems.

"One of the effective ways of averting this trend is to employ technology-based processes as a tool to prevent and detect technology-related fraud," he pointed out.

Fraud categories

Source: KPMG

Financial reporting fraud, said KPMG, has also increased significantly--some 24 percent of businesses indicated an occurrence in 2007, compared to 9 percent in 2004.

According to the report, financial cost as a result of insider or third-party fraud--the two most common types of fraud incidents--has also jumped 224 percent over 2004 to register S$4.4 million (US$3.2 million) last year.

The advisory firm indicated in the report that it expects computer-related and financial reporting fraud occurrences to further increase in subsequent surveys.

Overall, about one in four businesses (23 percent) in Singapore has experienced fraud at least once but this has not differed much from 2004, said KPMG.

Fraud risk management 'vital'
According to KPMG, 55 percent of reported fraud incidents are caused by "poor overridden internal controls". Collusion between employees and third parties made up another 24 percent of fraud cases.

Effective fraud fighting

1. Develop a tailored fraud risk management framework--peg the cost of antifraud initiatives to the benefits the company derives.
2. Improve fraud reporting channels--provide clearly defined, confidential and independent channels to encourage employees to report suspicions of fraud.
3. Enhance fraud awareness--train management and staff to identify the early warning signs of potential fraud or misconduct.
4. Implement 'people focused' antifraud initiatives--have simple but effective practices such as formalizing a conflict of interest policy and requiring all employees to declare compliance to fraud and ethics-related policies.

Source: KPMG

Putting in place a comprehensive and robust fraud risk management policy is vital to close the door on opportunities for fraud, said Yap. "While it may not be possible to eliminate fraud completely, it can be significantly reduced with an adequate fraud risk management framework.

"To this end, the Board, senior management and all employees of an organization share the equally important role to combat fraud," he added.

Over 90 percent of respondents agreed that fraud risk management was essential for good business practice. However, one out of two of the respondents whose organizations had experienced fraud indicated they were not satisfied with existing fraud risk management framework.

Sixty-five percent were also not thoroughly convinced that their management had the skills to identify "red flags" or warning signals of potential fraud. Also, 32 percent were not fully satisfied that their organizations have identified the fraud risks they face, a step that KPMG said was a precondition to instituting detective antifraud measures.

The KPMG survey covered company directors and senior executives from the top 1,000 companies as well as those listed on the Singapore Exchange.