Behind the sheer glass walls of the Deloitte Centre in Auckland Central Business District sits Ian Tuke. He's a forensic tax accountant, it's his job to detect irregularities in the rational world of numbers. In other words, it's his job to detect fraud.
You might think, given New Zealand's squeaky-clean image on almost every international corruption measure, that he's not a particularly busy man. But at least three times a week Deloitte's forensic team get a call from distraught, emotional business people who have just discovered large amounts of money missing from the company coffers. Either hundreds of thousands, or millions have gone missing.
By the time it has "all hit the fan" and his phone rings, it's usually far too late, says Tuke. The missing money has gone on anything from holidays, to boats, to shoes and the full amount will never be recouped. In the case of small businesses, it can mean shutting up shop for good.
Tuke says tragically there are often obvious signs of fraud that the company has missed - nor were they prepared to deal with fraud once it is discovered.
New Zealand businesses simply don't take the threat of fraud seriously enough, it would seem, despite a spate of cases exposed during the global financial crisis raising awareness of the issue.
In fact, the latest survey on economic crime from another accounting firm, PricewaterhouseCoopers (PwC), is entitled "What you don't know can hurt you", just to hammer the point home.
According to the survey, one in every three New Zealand businesses has experienced "economic crime" in the last two years. Those crimes include fraud, corruption, cybercrime, IP infringement and accounting fraud. The report labelled the figure "an alarming finding and a reminder to all organisations to remain vigilant to the threats they face". New Zealand placed 45th out of more than 95 countries for reported incidents of crime.
Bernard Lamusse is a partner in Hamilton's BDO accounting firm.
He points out that the latest BDO Not for Profit Sector Fraud Survey 2014 shows, "90 per cent of organisations surveyed think fraud is a problem for the wider sector, only 28 per cent believe it is a problem for their organisation". While the survey covers the not-for-profit sector, Lamusse believes there are similarities between it and the private sector.
"A common weakness is inappropriate risk management due to failure to acknowledge the depth of risk," he says.
Tuke agrees, and says the first step is knowing who to look for, and what signs to keep an eye on.
He says in medium to large businesses, fraud is often carried out by a male in an executive position. "They tend to be a bit of a bully around the office, requiring that actions are carried out without room for questions," he says, "and they know how to get around the controls."
Increasingly, there is an element of collusion in the fraud cases the Deloitte team are dealing with, too. "Usually it's a manager and another employee or an employee and a supplier," says Tuke. "There is a relationship there."
SMEs tended to "get hammered by a trusted employee", and regardless of the business size, another typical profile "is your woman in her 30s who is your personal assistant, office manager or someone in accounts payable".
But knowing who to look for is one thing, getting systems in place to prevent fraud is another.
Lamusse says segregating duties, and making sure more than one person has oversight of transactions and book keeping is important. Reviewing and checking the accounts, as well as sending regular statements to customers, makes it difficult for fraudsters too.
"Insist on staff taking at least two continuous weeks of annual leave and make sure that someone else does their work, with oversight," says Lamusse.
TUKE says taking a few hours to sit down and brainstorm where your organisation is most vulnerable could save years of heartache later. Obvious areas to think about are accounts payable, accounts receivable and identifying and protecting your "crown jewels" in IP, he says.
When it comes to detecting fraud, your "people are a million miles ahead of any other item in your toolbox".
Letting employees know what the warning signs are and what to do if they suspect something is the "tricky bit", says Tuke. "Employees need to know there is confidentiality. A common failing in a company's approach is having a fraud policy buried on the intranet saying ‘here's a number, here's who to call' and it isn't communicated adequately."
He says that last year Deloitte saw "half a dozen cases where the employees knew something wasn't right but didn't tell anyone because they weren't sure what to do and how they would be protected if they spoke up".
Typical signs of a problem include constant late nights at the office, requests for last-minute payments, an unwillingness to hand control over to others - all the signs of a good employee.
Finally, there are some "cost effective, funky tools" available for detecting fraud, says Tuke.
"Data Analytics may sound scary and expensive, but it doesn't need to be," he says.
"If you do nothing else, run some analysis across the bank payment data to look for payments going somewhere other than where you expect."
The accountant says his company has detected "a bunch of fraud" using the technology.
But, as Serious Fraud Office boss Julie Read says, businesses also need to be aware of the ways technology can be used against them.
Whether it's fraudulent emails, setting up fake accounts or identity theft, she says using technology is "a feature of frauds more commonly now."
Cybercrime, too, was getting "more and more sophisticated".
From Read's point of view, there are two big reasons fraud can occur. "The big things that allow frauds to occur without being picked up is things like poor governance, not have sufficient board leadership, not having sufficient systems in place," she says. "We see a lot of very, very poor accounting systems."
While fraud will always exist - all agree it is worth ensuring your business is secure now.