INTHEBLACK August 2025 - Magazine - Page 26
F E AT U R E
“Investigating fraud is like pulling on a thread. You start
with one small thing, but as you keep pulling — the whole
lot unravels.”
STAN GALLO, BDO AUSTRALIA
Even the public sector is not immune.
Fraud and error, including unreported fraud,
could be costing the Commonwealth up
to A$100 million per day, according to the
Commonwealth Fraud Prevention Centre.
As fraud risk increases, board
accountability for fraud risk management
is also under sharper scrutiny, particularly
in sectors vulnerable to cybercrime and
procurement fraud.
“Fraud doesn’t just hit the financials,
it erodes trust and organisational morale,”
says Stan Gallo, forensic services partner
at BDO Australia. “Investigating fraud
is like pulling on a thread. You start with
one small thing, but as you keep pulling —
the whole lot unravels.”
COMMON AND EMERGING FRAUDS
Gallo notes that traditional frauds still
dominate: asset misappropriation, false
invoicing, ghost employees and
financial-statement manipulation.
“We still see long-running frauds where
the fraudster approved their own invoices
using a colleague’s login. The detection tools
exist — they are just not as effective as they
need to be.”
Modern risks, however, have grown
darker. Emerging fraud types such as
identity theft, deepfakes, synthetic identities
and compromised business emails exploit
digital systems, making detection harder
without advanced tools and oversight.
“Fraud used to focus on stealing money,”
Gallo states. “Now it’s about stealing
identity, data, trust and reputation,
which are then monetised. The fraudster
doesn’t always look like the typical ‘bad guy’.
They might be your colleague, friend or
a vendor.”
According to Melody Carr, head of
FINPRO claims & technical at Marsh,
cyber-enabled fraud has changed the stakes
of economic crimes. “It is fast, hard to trace
and often global. Once reputational damage
hits, recovery can take years.”
26 INTHEBLACK August 2025
DETECTION TOOLS AND ROLES
While emerging technologies are helping
to detect fraud, it is people who make the
difference. “AI can, for instance, help flag
shared accounts and duplicate payments,
but in the end, it’s usually a person that is
close to the process who spots what doesn’t
add up,” Luckins says.
Yet, the auditors’ role in fraud prevention
and detection is often misunderstood,
he adds.
“There’s an audit expectation gap.
Stakeholders expect us to uncover every
fraudulent act, but that’s not our mandate
unless it materially affects financial
statements.”
Internal auditors, on the other hand,
are embedded in organisations and are
expected to proactively assess fraud risk.
“External auditors provide independent
oversight, but internal auditors are the early
line of defence,” Luckins says. “The most
resilient organisations use both.”
The COSO Internal Control framework
is one of the best fraud-prevention models,
which is supported by fraud-detection
technology such as AI-driven analytics,
machine learning, blockchain for transaction
integrity and behavioural profiling software.
“Technology can flag anomalies at scale,
but effectiveness depends on the inputs and
how much trust you place in it,” Stuart says.
CULTURE AS CONTROL
If controls are the locks on the door,
culture is the reason people don’t try
to open it. A healthy culture or strong tone
at the top of an organisation can be one
of the most effective best practices for
fraud prevention, regardless of the size
of the business.
“When staff feel valued, supported
and aligned with the organisation’s mission,
there’s far less temptation or rationalisation
for fraud,” Carr says. “You need a culture
where asking questions is safe and
encouraged.”
