The Fraud Examiner

Why Software Engineering Firms Need to Hire CFEs

Mary Breslin, CFE
President, Verracy                             

Can a system or software be responsible for fraud? Like a voyeur, I sat and watched the system automatically, and without human intervention, conceal fraud. Let me explain.

I recently completed a fraud investigation in which the system — hardware and software — provided both the opportunity for the fraud and an automated concealment. The fraud was a financially significant skimming scheme that had been ongoing for years and included several individuals colluding to commit occupational fraud. As is not unusual in large fraud cases, the “blame game” started after the conclusion of the investigation.

Who was responsible? The operational management team? They oversaw the daily activities and were overly trusting of the employees.

The executives? They set the tone, the company culture and established policies and procedures which were incredibly lacking in appropriate guidance and expectations of employees.

The software company? They had created the system that provided the opportunity and, more concerning, the concealment. Everything about the system design, reporting and audit trail made the fraud easy to commit and provided nothing that would have helped management identify it.

Frauds. Understanding them and how they are discovered are discussions everyone gets excited about. They captivate our interest and woo us with their exploits. But the aftermath of a fraud and how we clean up the mess is sometimes even more complex — and interesting. In this case, should the software company have any responsibility? Some, or all of the responsibility? Should they have been able to predict this abuse of their system? These became serious questions in the aftermath for the companies involved, as well as the insurance companies and lawyers.

This particular fraud is still playing out, so I don’t have the final outcome. But this case raises important questions that are asked more and more frequently in the aftermath of fraud cases involving software: does the software company bear any legal responsibility for “fraud proofing” their systems?

Sign In

Not a member? Click here to Join Now and access the full page.