Phil Sapey from Mazars speaks to the Counter Fraud Centre about the counter fraud landscape and emerging risks
In our series of interviews featuring counter fraud experts, Phil Sapey from Mazars shares his thoughts on the current, challenging counter fraud landscape. He identifies the key fraud risks impacting the public sector and considers the future of the counter fraud profession.
Mazars is one of the CIPFA Counter Fraud Centre’s Founding Partners. Mazars is an international, integrated and independent organisation, specialising in audit, advisory, accounting and tax services.
I’ve been investigating fraud for the last 20 years, in one form or another. I started off in the DWP, moved over to the local authority and there did the Accredited Counter Fraud Specialist course with Thames Valley Police. I went on and did the graduate counter fraud specialist course at Portsmouth University then went and worked at Deloitte for seven or eight years. I saw lots of interesting councils and then finally moved up into Mazars where I look after a team of investigators who undertake work all over the public sector and mainly in councils and in some charities and third sector organisations.
Mazars has a really broad range of offerings across the public sector, in local government predominantly but also in the third sector and charities as well. Within local government, what we’re looking at are investigations that are as diverse as the services provided by the local councils. We often help with investigations that are a bit politically sensitive or where an independent view is needed, where there might be criticism if it was investigated internally. Certainly in London, where are there are quite a lot of investigation skills in-house. But outside London where there are less corporate fraud teams but even so, in London too, there are teams we work with to provide a bit of extra resources and manpower, a few extra skills and few extra products that we might be able to offer or bring to the table. So a lot of reactive investigations but we also see what going on in terms of trends and emerging fraud risks as well. We review counter fraud teams and see whether or not they’ve got the right processes in place to deal with them too. So a bit of proactive and reactive work where it’s needed.
The current landscape with regards to counter fraud is just fascinating. For about the last five years or so I’ve been talking at various different places about the counter fraud landscape, and the curse is that we live in interesting times and we do – and it’s just getting more and more interesting as resources are cut, as councils make efficiency savings, it introduces a whole new level of fraud risks. The Single Fraud Investigation Service (SFIS) for local councils has been one of the biggest changes. And I think one of the unforeseen consequences of that is that councils have really started to diversify and are looking at areas of real fraud risks rather than just concentrating on those high volume benefit fraud cases all the time. They’ve moved into looking at procurement fraud and looking into tenancy fraud and also public health risks as well – personal budgets, direct payments and better care funds. And what’s happened is that council investigators have actually started thinking ‘what other areas should I be looking at’ and really getting out there and making themselves known.
I’d quite like to answer the question of central government and local government together because I think that with regards to the big risks, at a macro level, I think are the same for both. You’ve got an issue with resources and with skills across both, and so for different reasons, I think with central government, there’s a lots of departments that traditionally have not looked at fraud, have not considered it particularly at all.
With local government it’s an issue with the SFIS, where the skilled investigators have moved on. So you’ve got this issue of resource. Then I think the other two big and rather general risks are cyber – the risks there are both for central government and for local government and they’re really varied in terms of what the risks are when you drill down in cyber. Even with the bank mandate fraud – the email asking for bank account details to be changed, the email from the chief exec asking for an urgent payment to this bank account – those emails are coming through at a really rather rapid rate and it’s something that is affecting all organisations. And I think the final one, which is again quite general is the procurement and contact management. I think that councils and central government are starting to think about procurement and the risks that are around that. But what they’re not necessarily thinking about quite so much is the effective monitoring of contracts and therein you also end up with a rather significant fraud risk.
One thing I’d add on local government is the sale of assets and it’s something that we have been seeing in terms of councils selling assets and just trying to chase through how they’ve been sold and what the process has been.
I like this term, emerging fraud risks. I say I like it but I don’t really because they’re not necessarily emerging. They’ve always been there. There’s nothing new under the sun and what we’re seeing is just different fraud risks. And I’d like to say that they’re more sophisticated but actually they’re not necessarily. It’s the same blunt instruments and they’re exploiting the gaps that have been left by cuts in controls and also in resources. As people have left the organisations, efficiencies have been made then there are gaps left.
One of the big areas that we’re seeing and it’s an area that’s been reported by the National Audit Office and has been picked by the media as well, is within the better care fund and particularly with regards to the commissioning of work and where the better care funds are now being managed by local councils jointly with CCGs, we’re seeing the joint commissioning of work and there are all sorts of risks that go along with that.
The first is the area that the NAO identified which is conflicts of interest. So you’ve got bidders who are also buying the work. So you’ve got 43% of doctors have got an interest in a company that is delivering services to a CCG and what you’ve got is a new model. What’s needed is clarity and governance so that the council knows who is responsible for the money and the CCG knows who is responsible for the money, who is going to be responsible for authorising payment, who’s responsible for delivering the services. And with extended lines of authorisation, there are just more risks that get introduced into the process. And so it’s a really big area of fraud risk and one that hasn’t really been picked up by an awful lot of councils.
The counter fraud arena progressing is a very interesting question, because everyone is trying to do more with less. And, it’s a really different time for most councils. In terms of how it is going to progress, one of the key things is to have skilled investigators and people who have got the know-how to be able to deliver these services. I was fortunate when I joined this profession and started as an investigator, I was one of the first tranche who went through the Accredited Counter Fraud Specialist Group at Thames Valley Police, as it was then, and then credited by Portsmouth University. But moving on from there, one of the big problems is that there is no continuing professional development, no body, nothing that has kept that up to date.
What will make a big difference, and what is essential for the profession to continue now, is to have that CPD, and look at areas where you know you perhaps need a bit of upskilling – you need to know a little bit more about procurement fraud, you need to know a little bit more about right to buy fraud, or business rates fraud. Even learning some new skills, audit side, maybe developing your skills in reporting – all of those kinds of things are going to be essential for investigators going forward, and I think that continuing professional development is going to be a key part of that.
CIPFA and Mazars are working together in a lot of ways just at the moment. I guess the two keys ones though are firstly, having identified that whistleblowing is a bit of a problem within many organisations. Whistleblowing procedures aren’t in place, and in addition to that, the whistleblowers aren’t confident in coming forward, and perhaps even management don’t really know how to deal with whistleblowers. And so, there is an e-learning package that Mazars, CIPFA and Public Concern at Work have worked on together in order to deliver some knowledge there.
In addition we have been going out and doing some round table events and speaking at various different symposia, and looking at fraud risks and discussing those fraud risks. And it’s been really interesting to see how, across the country, there really are very different risks actually, they really vary quite a lot. And that kind of knowledge has allowed us to really scan the horizon and feed back to councils about emerging fraud risks, about trends, and to discuss things councils might want to be looking at in the future.