The real estate and construction industries are both susceptible to fraud, but there are steps businesses can take to impede fraudsters and thwart cyber-attacks. We've helped a number of companies with fraud prevention and implement cybersecurity measures.
Published: February 25, 2021
Updated: February 25, 2021
Globally, the Association of Certified Fraud Examiners notes that real estate and construction industry ranks among the highest in both the number of fraud cases reported and the average amount of loss due to fraud.
While the Canadian real estate and construction industries continue to prosper despite the pandemic, many organizations believe they could never be the victim of fraud. Incidents at Bondfield Construction as well as in Quebec's construction industry exposed by the Charbonneau Commission prove that companies in the sector are susceptible to fraud. And those cases are just the ones that are reported. There are often fraud-related incidents that are never made public.
Companies that have good systems to reduce fraud exposure generally have been victims of fraud in the past. However, most organizations react to fraud rather than take proactive measures to prevent it from occurring. Studies indicate proactively handling potential fraud exposure is far less stressful, easier on the wallet, and keeps businesses focused on what they do best, which is running their business.
To be effective in managing fraud risk, companies must take measures to reduce exposure to fraud and implement systems that assist in detecting red flags indicative of fraud.
Recognizing fraud
Understanding who the perpetrators of fraud are, how they commit fraud, and why fraud may be committed will provide great insight to any organization that has the desire to proactively control fraud risk. Studies show companies on average lose about 5% of their annual revenue to fraud, but this figure can be twice as much in the construction industry.
Given the complexity of the procurement process in real estate and construction projects, fraudulent activities are commonly identified during procurement. The potential culprits can be both external and internal stakeholders, including suppliers, contractors, joint venture partners, third-party agents, property managers, and employees (in purchasing, accounting, or sales).
Sometimes fraud is committed when there's a lack of segregation of duties. One person may be responsible for many different functions in an organization with little oversight. Companies are also operating differently due to the pandemic and it creates an opportunity for sub-contractors and vendors to inflate the value they're providing without it being noticed.
Interestingly, motivation to commit fraud isn't always personal greed but may be personal or business related and financial or emotional. Examples of motivating factors include greed to support lifestyle outside one's financial means, personal financial distress, economic pressures, and/or satisfying commitments to business partners.
A fraud-susceptible environment in the real estate and construction industry is generally fostered by weak/lack of internal controls, use of non-arm's length/related parties, use of joint venture parties (especially in unfamiliar jurisdictions), poorly designed project scope, poorly worded contracts, employee/supplier collusion, use of undocumented workers, and use of cash, among others.
Most common fraud schemes noted in the real estate and construction industry include bribery and corruption, bid rigging, billing schemes, cheque tampering, expense account abuse, stealing non-cash assets, material switching, falsifying payments, use of phantom suppliers, and payroll schemes.
Improving cybersecurity
Cybersecurity and fraud are intertwined. Reducing the potential for cyber-attacks can also help prevent fraud.
Cyber-attacks aren't a matter of if, but when. And in some cases, it's not even a matter of when. Some organizations have been breached but don't even know yet. It can sometimes take months for an organization to find out it's happened.
Hackers know that many businesses don't often spend a lot of money or have the funds to spend on cybersecurity. They're also getting more sophisticated and targeting thousands of businesses at a time hoping for some percentage to be successful. With a ransomware attack, for example, they might only ask for a small sum of money. If they're successful with a number of attacks, they'll end up making a large amount.
Those trying to commit fraud may employ phishing techniques, such as using email to try to collect financial information or infect an employee's email with malware. This is why it's important to help make your employees more knowledgeable about how to identify cyber risks and how to respond appropriately.
While companies may not want to pay for preventative care by improving cybersecurity, they'll likely pay a lot more if they're hacked. Besides the monetary costs of being hacked, there's also the reputational risk. If clients find out you've been hacked, they might not want to share information with you. It could also reduce your ability to get investors.
Many companies also don't realize how much information they have about their customers. Even small real estate investors and landlords have a lot of identifying customer information (their bank account details, date of birth, and social insurance number) that could be used to commit fraud, making them the victim.
Prevention and detection
The best fraud prevention strategies begin with knowing your weaknesses, the areas of operations susceptible to fraud and implementing appropriate internal controls. A thorough risk assessment of a company's operations is the first step. This can include both a general fraud risk assessment and cybersecurity specific assessment. This risk assessment should include identification of risks, review of existing controls, policies, and procedures.
Also, a good prevention program will certainly reduce exposure to fraud. While no prevention program can eliminate fraud, it can lower the chances of it from occurring and increase the chance of being caught early (i.e., reduce the impact). Some specific detection procedures relevant to the real estate and construction industry include:
- Detailed comparison of budgeted costs to actual costs, including all budget revisions.
- Scope change order analysis—comparison between original scope and budget, and reasons for the change orders (i.e., change in specifications/drawings).
- Review the bid selection process to ensure compliance with policies.
- Review support provided as proof of reimbursable charges being claimed.
- Detailed analysis of any general/soft accounts, such as contingencies.
- Random checks of payments being made to suppliers to identify phantom suppliers, fictitious invoices and/or inflated billing rates.
Based on the company's size and transactions, these checks may be conducted on ad hoc basis or as part of a formal continuous monitoring program.