The recent conviction of former property management employee Riaan Theunissen to 10 years imprisonment for fraud amounting to more than R5.5 million highlights a growing concern for South African businesses – that trusted insiders remain one of the biggest fraud risks for employers.
According to Christo Snyman, Managing Member of leading forensics investigation firm CS Forensics – who conducted the forensic investigation and assisted in reporting the matter to the Directorate for Priority Crime Investigation (DPCI) i.e. the Hawks – the probe uncovered multiple irregular allocations within the rental payment system, as well as payments made to false beneficiaries allegedly created by Theunissen, who was a former manager at a property rental company.
“Theunissen bypassed internal controls in the payment system by archiving certain transactions and failing to follow the company’s approval procedures. Being a senior manager, he had access to both load and release payments,” says Snyman, “exploiting his position of trust and creating an opportunity to manipulate the payment process.”
For Snyman, insider fraud rarely occurs without a combination of enabling factors such as weak internal controls, excessive trust in key individuals, and limited real-time oversight in increasingly digital work environments. “It is suspected that Theunissen committed fraud at one of his previous employers, a matter currently under investigation, with growing concerns that the alleged criminal conduct may not have been reported at the time, highlighting the importance of the duty to report,” says Snyman. “Under the Prevention and Combating of Corrupt Activities (PRECCA) Act, anyone in a position of authority is required to report suspected corruption, including fraud and theft over R100 000, to the DPCI, Hawks. Failing to do so can lead to serious consequences, including fines or imprisonment. And in this case, it could have saved this employer from being the victim of his antics.”
He adds that gambling addiction often also plays a role in driving fraudulent activities. He references recent cases where CS Forensics found that the perpetrators committed extensive fraud while laundering funds into online gambling platforms and in one case sustaining a costly drug addiction, highlighting how personal pressures can escalate risk.
The real cost of fraud for businesses
According to PwC’s Global Economic Crime and Fraud Survey, more than half of organisations globally experienced fraud in the past two years, with combined losses exceeding $42 billion.
“The impact of fraud on businesses extends far beyond the immediate financial loss. Companies can face long-term profit erosion, reputational damage, legal exposure and significant operational disruption,” says Snyman. In many cases, fraud investigations divert management attention and resources away from growth initiatives and strategic priorities.
Prevention starts inside the organisation
For Snyman, preventing insider fraud requires a combination of strong systems, effective governance and employee awareness. Businesses should implement robust internal controls, including:
· Strict access management for financial systems
· Mandatory password changes
· Separation of duties in payment processes
· Regular auditing of high-risk transactions
· Keep fraud prevention measures on track
· To report any corruption, fraud and/or theft to the DPCI (Hawks)
Equally important is building a culture of awareness. “Employees are often an organisation’s first line of defense but can also represent a key point of vulnerability if controls are weak,” says Snyman. “A responsible and well-trained team member is not only a valuable human asset but also a powerful identifier of risk and deterrent to crime.” The lesson for businesses is clear: while external threats often take priority, the most significant risks can lie within their own systems, processes and teams.