BarnOwl Info Sharing Insight: Forensic Management in the Umbrella Trust/Beneficiary Fund Environment with William Lourens

October 9, 2022

BarnOwl Info Sharing session: 29 September 2022

Forensic Management in the Umbrella Trust/Beneficiary Fund Environment

Presented by: William Lourens



Thank you very much William for your most informative presentation at our info-sharing event held on 29 September 2022. Thank you to all those who attended the session.

William’s info sharing session provided a practical walk through of:

  • Fraud prevention, both internal and external,
  • Addressing need, opportunity, and justification,
  • The utilization of polygraphing,
  • Fraud detection and management – is fraud just a cost to company?

The following write up is an overview of William’s slides and a few snippets from each slide. There is a wealth of information in William’s presentation and the recording is well worth listening to in order to gain a deeper understanding of each of the points on the slides as well as insightful examples.

Workforce management

In any business especially a business which deals with beneficiary funds, the staff onboarding process needs to be rigorous. You’re only as strong as your workforce. You can develop whatever you want to develop, but you’re never going to get it properly implemented and executed if you do not have the right individuals on board. And when you want to safeguard your company, you need to focus on your workforce management. If you want to develop any kind of fraud prevention environment, it’s got to start with your actual people.

Companies often ‘pass on their problem’ by rather opting to offer the individual an opportunity to resign rather than investigate an individual. And that obviously creates an environment where you’re passing that problem onto the next employer without the necessary warnings in place. Prospective employees also move around in groups from one company to another in order to infiltrate a company and setup networks for collusion.

“We use Polygraphing quite extensively in our environment as well, and you’d be amazed at how many people turn around at the door when they realise they need to be polygraphed”.

Workforce management is key to prevention and if you don’t have the right people on board, you’re not going to be very successful.


Fraud Prevention:

Internally, we use the basic fraud triangle: Need, Opportunity and Justification which we apply to all of our internal staff. Our staff complement is much more diverse so when considering Need, Opportunity and Justification one needs to look at it more in terms of ethics and correct behaviour and having individuals buying into your company rather than rely on the same belief system.

Regarding external parties, we look at correct person, correct amounts and correct account.

These 6 basic concepts (3 x internal and 3 x external) result in a very good framework that you can actually apply.

Fraud Prevention: Internal


The following are main causes of ‘Need’ and mitigation strategies:

  • Financial (tough economic environment)
    • Market related salaries
    • EAP (Employee Assistance Programmes)
  • Collusion – Internal
    • Polygraphing
    • Segregation of duties
    • Randomisation of task allocation
    • Automation of procedures
    • Enforced long leave
    • Staff checks

An important aspect to monitor is collusion: “The way in which we root collusion out or prevent collusion from ever taking root within the company, is that we polygraph all of our staff on a regular basis.”


  • Collusion – External
    • Money lending
      • EAP (Employee Assistance Programmes)
      • Financial assistance schemes
      • Annual declarations
    • Saving schemes
    • Vendors
    • Drugs
    • Alcohol/Tobacco
    • Community

Money lending: “We’ve had staff that are approached by money lenders and within a question of two to three months the amount that they need to recover becomes quite excessive and not manageable and it makes our staff very, very vulnerable. This places the staff member in a situation where they can be approached to give information around databases and controls and procedures etc. within the company. So this is something that we do look at and obviously our employee assistance programmes come in quite handy there. We also have a number of financial assistance schemes that we have for our staff so that they do not need to approach these external parties. And we also have annual declarations where each staff declares whether they are involved in any of these money lending schemes so that we can manage that environment.”

Community: “An individual was approached at his soccer practise by a number of Individuals that are also from the community and was asked where he works, what kind of information does he have access to etc, etc. The individual declined to give them any information but didn’t come forward to report the incident to me. And I obviously picked it up at his next polygraph. We have a complete zero tolerance to any form of criminal activities or criminal involvement and there’s a huge onus on the individual to actually report these incidents to you so that you can prevent any damage. Should they not report these incidents I’ll be responsible for the exposure to the company. This individual was put through a disciplinary process and we managed to retain him, but he suffered emotionally as a result of that. People always speak about a zero tolerance to crime, but it’s tougher to actually implement, however it is necessary.”


The following are main areas of ‘Opportunity’ and things to check:

  • Identity Theft
  • Onboarding
    • Unregistered children
    • Family relationships
  • Ad-hoc payment
    • Annual Allowances/ Individual Requirements
    • Guardian/Caregiver/Child-headed household
  • Terminations
    • Separation anxiety

Onboarding: “We’ve also had environments where neighbours have presented their children as the actual children of the deceased.”

Ad hoc payments:  “You have to find a balance between protecting the child (beneficiary) versus making it too difficult for the individual (guardian/caregiver) and encouraging them to then become creative in terms of the type of requests they put forward.”

One of the big aspects is termination. “The trust is held until the child (beneficiary) becomes a major. And then the funds will be paid out to the beneficiary and it’s normally at this stage where you have that separation anxiety of the guardians. And the caregivers have been receiving incomes, etc. for quite some time. So we need to watch in terms of how the transition takes place. We’ve even had situations where I was recently flown to Port Elizabeth to deal with a case where the beneficiary disappeared shortly before the age of majority. We suspected foul play in terms of individuals trying to hold onto the funds. So, you need to start dealing with the beneficiary at an early age. The more contact you have, the better.”



The following are main mitigation strategies in terms of ‘Justification’:

  • Embed Ethics in your corporate DNA
  • Live your corporate culture
  • Contribution to society
  • Make it personal
  • Insurance covers it so no harm done


Ethics: “For us the focus is firstly embedding ethics into your corporate DNA. It’s going to become part of the way in which you function. It’s a non-negotiable, it’s built into everything. It’s not necessarily a tangible thing that I can tell you. This is what ethics is. So it’s going to be really inbuilt and embedded into your DNA and it’s going to come from top down.”


Insurance: “A lot of people tend to justify fraud by saying you have insurance cover so there’s no harm done but this could not be further from the truth. You don’t have cover for smaller amounts, you normally only have cover from about a million up. So all of the lesser amounts are going to either hit the beneficiary or it’s going to hit the company. Either way it’s going to affect the staff as well. So if you make it personal, you’re going to have your staff buy into what you’re doing and understand the implications of fraud throughout the company and who gets hurt and what the actual effect of fraud within the company is.”


Fraud Prevention: External

Correct Individual

  • ID
    • Clear copy
    • Latest issue
    • ID checklist
    • System checks
    • External verification
  • Identifiers
    • Signature
    • Geographic comparatives
    • Contact details
  • Security Check
    • System Data
    • Randomisation
    • False questions

Correct Amount

  • Within annual allowances
  • Reasonable
  • Legitimate
    • Non-fee paying schools
    • Fraudulent invoices

Correct Account

  • 3rd party confirmation
  • Payee identified
  • Bank verification
  • Account access

Polygraph Utilisation

“In terms of Polygraphing, we use Polygraphing extensively through the company. We literally do hundreds and hundreds of polygraphs. Onboarding requires every individual that applies to come and work for us to undergo a polygraph and the polygraph will be associated with a review questionnaire that is first completed. We also do use it for all promotions. If you’re going to have a promotion or you apply for a promotion within our company, you will have a polygraph performed on you as well.”

“We use it extensively for forensics. We look at the correct clients, correct claimants.”

“We use it largely as a risk management tool within the company.”

‘It’s a very handy tool to use, very effective tool to use, but you obviously do need to apply it with caution throughout the company and you need to make sure that you deal with your staff in the correct manner. It has also been included in our employment contracts so that it is a legal requirement.”

If you’re doing it for a forensic environment, make sure you get the tougher end of the providers. You always need to make sure that you’re treating individuals with respect and with dignity throughout the process as well.”


Fraud Detection


If people do not trust your whistle blowing process: “I’m not going to make use of it. I’ve reported to a number of companies making use of their whistle blowing facilities and I’ve never been contacted back and that which I’ve reported to them was quite serious information.”

“We do extensive transactional testing. A lot of issues come out through procedures. We build our control frameworks into the actual procedures that we train our staff with.”


Fraud Management


“Once you have a claimant, make sure that there is an actual loss suffered. Sometimes you might find that the individual is putting forward that I never received any value from that, but if you do start analysing it, you might find that the payments went to the Guardian who did. So you always need to have a look to make sure there was a definite loss suffered and who suffered that specific loss. We then get into a preliminary investigation if we have a claimant and a loss was suffered.”

“If you’re going to have a zero tolerance, you need to be able to say that we are committed to pushing through and actually going through the full investigation, case registration as well as prosecution. Prosecution is never going to be quick and never going to be easy.”

Cost to Company


“Ensuring correct staff, ensuring that our processes and our procedures are updated reaps rewards in the ratio of prevented versus perpetrated fraud. Your actual exposure and your loss exposure starts to decrease considerably. Most of the effort needs to go into fraud prevention rather than recovery.”


A few Q&As

Q1: How do you deal with the resistance to polygraphing of staff, contractors and members of the public?

Whenever you start the conversation around polygraphing, people are going to be incredibly resistant to it. So therefore you need to explain the purpose of the polygraph and also weigh up the alternatives to that so I can either take an individual and I can do a complete Investigation on them. We can do lifestyle audits, you can do all of that, which is incredibly invasive and it will take a huge amount of time. Or we can sit down and do an hour long polygraph and we know that you’re above board. So it’s a win-win for both sides there. It’s an easier way of getting the red flag up and that’s where you need to have the discussions with your staff and you need to have them buy into what is the principle of it is.”

Q2: To what extent are polygraph results accepted in the CCMA or court cases?

You cannot put it forward as stand-alone evidence – it’s supportive evidence. And the way in which you normally use it is as a red flag. So in the risk management environment we use polygraphing to put up the red flag and say here’s an issue as an indicator. Then you need to perform the harder work with investigating why that flag is going up.”


In summary

“If you want to have a zero tolerance to crime there’s a lot of work that needs to be done. You need to have hard conversations and you need to make sure that you’re willing to follow through. I’ve often had a conversation with forensic departments and when you phone them the first thing they tell you is that they have a zero tolerance to crime and as you start to discuss the case they’re looking at ways of justifying the claimants or the perpetrators actions, which is kind of counterintuitive and defeats the object. So if you’re going to have a zero tolerance then that is what you need to apply to your company.”

Presentation and video links

Please see attached presentation here, and the info sharing recording here


Related links

Arbutus BarnOwl integration part #1 and Arbutus BarnOwl integration part #2


Contact us

Cheryl Keller | BarnOwl:

William Lourens |


Thank you

Once again, thank you William for your time and for your informative presentation and thank you to all those who attended our info sharing session. We look forward to seeing you at our next info sharing session. Please keep a look out for our upcoming events at:

Kind regards

Jonathan Crisp

Director – BarnOwl GRC and Audit software


About BarnOwl:

BarnOwl is a fully integrated governance, risk management, compliance and audit software solution used by close to 200 organisations in Africa, Australasia and the UK. BarnOwl is a locally developed software solution and is the preferred risk management solution for the South African public sector supporting the National Treasury risk framework.
Please see for more information.

About William Lourens


Born and bred Capetonian with saltwater pumping through my veins. Love freediving, scuba and hunting but live to sail. Recently acquired my yacht master’s certification. Spent 17 years in the military – 3 years in operational units followed by a blissful period of full-time studies at Stellenbosch and later UNISA as well as UWC. I joined the Inspector General of the SANDF in 1996 and gained invaluable auditing experience (both local and international, was also involved in a number of arms acquisition audits), becoming the Internal Audit Manager for the western Cape Area before moving to the private sector in 2007. Currently I am the head of Internal Audit, Enterprise Risk Management, Business Continuity Management and Forensics at Fairheads Benefit Services. I have designed and implemented the frameworks for these departments and thoroughly enjoy making a meaningful contribution to the company and community we serve.