The Association of Certified Fraud Examiners (ACFE) recently released the 2014 Report to the Nations on Occupational Fraud and Abuse, and I noticed one overarching theme as I read through it: fraud has been and continues to be a costly problem for businesses of all sizes and across all industries. Managers and business owners tend to fall into the mindset that their employees would never attempt such a thing, which is not necessarily an inappropriate thought process (you should be able to trust your employees, after all), but managers and business owners should also heed the advice of a well-known maxim: trust but verify.
The ACFE defines occupational fraud, or employee fraud, as “the use of one’s occupation for personal enrichment through the deliberate misuse or misapplication of the employing organization’s resources or assets.” The 2014 Report to the Nations indicates that the median loss to businesses due to fraud increased slightly from $140,000 in 2012 to $145,000 in 2014. More than 20% of the cases involved in both studies had losses over $1,000,000. Of the three main categories of employee fraud (asset misappropriation, financial statement fraud, and corruption), asset misappropriation is the most frequently occurring type of fraud but has the lowest median losses. Financial statement fraud occurs the least often but has the highest level of median losses. There is also correlation between the length of a fraud scheme and the median amount of losses. According to the 2014 study, frauds that lasted less than 7 months had median losses of around $50,000, while frauds that lasted more than 5 years had median losses closer to $1,000,000. This illustrates that early detection of fraud should be of utmost importance to business owners and managers.
Fraud can be detected in many ways. At an Anders’ speaker series at which I co-presented last year, most of the attendees thought external audits were the most common means of fraud detection, but this is not true. While external audits can uncover a fraud scheme, tips are actually the most common way frauds are detected with most of these tips coming from other employees in the organization. Other common forms of detection include management review, internal audit (more common in large organizations), and detection by accident. We have worked on two fraud investigations this year where the scheme was uncovered by different forms of management review.
One form of detection not specifically covered in the 2014 report is the use of forensic data analytics, which is the analysis of large volumes of a company’s electronic financial data to detect fraud. According to Ernst & Young’s 2014 Global Forensic Data Analytics Survey, 72% of the Survey’s participants believe forensic data analytics can play a role in fraud detection and prevention, but only 2% of the participants actually incorporate forensic data analytics into their companies’ anti-fraud programs. This type of analysis allows business owners and managers to see patterns, trends, and/or relationships in the company’s financial data that may allow them to more quickly identify suspect transactions. The 2014 ACFE report notes frauds reported by victim organizations that did employ some type of data monitoring and analysis as a detection tool were 60% less costly and 50% shorter in duration than victim organizations that did not utilize such techniques to detect fraud. Strong detection tools, such as forensic data analytics, also play a significant role in fraud prevention as the perceived threat of getting caught may deter an employee from attempting any of malfeasance.
Preventing fraud from occurring in the first place is just as important as quickly detecting fraud that is already occurring. Of the three elements commonly present to an employee when fraud occurs (pressure, opportunity, and rationalization), opportunity is the only element where the company has any control. Fraud prevention techniques aim to limit those opportunities within a system that allow fraud to occur. Creating an honest and ethical workplace while setting an appropriate zero-tolerance policy for fraud is paramount to preventing fraud. Some of those more common ways of achieving this are making employees aware of the background checks conducted when they are hired (leading the company to hire more trustworthy employees in the first place), having all employees read and sign a code of conduct outlining the company’s policy, continuous anti-fraud training for all employees, and actually following through with the policy when fraud is detected. Management is also charged with creating and maintaining a system of internal controls aimed at preventing fraud, which could include such controls as proper segregation of duties and mandatory vacations for all employees.
Occupational fraud is and will always be a problem for businesses of all sizes and across all industries. There are measures a company can take to limit its risk of and exposure to fraud, with some of those measures becoming more high-tech and able to provide more precise information than previously available to management. Business owners and managers should be able to trust their employees with company assets, but with occupational fraud as prevalent as it is, it is also the duty of business owners and management to do what is necessary to verify that fraud is or is not occurring in their business.