Want to find out how FRAUD is most likely discovered? Can you rely on external audits to find it? Do you know the tell-tale signs? Should you typically expect your newly-hired employee or your long-time employee to commit fraud?
The Association of Certified Fraud Examiner’s (ACFE) 2012 Report to the Nations on Occupational Fraud and Abuse is based on data compiled from a study of 1,388 cases of occupational fraud that occurred worldwide between January 2010 and December 2011. All information was provided by the Certified Fraud Examiners (CFEs) who investigated those cases. The fraud cases in our study came from 94 nations — providing a truly global view into the plague of occupational fraud.
Listed below are highlights from that report. The report, in its entirety at the links below, represent a comprehensive look at fraud, how it is committed, who is most likely to commit it and how best to prevent it in your workplace.
Conclusions and Recommendations
• Occupational fraud is more likely to be detected by a tip than by any other method.
The majority of tips reporting fraud come from employees of the victim organization.
Providing individuals a means to report suspicious activity is a critical part of an anti-fraud program. Fraud reporting mechanisms, such as hotlines, should be set up to receive tips from both internal and external sources and should allow anonymity and confidentiality. Management should actively encourage employees to report suspicious activity, as well as enact and emphasize an anti-retaliation policy.
• External audits should not be relied upon as an organization’s primary detection method.
Such audits were the most commonly implemented control in our study; however, they detected only 3% of the frauds reported to us, and they ranked poorly in limiting fraud losses. While external audits serve an important purpose and can have a strong preventive effect on potential fraud, their usefulness as a means of uncovering fraud is limited.
• Targeted awareness training for employees and managers is a critical component of a well-rounded program for prevention and detection.
Not only are employee tips the most common way occupational fraud is detected, but our research shows organizations that have anti-fraud training programs for employees, managers and executives experience lower losses and shorter frauds than organizations without such programs in place. At a minimum, staff members should be educated regarding what actions constitute fraud, how fraud harms everyone in the organization and how to report questionable activity.
• Our research continues to show that small businesses are particularly vulnerable to fraud.
These organizations typically have fewer resources than their larger counterparts, which often translates to fewer and less-effective anti-fraud controls. In addition, because they have fewer resources, the losses experienced by small businesses tend to have a greater impact than they would in larger organizations. Managers and owners of small businesses should focus their anti-fraud efforts on the most cost-effective control mechanisms, such as hotlines, employee education and setting a proper ethical tone within the organization. Additionally, assessing the specific fraud schemes that pose the greatest threat to the business can help identify those areas that merit additional investment in targeted anti-fraud controls.
• Most fraudsters exhibit behavioral traits that can serve as warning signs of their actions.
These red flags — such as living beyond one’s means or exhibiting excessive control issues — generally will not be identified by traditional internal controls. Managers, employees and auditors should be educated on these common behavioral patterns and encouraged to consider them — particularly when noted in tandem with other anomalies — to help identify patterns that might indicate fraudulent activity.
Summary of Findings
• Survey participants estimated that the typical organization loses 5% of its revenues to fraud each year.
Applied to the 2011 Gross World Product, this figure translates to a potential projected annual fraud loss of more than $3.5 trillion.
• The median loss caused by the occupational fraud cases in our study was $140,000. More than one-fifth of these cases caused losses of at least $1 million.
• The frauds reported to us lasted a median of 18 months before being detected.
• Industries most commonly victimized in our current study were the banking and financial services, government and public administration, and manufacturing sectors.
• The presence of anti-fraud controls is notably correlated with significant decreases in the cost and duration of occupational fraud schemes.
Victim organizations that had implemented any of 16 common anti-fraud controls experienced considerably lower losses and time-to-detection than organizations lacking these controls.
• The longer a perpetrator has worked for an organization, the higher fraud losses tend to be.
Perpetrators with more than ten years of experience at the victim organization caused a median loss of $229,000. By comparison, the median loss caused by perpetrators who committed fraud in their first year on the job was only $25,000.
• Most occupational fraudsters are first-time offenders with clean employment histories. Approximately 87% of occupational fraudsters had never been charged or convicted of a fraud-related offense, and 84% had never been punished or terminated by an employer for fraud-related conduct.
Fraud Prevention Checklist
The most cost-effective way to limit fraud losses is to prevent fraud from occurring. This checklist is designed to help organizations test the effectiveness of their fraud prevention measures.
1. Is ongoing anti-fraud training provided to all employees of the organization?
- Do employees understand what constitutes fraud?
- Have the costs of fraud to the company and everyone in it — including lost profits, adverse publicity, job loss and decreased morale and productivity — been made clear to employees?
- Do employees know where to seek advice when faced with uncertain ethical decisions, and do they believe that they can speak freely?
- Has a policy of zero-tolerance for fraud been communicated to employees through words and actions?
2. Is an effective fraud reporting mechanism in place?
- Have employees been taught how to communicate concerns about known or potential wrongdoing?
- Is there an anonymous reporting channel available to employees, such as a third-party hotline?
- Do employees trust that they can report suspicious activity anonymously and/or confidentially and without fear of reprisal?
- Has it been made clear to employees that reports of suspicious activity will be promptly and thoroughly evaluated?
- Do reporting policies and mechanisms extend to vendors, customers and other outside parties?
3. To increase employees’ perception of detection, are the following proactive measures taken and publicized to employees?
- Is possible fraudulent conduct aggressively sought out, rather than dealt with passively?
- Does the organization send the message that it actively seeks out fraudulent conduct through fraud assessment questioning by auditors?
- Are surprise fraud audits performed in addition to regularly scheduled audits?
- Is continuous auditing software used to detect fraud and, if so, has the use of such software been made known throughout the organization?
4. Is the management climate/tone at the top one of honesty and integrity?
- Are employees surveyed to determine the extent to which they believe management acts with honesty and integrity?
- Are performance goals realistic?
- Have fraud prevention goals been incorporated into the performance measures against which managers are evaluated and which are used to determine performance-related compensation?
- Has the organization established, implemented and tested a process for oversight of fraud risks by the board of directors or others charged with governance (e.g., the audit committee)?
5. Are fraud risk assessments performed to proactively identify and mitigate the company’s vulnerabilities to internal and external fraud?
6. Are strong anti-fraud controls in place and operating effectively, including the following?
- Proper separation of duties
- Use of authorizations
- Physical safeguards
- Job rotations
- Mandatory vacations
7. Does the internal audit department, if one exists, have adequate resources and authority to operate effectively and without undue influence from senior management?
8. Does the hiring policy include the following (where permitted by law)?
- Past employment verification
- Criminal and civil background checks
- Credit checks
- Drug screening
- Education verification
- References check
9. Are employee support programs in place to assist employees struggling with addictions, mental/emotional health, family or financial problems?
10. Is an open-door policy in place that allows employees to speak freely about pressures, providing management the opportunity to alleviate such pressures before they become acute?
11. Are anonymous surveys conducted to assess employee morale?