What are you going to do about it?
It is commonly said there are two certainties in life – death and taxes. However, given the current business environment, all business and accounting professionals should consider one more: fraud.
Whether or not you suspect it, it’s safe to assume that at some point, either you or your clients will be victims of fraudulent schemes. Are you willing to deal with it? And if you are, what will you do about it?” Fortunately, there are several tools to help you both prevent and minimize the risks of fraud.
Earlier this year the Association of Certified Fraud Examiners (ACFE) released results of its 2016 study on fraud. The paper entitled, “Report to the Nations on Occupational Fraud and Abuse,” revealed some surprising discoveries about how businesses suffer from fraudulent activities – including the likelihood that it can happen to you. This article summarizes the study’s key findings, offers tools to identify potential exposure risks (”red flags”), and presents actions that a company’s management can take to reduce significantly the risk of fraud.
Categorization of Fraud
Before diving into the details of the study, let us begin by defining the different types of occupational fraud, which generally can be classified into three categories:(i) corruption, (ii) asset misappropriation, and (iii) financial statement fraud.
Each category then consists of different types of fraud schemes. The attached diagram, as disclosed in the ACFE’s study, presents a more detailed look at the types of fraud.
ACFE’s Key Findings
The ACFE’s study offered fresh insights on the cost and nature of the fraud, including the following key findings:
- A typical organization loses 5% of revenue, in a given year, as a result of fraud.
- The median loss suffered by small organizations (defined as those with fewer than 100 employees) was the same as that incurred by the largest organizations (those with more than 10,000 employees). However, this loss is likely to have a much greater impact on smaller organizations.
- Small organizations are most vulnerable. They had a significantly lower implementation rate of anti-fraud controls than large organizations. This gap in fraud prevention and detection coverage leaves small organizations extremely susceptible to fraud that can cause significant damage to their limited resources.
- Corruption (bribery and conflict of interest) was more prevalent in larger organizations, while Asset Misappropriation (check tampering, skimming, payroll, and cash larceny schemes) was twice as common in small companies.
- Companies that implemented anti-fraud controls experienced both quicker detection and lower fraud losses. However, in many cases, the most commonly implemented basic controls—external audits of the financial statements, code of conduct, and management certification of the financial statements— were insufficient to prevent the fraud from occurring.
- Most occupational fraudsters are first-time offenders. Only 5% of perpetrators in the study were convicted previously of a fraud-related offense, and only 8% had been fired by a past employer for fraud-related conduct.
- The more individuals involved in an occupational fraud scheme, the higher the losses tended to be.
- In over 40% of cases, the victim organizations decided not to refer their fraud cases to law enforcement. Fear of bad publicity was the most-cited reason. Of the cases in ACFE’s study, over 20% resulted in a civil suit, and 80% of such completed suits led to either a judgment for the victim or a settlement
One of the most chilling findings was that typically the person who committed the fraud was a trusted employee who never engaged previously in either fraud or a crime.
What are you going to do about it?
Most professionals agree it is virtually impossible to completely prevent corporate fraud. However, certain relatively simple procedures can reduce significantly the occurrence and impact of fraudulent activities.
- Step 1. Take Fraud Risk Seriously.
Organizations that seriously consider fraud risks, and take proactive steps to create the right kind of climate to reduce their occurrence, will be successful in preventing fraud. Management must view the implementation of anti-fraud mechanisms as a critical job function. Management should set the tone that dishonest or unethical behavior will not be tolerated, even if the result of the fraudulent action benefits the organization.
- Step 2. Identify and Understand Your Exposure Risk.
The ACFE identified certain common characteristics (“red flags”) that many occupational fraudsters exhibited. Organizations of different sizes and in different industries tend to have different fraud risks. Identifying potential fraud exposure areas is not an easy process. Because these exposure areas can be difficult to spot, it is more useful to ensure that proper anti-fraud measures are in place. Specific industries are more vulnerable to certain types of fraudulent schemes. A fraud specialist can use this knowledge to assist clients to focus their attention on preventing or uncovering types of fraud most commonly committed in their industry.
- Step 3. Get a Fraud-Prevention Check Up.
A fraud-prevention checkup will identify key areas that may be prone to fraud that are unique to each organization’s individual situation. It is important to note that a fraud-prevention checkup and a financial audit are not the same. A fraud-prevention checkup will uncover findings that most auditors do not consider to be part of a financial audit. A fraud risk assessment will identify fraud exposures and related events that require mitigation, and will outline measures to be performed.
- Step 4. Implement Anti-Fraud Controls.
A fraud risk assessment will identify controls unique to your organization’s situation. However, controls common to most organizations include: a vendor bidding process; completion of background and reference checks; dual signatures and levels of approval; segregation of duties; mandatory vacations; or use of computer-assisted audit techniques (CAATs).
- Step 5. Perform Regular Monitoring and Compliance Audits.
Regular monitoring and compliance audits can tell your organization if it is on track, or whether adjustments are required. It also can identify problem areas. Some of the steps above are easier than others. Some companies may be able to implement them using internal resources. However, third-party involvement is recommended. A third party can act as both a “sounding board” and an independent agent to ensure that certain procedures are not compromised. Fraud will continue to plague our businesses and markets. But you don’t have to be a victim. Taking several pro-active steps can minimize your risks. The Forensics and Litigation Team at Mazars is available to help.