Are You Doing Enough To Protect Against Financial Fraud?
Yet more evidence of the prevalence of financial fraud against organizations has emerged from a recent poll by Kyriba. The poll found that almost 80% of organizations had been victims of fraud. The very high proportion of victims is startling in itself, but it is consistent with information we have presented in previous posts that organizational fraud is a global problem, costing 5% of top line revenue annually.
Almost 30% of the respondents to the Kyriba poll reported suffering financial losses, but we think this is a conservative number in this context. Organizational fraud is a hidden crime that sometimes is difficult to detect, even long after the fact. When organizations do detect fraud, they may have incentives to minimize publicity about the crime, so underreporting is probable.
The poll includes some indications that the fraud was even more costly than reported. 5.6% of respondents reported that they had been targets of fraud but did not know if they had suffered losses, while almost 14% did not even know if they had been targets or not. In fact, a little less than 8% reported that they knew they had not been victims, and it’s a good bet that a few of these simply hadn’t found out yet.
Fraud Occurs, But Fraud Prevention Lags
Taken together, this information is a clarion call to executives and managers to implement rigorous anti-fraud controls. Yet the poll found that over one-third of respondents had not reviewed or updated their fraud prevention controls in over a year. In fact, 18% believed that their organization had never installed or updated a fraud prevention program.
Sometimes it seems like it should be easier for victims, many of whom are sophisticated individuals or organizations, to detect financial fraud. But the Bernie Madoff case has shown us how easily investors can be fooled by timing deposits, moving cash from one account to another, delaying responses to questions, or simply not providing requested information at all. All of these kinds of subterfuges should be detected by a fraud prevention program, but obviously the program has to exist in the first place.
A new range of threats has evolved in the rapid growth of extensively networked digital systems. We have seen the massive losses that external theft can cause, as in the Target case, but loss potential is also large for internal theft and fraud. The challenges in these cyberthefts involve both organization (comprehensive access control, for example) and continuous reviews of performance through audits of digital transactions.
Active Prevention Processes are Essential
We have long argued that systematic financial fraud prevention controls should be an integral part of every organization’s risk management program. We cannot know with certainty, in advance, when unseen flaws in controls will be found, or flaws in software will come to light.
An organization’s best defense against these possibilities is regular, rigorous audits and internal controls designed to detect irregularities in financial flows quickly.
