Losses from occupational fraud topped $7 billion in 2017, according to the Association of Certified Fraud Examiners’ (ACFE) most recent global study on occupational fraud and abuse, 2018 Report to the Nations. The median loss for all cases in the study was $130,000 USD, yet a full 22 percent of companies lost $1 million or more. To add insult to injury, only 15 percent of businesses that experienced fraud were able to fully recover their losses.

The common theme in the report is that, while it’s often worthwhile to pursue remedial action against perpetrators, victims will usually not be made whole. Here are three factors negatively impacting these recuperation efforts.

1. Failure to Report

After a fraud has been discovered and investigated, a case might proceed to prosecution, civil litigation, both, or neither. In its annual study, ACFE researchers tracked the percent of cases that were referred to law enforcement or resulted in a civil suit being filed for each year dating back to 2008. They found that the rate of criminal referrals has been gradually decreasing over that time, from 69 percent in 2008 to 58 percent in 2018. In contrast, the rate at which civil suits are filed has stayed consistent, ranging from 22 percent to 24 percent within the same timeframe.

There are many reasons why victim organizations might decide not to refer cases to law enforcement and therefore forego any additional recuperation of the loss that may result. The top five cited reasons are:

1. Fear of bad publicity: 38%
2. Internal discipline sufficient: 33%
3. Too costly: 24%
4. Private settlement: 21%
5. Lack of evidence: 12%

2. The Greater the Loss, the Less Likely the Recovery

There is an inverse relationship between the amount that victim organizations lose to fraud versus what they are able to recover. So, even if the organization decides to pursue legal action, they are not likely to achieve full recovery. Here’s how the numbers panned out:

• Losses of $10,000 or less had a 30% chance of recovery
• Losses of $10,000 to $100,000 had a 16% chance of recovery
• Losses of $100,001 to $1,000,000 had a 14% chance of recovery
• Losses of $1,000,000 or more had an 8% chance of recovery

3. Desire to Avoid Fines

A third reason recovery efforts can be hampered is the knowledge that organizations may receive monetary fines from authorities for having inadequate controls in place and thus enabling fraud to occur.

Of the three types of occupational fraud – asset misappropriation, corruption, and financial statement fraud – the latter had the greatest likelihood of fines, at 17 percent. And, fines were imposed regardless of the size of the loss. For example, organizations that lost $10,000 or less were fined 14 percent of the time while those that lost $1,000,000 or more were fined 20% of the time.

At a median of $100,000 per fine, these penalties were no small matter.

An Ounce of Prevention

Given that recovery is an uphill battle, the takeaway is this: organizations should do what they can to prevent fraud from happening in the first place. Internal controls, codes of ethics, recognizing red flag behaviors, and the availability of reporting mechanisms are all tried-and-true methods for realizing that goal.

As part of the 2019 International Fraud Awareness Week, the Association of Certified Fraud Examiners (ACFE) distributes information and training to help anti-fraud professionals reduce the incidence of fraud and white-collar crime. A recent ACFE publication, 5 Fraud Tips Every Business Leader Should Act On, spells out five ways organizations can work to prevent and minimize fraud in the workplace. We’ve paired their recommendations with the research-based actions you can take to achieve these aims.

1. Be Proactive

A code of ethics for management and employees sets the tone that your organization is committed to conducting business honestly and fairly. Fortify your commitment with internal controls around areas of the business that are vulnerable to fraud.

In its 2018 Report to the Nations, the ACFE studied nearly 3,000 incidents of fraud across 125 nations. Here are the top 10 most common anti-fraud controls they found among the organizations in the study:

1. Code of conduct: 80%
2. External audit of financial statements: 80%
3. Internal audit department: 73%
4. Management certification of financial statements: 72%
5. External audit of internal controls over financial reporting: 67%
6. Management review: 66%
7. Hotline: 63%
8. Independent audit committee: 61%
9. Employee support programs: 54%
10. Anti-fraud policy: 54%

The study found that weaknesses in internal controls were responsible for nearly 50 percent of all fraud cases.

2. Establish Hiring Procedures

Background checks will continue to be one of the best practices any workplace can implement, yet surprisingly, a full 96 percent of fraud perpetrators had no prior fraud conviction, according to the AFCE’s 2018 report. Therefore, understanding the behavioral red flags displayed by fraud perpetrators can help organizations detect fraud and mitigate losses. The AFCE found that 85 percent of fraudsters displayed at least one of the six red flags listed below and 50 percent of them exhibited multiple red flags.

Six Red Flags of Fraud:

1. Living beyond means
2. Financial difficulties
3. An unusually close relationship with vendor/customer
4. Control issues, unwillingness to share duties
5. Divorce/family problems
6. “Wheeler-dealer” attitude

3. Train Employees in Fraud Prevention

Looking for signs of fraud isn’t top of mind for most employees, but having a code of ethics and internal controls create a strong workplace culture that’s attuned to the possibility of fraudulent activity. Employers can take this awareness a step further by educating employees on how to recognize fraud in their day-to-day lives.

Here are the top eight concealment strategies used by fraudsters:

1. Created fraudulent documents: 55%
2. Altered physical documents: 48%
3. Created fraudulent transactions in the accounting system: 42%
4. Altered transactions in the accounting system: 34%
5. Altered electronic documents or files: 31%
6. Destroyed physical documents: 30%
7. Created fraudulent electronic documents or files: 29%
8. Created fraudulent journal entries: 27%

4. Implement a Fraud Hotline

Now that employees know some of the signs to look for, employers should also provide a clear means for reporting suspected fraud. The top three ways that fraud is detected are through tips (40%), internal audits (15%), and management review (13%).

Employees are responsible for reporting 53 percent of occupational fraud cases with the remaining coming from outside parties, such as customers, vendors, or shareholders.

Having a fraud hotline has proved to be instrumental in detecting fraud. In fact, 46 percent of cases detected by tips in the AFCE’s study had hotlines versus 30 percent coming from tips where no hotline existed.

5. Increase the Perception of Detection

Keeping the risk of fraud both top of mind and at the forefront of your organizational policies and practices is key to preventing, recognizing, and mitigating its impacts. In addition to having employees sign a code of conduct, make sure you’re regularly communicating to staff about anti-fraud policies. Remind them of the methods available to report suspicions of misconduct and the potential consequences (including termination and prosecution) of fraudulent behavior.

Though 42 percent of the organizations in the 2018 Report to the Nation offered hotlines to report fraud tips, other mechanisms are also readily available. They include:

• Email: 26%
• Webform/online: 23%
• Mailed letter: 16%
• Other: 9%
• Fax: 1%

To learn more about helping your organization combat fraud, stay tuned here for the rest of our our 2019 Fraud Week Series. If you need help formulating your fraud prevention program, request a meeting with a risk management expert at Lowers & Associates.

This week is the 2019 International Fraud Awareness Week, an initiative of the Association of Certified Fraud Examiners (ACFE) to encourage business leaders and employees to prevent and minimize the impact of fraud in the workplace.

Occupational fraud, that is fraud committed by employees against employers, resulted in $7 billion in losses in 2017, according to the ACFE’s 2018 Report to the Nations. In studying nearly 3,000 incidents of fraud across 125 nations, they found cases ranging from computer theft to check tampering to corruption. Individual losses varied, with 55% of losses being $200,000 or less and 22% of cases being $1 million or more.

Through educational videos, workplace training, and awareness efforts, Fraud Awareness Week aims to arm workplaces with technologies and resources to prevent, identify, and effectively address these types of fraudulent activities.

A Snapshot of Occupational Fraud

Types of Fraud: Fraudulent activities fall into one of three categories: asset misappropriation; corruption; and financial statement fraud. Representing 89 percent of cases, asset misappropriation (e.g., altering checks or payments, misusing organizational resources) are the most common, with a median per-loss cost of $114,000, according to the report. Financial statement fraud, however, while more infrequent, led to much greater median losses at $800,000 per event.

Fraudster Profiles: Surprisingly, a full 96 percent of fraud perpetrators had no prior fraud conviction, according to the AFCE’s 2018 report. This underscores the fact that organizations need to have effective fraud detection methods in place to continuously protect the organization. This is particularly relevant considering fraudsters who were employed for more than five years stole twice as much, $200,000 vs $100,000 for newer employees.

Underlying Causes: Internal security measures are valuable lines of fraud defense for companies, yet nearly half of companies in the study cited “insufficient fraud controls” (30%) or “weak systems” (19%) as the underlying reason that fraud was made possible.

Impact: No organization is immune to occupational fraud. In fact, small businesses, defined as those with less than 100 employees, experienced a median loss of $200,000, compared to their larger counterparts of 100 or more employees, who experienced a median loss of just $114,000. It makes sense when you consider that small businesses have fewer resources to invest in internal controls and generally put more trust in their employees due to their inability to implement robust anti-fraud strategies.

Reporting Sources: Early detection is key to limiting losses associated with occupational fraud, and the ACFE study found that 40% of fraud detection came from tips. Of those tips, 53% were received internally and 32% from outside sources. Reporting hotlines go hand-in-hand with tips as an effective way to detect fraud. Of the companies analyzed in ACFE’s 2018 report, those with an accessible hotline detected fraud cases 46% of the time compared to a 30% success rate for companies without hotlines. The second highest fraud detection source at 15% was through an internal audit.

Using Technology to Detect Fraud

The key to catching fraudulent actions before real damage is done is having systems in place to ferret out anomalies and report suspicious activities early. This means being equipped with tools like automatic monitoring, artificial intelligence, and anomaly detection protocols. For instance, surprise audits and data monitoring are a powerful combination in reducing fraud loss. Though only 37% of the companies examined in the ACFE  study used them, those that did got fraud cases under control in approximately half the time and reduced fraud losses by more than 50%.

In its latest infographic, How is Technology Being Used to Detect Fraud, the ACFE highlights some of the technologies that organizations are using to proactively identify suspicious activities. Here is a sampling:

• 26% of organizations currently use biometrics as part of their anti-fraud programs, and another 16% expect to deploy biometrics over the next two years.
• Purchasing is the risk area where organizations most commonly use data analytics (41%) to monitor for potential fraud.
• Nearly two-thirds of organizations currently use exception reporting or anomaly detection techniques in their fraud-related initiatives.

View the ACFE Infographic at fraudweek.com

To learn more ways to help your organization combat fraud, continue to look for our Fraud Week content and visit the ACFE Resources page.

It would be really good to know who in your organization is most at risk of perpetrating a fraud. You could then take steps—counseling, reviewing controls, rotating jobs—to protect against that risk.

Theoretically, the Fraud Triangle does a good job of stipulating who might be a fraud risk. It says people are more likely to commit an occupational fraud when they have motivation, opportunity, and a rationale to excuse their crime. The rationale is an individual factor which organizations cannot address in advance, but there can be indicators based on motivation and opportunity.

The 2018 Report to the Nations on Occupational Fraud and Abuse contains some concrete information that is consistent with this theory. In research for the Report, the Association of Certified Fraud Examiners (ACFE) identified 17 behavioral “red flag” traits that might be associated with a perpetrator of fraud. These are primarily indicators of motivation or pressure that may cause a potential fraudster to flip into active fraud.

85% of the fraudsters in the 2,690 cases ACFE reviewed had at least one of the red flags, and 50% had more than one. They are at least somewhat predictive.

The most common red flags have to do with financial difficulties (motivation, pressure). Since 2008 when the first edition of the Report was published, the six top red flags, in order, have consistently included:

• Living beyond one’s means
• Financial difficulties
• Unusually close association with a vendor or customer
• Control issues, unwilling to share duties
• Divorce/family issues
• “Wheeler-dealer” attitude

Much is written about these common behavioral red flags of fraud, but there are other red flags organizations should be aware of when it comes to predicting and preventing fraud. So-called human resources-related red flags and non-fraud-related misconduct can offer valuable insight to those responsible for anti-fraud programs.

Human Resources-Related Red Flags

According to the ACFE’s 2018 report, 39% of fraudsters had experienced some form of HR-related red flags prior to or during the time of their frauds. The most common of these red flags were negative performance evaluations, and fear of job loss.

Non-Fraud-Related Misconduct by Perpetrators

According to the ACFE report, 45% of fraud offenders had committed some form of non-fraud workplace violation, which could potentially indicate a link between occupational fraud and other forms of workplace misconduct. The most common non-fraud violation was bullying or intimidation, which was observed in 21% of all cases.

To anticipate occupational fraud, the organization has to be well acquainted with its members at all levels of authority. Regular or routine evaluations (background checks, interviews, work reviews) would help to identify individuals at risk, and help them avoid failure. A fraud prevented saves the organization from damage to people, brands, and profits.

The Association of Certified Fraud Examiners 2018 Report to the Nations on Occupational Fraud and Abuse offers a treasure trove of data you can use to assess how your organization’s fraud profile stacks up against other organizations in terms of industry, size, and location.

The Report is based on case data reported from Certified Fraud Examiners (CFEs) from all over the world. It lends itself to benchmarking your organization because it allows you to compare your own experiences against the medians reported from broadly similar organizations. Perhaps most important, you can learn about how other organizations responded to fraud.

Your risk of fraud.

Industry sector makes a big difference in the incidence and cost of fraud. Private, for-profit companies have the highest incidence and the highest median loss, where not for profits have much smaller losses and fewer frauds overall. In between are publicly traded companies and government agencies. An interesting comparison is between private vs. public for-profit businesses, with the private ones suffering higher losses. In general, private businesses face less scrutiny than public ones.

One counter-intuitive finding is that defrauded small organizations (less than 100 employees) suffered losses almost twice as high as large organizations (100 or more employees) in absolute terms. It’s not likely that the difference is attributable to the amount of money available—larger organizations offer fatter targets.

Among all types of fraud risk, corruption is one of only two types of fraud that is significantly more likely in large organizations (the other being non-cash fraud), perhaps because size offers more opportunities for small organized cliques to penetrate weak points, or due to a larger network of connections. Corruption is prevalent in almost every industry type, with the lone exception of professional services.

Your fraud prevention measures.

The presence of anti-fraud controls, such as surprise audits, proactive data monitoring/analysis, codes of conduct, etc. is shown by the ACFE Report to reduce the medial losses associated with fraud. It is perhaps predictable that small organizations in the study were far less likely to have a full range of anti-fraud controls in place. They tend to have only the basics, such as internal audits, management review, and external reviews of financial statements. Right on cue, 42% of frauds in small organizations were caused by lack of internal controls, compared with only 25% for larger organizations which tend to have a far more complete and robust set of controls in place.

One important anti-fraud control is the presence of a tip line. This was present in a little over 20% of small organizations, but fully 80% of large ones. The reason the disparity is important is that tips are the most common way a fraud is detected.

Fraud is a threat to all types and sizes of organizations, but two tendencies in the data stand out.

• First, large organizations deploy more controls, and ACFE finds that every type of control tends to depress fraud.
• Second, large organizations are more likely to experience fraud by corruption, which is an intentional organized attack at the weak points in an organizations’ links between units, internal or external.

The good news is that controls do work. Small organizations that may not have enough control due to cost or scale need to find ways to implement variations of these controls. The potential payoff from fraud averted or detected quickly is too large to not implement the controls.

What can the lessons and benchmarks embedded in the ACFE’s Report to the Nations on Occupational Fraud and Abuse teach you about your own organization’s risks? How can you become better protected?