Who’s Putting Your Organization at Risk of Fraud?

By Lowers & Associates,

who's the fraudster?

Many times, occupational fraud is committed by an employee or third-party partner who is experienced and trusted. Which of your employees—or leaders—is likely to flip over to the dark side? And why?

The 2018 Report to the Nations on Occupational Fraud and Abuse provides valuable information on these questions. This tenth edition of the Report, published by the Association of Certified Fraud Examiners (ACFE), is based on data from almost 2,700 cases of occupational fraud submitted by Certified Fraud Examiners (CFEs) worldwide. While not a random sample, the selected cases aggregate a huge amount of descriptive information that managers can use to evaluate their own organizations.

Here are a couple of key takeaways about the question of “Who?” in the fraud equation:

  • Anyone and everyone is a potential fraudster, but organizations must be aware that those in long-tenured, high authority positions can present a greater risk. Fraud prevention programs have to recognize this fact and plan extensive monitoring and controls to mitigate the risk.
  • Identifying a potential fraudster can be difficult. Background checks can help, but some previous fraudsters may not have bad information in the public record. The fraud triangle of “red flag” factors on issues of motivation and opportunity may help to identify risks.

Longer-tenured, higher-authority = greater risk.

One hard lesson from the Report—which is consistent over all 10 editions—is that owners and executives are a big risk in terms of fraud. They commit only one-fifth of the total frauds, but the median loss when they do go off the rails is $850,000, more than 5 times greater than managers ($150,000 median loss) and 17 times greater than regular employees ($50,000 median loss). One reason people with greater authority cause more damaging frauds is that they are able to evade detection longer: owner/executives hide for 24 months; ordinary employees only 12.

Owners and executives have the most access to the organization’s assets, and also have authority over some of the controls and processes established to deter fraud. They are also more likely to collude with others, and their frauds are more likely to be discovered by an external auditor or law enforcement. This argues for putting a risk management plan in place before fraud occurs, and to make sure the plan includes provisions for monitoring executive behavior as well as extensive controls on regular operations.

47% of occupational frauds reported were perpetrated by people with six or more years tenure with the organization. These long-term employees also stole far more money. In aggregate, the long-term employees caused much higher total losses than those who were with the organization less than six years. The length of tenure increases loss in all types of jobs, but the higher the authority the greater the loss. Both authority and tenure operate to increase the losses.

Follow the money.

By department, the data tends to say, ‘follow the money’. The two biggest threats come from upper management and accounting (with the high authority individuals by far the bigger threat). The single most common type of fraud is corruption, which strikes hardest in executive/upper management, and purchasing. Both of these departments are likely to be linked to both internal and external networks, which may foster systematic (often collusive) corruption.

Occupational fraud is estimated to have cost over $7 billion dollars in 2017. The warning to organizations is clear. There is no absolute certainty about the likelihood of any given employee committing a fraud. The organization’s best response is systematic fraud prevention aimed at all levels and functions of the organization.

  Category: Occupational Fraud
  Comments: Comments Off on Who’s Putting Your Organization at Risk of Fraud?

Why Now is a Great Time for a Fraud Prevention Check-up

By Lowers & Associates,

The ending of one year and beginning of a new year is a great time to give your organization a fraud prevention check-up. This natural time of reflection and renewal provides an opportunity to better protect your organization from the risks of fraud.

The Association of Certified Fraud Examiners (ACFE) suggests that a fraud check-up can save your company from disaster. Wondering how? Consider that fraud can be catastrophic, some can even put you out of business overnight. Even if survived, a major fraud can damage your company’s reputation so severely that it can be difficult, if not impossible, to recover. Performing a fraud check-up can help you pinpoint opportunities to rid your organization of fraud. It can expose your company’s vulnerabilities and allow you to take a more proactive approach to risk management.

If you’re still questioning the importance of a fraud check-up, consider the 18 fraud facts highlighted in our latest slideshow, which come from the ACFE’s Report to the Nations on Occupational Fraud and Abuse:

 

Tips for performing a fraud prevention check-up

The ACFE put together this fraud prevention check-up document that walks you through 7 key areas of fraud prevention. It includes fraud risk oversight, ownership, assessment, risk management policy, process, and environment-level anti-fraud controls, along with assessment factors for each. You can use the check-up to obtain a broad idea of your organization’s performance with respect to fraud prevention. Your scores/assessments across the various criteria can expose gaps that should be closed promptly in order to reduce losses and cut your risk of future disaster.

It is important to note that the ACFE recommends the check-up be performed as a collaboration between objective, independent fraud specialists, and people within the organization who have extensive knowledge about its operations.

We invite you to request a conversation with a Lowers & Associates Certified Fraud Examiner.

How Anti-Fraud Controls are Evolving

By Lowers & Associates,

Occupational fraud awareness is the focus of Fraud Week but it’s also a rising concern of organizations year-round. At least that’s the message in the data from the Association of Certified Fraud Examiners: 2016 Report to the Nations on Occupational Fraud and Abuse.

The report compares the implementation of a wide range of anti-fraud controls across reported cases, and finds that every single type of control was more prevalent in 2016 than it was in 2010. This is true even for very widely used controls like more traditional types of financial audits and management review. An important example is the external review of financial statements, the single most common anti-fraud tool, whose implementation rate increased .08% to 81.7%.

Workforce Participation is Key

More interesting, is that the types of controls that have increased the most are those that leverage workforce participation and cultural restraints. The implementation rate for a hotline increased 8.9%, anti-fraud training for employees increased 7.6%, the establishment of an anti-fraud policy by 6.8%, and a code of ethics, already high, increased 6.3%.

It’s useful to think of the anti-fraud policy and code of ethics as part of the cultural framework, the stated intentions for acceptable behavior. These standards have to be demonstrated from the top down, and built into expectations for every employee. They have to be used when fraud is detected to devise an appropriate sanction in response, without equivocation.

Hotlines and Anti-Fraud Training are On the Rise

The largest rates of implementation increase for hotline and anti-fraud training for employees reflects actions taken to facilitate the cultural shift. Unlike the cultural standards that justify these tools, but which exist primarily in the beliefs of employees, hotline and training are concrete policies an organization can implement and measure. The connection between hotline and fraud detection is a fact: 39% of frauds detected come via a hotline. Training is less obvious, but it moves directly against the efforts of potential fraudsters to make up rationalizations for stealing. Training helps remove excuses, and clarifies the intentions of cultural policies.

Given the performance of hotlines, it is no wonder they are being adopted by many organizations. The key to this performance is availability, security, and privacy. The employee who reports suspicious behavior via a hotline has to feel secure, that it will be taken seriously and that it will not jeopardize his or her social standing in the enterprise.

Anti-fraud training helps employees interpret the code of ethics or anti-fraud policy in the context of their working lives. It may teach them how to recognize suspicious behavior or patterns of abuse, and how to report them. The ACFE report is full of “red-flag” behaviors that can indicate fraud or abuse, and employees who recognize these are better able to multiply the strength of the fraud prevention effort.

It is encouraging that so many organizations both recognize the threat of occupational fraud and take steps to prevent it., The fact is, that organizations of all types worldwide lose about 5% of topline revenue to fraud means the fight is far from over. In fact, given that fraud is an individualized crime, the effort to prevent it can never succeed completely. But it can win many battles, perhaps one that saves your organization.

Test Your Fraud Knowledge

By Lowers & Associates,

International Fraud Awareness Week begins next week. The point of Fraud Week, sponsored by the Association of Certified Fraud Examiners (ACFE), is to raise the visibility of occupational fraud and abuse, and to remind organizations to review and improve their fraud prevention and detection capabilities.

In case you’re thinking fraud is not an issue in your organization, you should know that extrapolating from actual fraud cases examined in 2016 and reported to ACFE, organizations worldwide lose 5% of topline revenue to fraud. Virtually every type of organization from business, government to non-profit sectors is vulnerable to fraud.

How much do you know about occupational fraud and abuse with respect to your organization? Prepare for Fraud Week by trying your hand at these questions based on ACFE’s 2016 Report to the Nations on Occupational Fraud and Abuse (answers are below):

1. Occupational frauds are most often detected in which way:

a) By accident
b) Through a management review
c) By a tip
d) By an internal audit

2. The median duration of occupational fraud is:

a) 3 months
b) 6 months
c) 18 months
d) 24 months

3. About what percentage of occupational frauds are committed by 2 or more in collusion?

a) 19%
b) 37%
c) 48%
d) 62%

4. What is the median loss to fraud?

a) $110,000
b) $150,000
c) $225,000
d) $1,000,000

5. The proportion of the 2016 fraud cases in the U.S. committed by owners or executives is:

a) 5%
b) 10%
c) 15%
d) 20%

6. The median loss to fraud for companies with less than 100 employees as compared to companies with 10,000+ employees are:

a) Much smaller
b) Proportionately smaller
c) About the same
d) Larger

7. The largest proportion of fraud is perpetrated by employees who have been with the organization:

a) Less than 1 year
b) 1 to 5 years
c) 6 to 10 years
d) More than 10 years

Answers

  1. c) By a tip. In 2016, tips were the most common detection method by a wide margin, accounting for 39.1% of cases. Hotlines were especially effective in generating tips.
  2. c) 18 months. The longer the fraud continues undetected, the higher the cost. 20% of the cases in 2016 were undetected for 36 months or longer, and cases that endured for 60+ months caused a median loss of $850,000.
  3. c) About 48%. In cases of fraud by collusion, the cost of the crime increased as more people were involved. A single fraudster caused a median $85,000 in losses, while a collaboration of 5 or more cost $833,000.
  4. b) $150,000 was the median loss. However, the average loss per case was $2.7 million, indicating that losses due to occupational fraud can be very significant.
  5. d) About 20%. Median loss due to fraud by U.S. owners or executives was far higher at $500,000 than for managers ($150,000) or employees ($54,000). Part of the difference is due to the fact that owner or executive fraud went undetected longer.
  6. c) About the same. In 2016, the median loss of a fraud case in an organization of less than 100 employees was $150,000, the same as for an organization with 10,000 or more employees. The relative impact of the loss was obviously much greater for the smaller organizations.
  7. b) 1 to 5 years. Employees are more likely to commit a fraud if they are familiar with the controls and systems in place, or when something in their circumstances changes over time. However, the median loss for a fraud increases regularly as the employee’s tenure lengthens.

You can learn a lot about occupational fraud and abuse by reading the 2016 Report to the Nations. Better yet, you can begin to see how you can improve your fraud prevention program to avoid being one of the cases in the Report.

5 Principles of Effective Fraud Risk Management

By Lowers & Associates,

fraud week

As part of the annual fraud awareness week, we wanted to bring you a quick summary of the principles of fraud risk management. These points are based on an extensive review titled Managing the Business Risk of Fraud: A Practical Guide.

As the Practical Guide emphasizes, “An organization should strive for a structured as opposed to a haphazard approach.” The Guide is a good place to start developing a fraud prevention and detection program as part of your overall risk management efforts (or structuring a review of an existing program). But as always, diving into the details of organizing and implementing a program like this requires significant effort. Skipping steps or making assumptions about risks and mitigation practices without systematic assessment will often lead to gaps or weaknesses in the plan. … Continue reading