According to the Association of Certified Fraud Examiners (ACFE), a single case of occupational fraud costs the victim organization an average of more than $1.5 million, and Certified Fraud Examiners (CFEs) estimate that organizations lose 5% of their revenues each year to fraud. In the ACFE’s 2020 Report to the Nations, a study of 2,504 cases of occupational fraud investigated by CFEs in 125 countries, the typical fraud lasted 14 months before it was detected and caused a median loss of $8,300 a month.
In an effort to educate organizations on the reality of fraud and to increase awareness of the controls that can help reduce fraud, each year the ACFE sponsors Fraud Awareness Week. Today marks day one of our Fraud Week series, Fraud Stories and Lessons Learned, and we are pleased to introduce Milton de Oca, Director of Operations for Lowers & Associates International. Prior to joining L&A, Milton served 32 years as a police officer with the Miami police department, a gangs sergeant, and finally, as the commander of the intelligence and terrorism unit.
Milton tells the story of an attempted fraud he and the L&A team helped to uncover and resolve in South America related to the procurement of ballistic vests that were to be used for dignitary protection.
Listen to the story here:
This interesting case demonstrates that fraud can come in many forms and at any level. Often it takes a considerable amount of investigation to uncover the fraud and while, in this case, we were able to exonerate the client of the loss, the ACFE reports that most organizations (54%) do not ever recover the losses they suffer at the hand of occupational fraud.
Milton advises all organizations to enlist the help of an independent outside source in cases like these in order to conduct an unbiased investigation.
Stay tuned tomorrow for another fraud story from the front lines of Lowers & Associates.
Payroll fraud accounts for about 9.3% of occupational fraud at a cost of over $300 million per year across all types of organizations. One of the most common forms of payroll fraud is the use of “ghost employees” to divert money to fraudulent identities. Like all organizational frauds, this is a hidden crime that can best be prevented by controls designed to expose all payroll transactions.
In this post, we offer an overview of the elements of a fraud prevention program that would be useful in any organization. Summarized from, Managing the Business Risk of Fraud: A Practical Guide, produced by a consortium of associations, the guidelines point to specific steps managers can take to implement an effective fraud prevention program.
Big Data is becoming a resource in the fraud fighter’s arsenal as more companies are using data analytic software to look for anomalous patterns in internal data. This method has helped some companies monitor more data sources, cutting the time for detection and reducing the costs of fraud.
A recent post by Peter Goldmann of ACFE reports on the rate of adoption of data analytic technology, finding that the largest group is companies that have no data analysis program at all (almost 30%–see the bar graph). … Continue reading
Despite the wealth of well-publicized information about the high prevalence of organizational fraud and the high costs of fraud, it is always surprising to learn that so many companies operate without systematic fraud prevention programs, or fail to review their programs on a regular basis.
In fact, there are very important reasons fraud prevention is worth the effort. Here are some of them: … Continue reading
In general, compliance is conforming to particular expectations, standards, or behaviors, where risk is an exposure to potential loss or injury. When we think of compliance in the security arena, it often means that you are following prescribed standards, which could be regulatory, industry best practices, or standards that are otherwise customized or company specific.
While compliance and risk often follow the same path, a compliance audit or survey is often performed with a one-size-fits-all “compliance only” approach, as opposed to one that requires more complex reasoning.
Some may question the rationale of compliance if risk is not a constant consideration. Lack of experience, industry knowledge, or even simply lack of time can hinder the ability to take a more risk-based direction. After all, taking a compliance only approach simplifies the security audit process by allowing for uniform application, reduced subjectivity and error in assessment, and strong performance metrics capability.