If you are like many business owners and managers, you are certain there are no fraud problems in your organization. Are you really sure?
Every two years, the Association of Certified Fraud Examiners (ACFE) publishes a new version of their “Report to the Nations” (here’s the 2014 version) on the incidence and costs of organizational fraud. In every report they find that about 5% of top line revenue is lost worldwide to thefts by employees, owners, or partners with access to an organization’s resources.
The aggregate monetary cost of these losses is staggering, and does not even estimate the on-going costs of damages to reputation. ALL types of organization are vulnerable, and ALL types of employees and owners perpetrate these thefts. The only distinctive pattern in the data year after year is that fraud is a ubiquitous problem.
And yet, we often find organizations that have no preventative measures in place against fraud, and take no effective actions to detect it. This complacency is a common human trait: if nothing has happened in the past, nothing is going to happen in the future. Predicting the future based on historic patterns is a powerful tool, and it is often accurate. … Continue reading
We know the prevalence of occupational fraud is very high, costing organizations of all kinds an average of 5% from top line revenue every year. But what this means is that the importance of preventing these human risk frauds has a high payback, as well.
Owners and managers—employers generally—have a very strong incentive to discover every clue that exists within their own organizations to root out risky people, or at least to make it difficult for them to perpetrate frauds.
Occupational fraud is an intentional, hidden crime, sometimes not detected until years after it starts. Therefore, in order to know where to look within the organization for the potential perpetrators even before the frauds are discovered, it will help to know what characteristics fraudsters are likely to have. In other words, knowing what fraudsters are like can help improve the detection of hidden frauds, or to prevent them in the first place. … Continue reading
The 2014 edition of the Association of Certified Fraud Examiners (ACFE) report on occupational fraud confirms and extends previous findings that fraud is a persistent threat across time and borders. Extrapolating the incidence of fraud from the 1,483 cases included in the study to the estimated world GDP, ACFE estimates that occupational fraud cost as much as $3.7 trillion in 2013.
The report classifies occupational fraud into three broad categories:
- Corruption—such as bribery, conflicts of interest, and extortion
- Asset misappropriation—such as theft of cash, fraudulent disbursements, and inventory manipulation
- Financial statement fraud
Of these, asset misappropriation is the most common, but results in the smallest median loss of $130,000 per case. Financial statement fraud is relatively uncommon, but results in a median loss of over $1 million. … Continue reading
As an experienced corporate investigator, having investigated hundreds of various types of fraud cases, it’s really not hard to come to the conclusion that where there is smoke there is usually fire and often times in more than one place. When a client or an individual is alerted to suspicious behavior by an employee/contractor, the investigation generally must focus on the specific allegations. However, it is also important to use the initial investigation opportunity to open a broader review into the suspect for two main reasons:
- To look for motivating factors (a motive); and
- To determine, if he/she may be committing fraud or deviant behavior in other areas not specific to the case. After all, if the individual is involved in some form of fraud or deviant behavior that we are aware of, it is highly probable this extends to other areas as well.
According to the widely accepted Fraud Triangle model developed by Donald Cressey, “…individuals are motivated to commit fraud when three elements come together: 1) some kind of perceived pressure, 2) some perceived opportunity, and 3) some way to rationalize the fraud as not being inconsistent with one’s values.” One of the reasons for opening a broader investigation and not just focusing on the specific allegations is to look for motivating factors or pressure(s) the person may be under that might drive him/her to commit the fraud. People often say “I would never do that” but when faced with varying degrees of perceived pressure, it is difficult to determine the lengths people will actually go to in committing fraud. … Continue reading
In general, compliance is conforming to particular expectations, standards, or behaviors, where risk is an exposure to potential loss or injury. When we think of compliance in the security arena, it often means that you are following prescribed standards, which could be regulatory, industry best practices, or standards that are otherwise customized or company specific.
While compliance and risk often follow the same path, a compliance audit or survey is often performed with a one-size-fits-all “compliance only” approach, as opposed to one that requires more complex reasoning.
Some may question the rationale of compliance if risk is not a constant consideration. Lack of experience, industry knowledge, or even simply lack of time can hinder the ability to take a more risk-based direction. After all, taking a compliance only approach simplifies the security audit process by allowing for uniform application, reduced subjectivity and error in assessment, and strong performance metrics capability.
Is the added complexity of a risk-based approach worth the effort? … Continue reading