When it comes to occupational fraud, the total loss an organization suffers is correlated with the length of time from when the fraud begins to the time it is detected. This is true for all types and circumstances of fraud even though some types lead to greater total losses, e.g., petty larceny vs. financial statement fraud. The Association of Certified Fraud Examiners’ (ACFE) 2018 Report to the Nations finds that frauds that are not detected in 60 months are 20 times as costly as those detected within the first six months.
Therefore, there is substantial value for any policy or procedure that reduces detection time. Overall the most common form of detection is from tips, especially when a safe and easily accessed hotline is provided. Other common forms of active detection are internal controls and routine internal and external audits.
Surprise Audits are Surprisingly Effective
Where external audits reduce fraud losses by less than a third, unannounced audits were found to reduce median loss and duration by 51%. When unannounced audits were in effect, median losses dropped from $152k per fraud case to $75k. What’s more, the use of unannounced audits was shown to cut the average detection time in half for fraud cases in the ACFE 2018 study. However, while superior in terms of effectiveness, unannounced audits are much less commonly used than external audits. Only 37% of the companies surveyed in the 2018 ACFE report, ‘Report to the Nations,’ used unannounced audits to detect fraud.
An unannounced audit would typically be performed by an external third party, but it doesn’t have to be. The key thing is that it must truly be unanticipated by employees or contractors who have access to assets to prevent them from taking steps to conceal fraudulent activity. An unannounced audit might employ a different and unusual approach compared to routine internal audits as an added precaution to thwart the fraudsters’ defensive tactics. Intuitively, an unannounced audit can disrupt fraud more effectively than an audit that is expected.
Perhaps the most important benefit of an unannounced audit is its capacity to detect frauds earlier, thereby reducing total losses. Obviously, these audits have to be performed often enough to disrupt fraudulent activity, but their value justifies the expense of more frequent application.
A secondary, less often recognized benefit of an audit being unannounced is that it provides a test of the routine controls in place to detect fraud. It is exactly where internal controls are weak that some of the most expensive frauds can occur. The longer-term benefit of being unannounced includes strengthening the routine controls that operate every day.
Unannounced audits can be used in many circumstances. Auditing cash on hand is one of the most important applications, which can cover activities ranging from skimming petty cash to concealing large cash thefts from CIT carriers. Numerous accounting functions like accounts payable and payroll, as well as routines like inventory are vulnerable to frauds that can be detected by unannounced audits.
Like any other audit, unannounced audits have to be planned. The planning will involve identifying the risk points in the system being evaluated and understanding the design of existing internal controls. These factors will be used to create an audit approach leading to reporting and policy revisions as needed.
Sometimes an unannounced audit is the best way to reveal the truth about operations. The clear light of observation is the last thing a fraudster wants to see.