First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Common anti-fraud controls ineffective at preventing and detecting fraud

fraud-cosoA “typical” business can lose five percent of its revenue to fraud according to the latest global fraud study from the Association of Certified Fraud Examiners. And organizations are lucky if they detect the fraud at all. Most businesses find out about fraud from a tip, not from strong internal controls.

In addition, some of the most common controls to detect fraud are the least effective, particularly external audits and background checks. According to the association, organizations are more likely to detect fraud by accident than by an external audit.

Interestingly, the study found that, in Canada, employees are more likely to perpetrate fraud than anywhere else in the world, and more than twice as likely as either managers or executives.

Fraud risk is big

Organizations of all sizes know occupational fraud—asset misappropriations, corruption and financial statement fraud—pose a significant threat to their operations, but the scope and sources of these activities may be surprising. According to the report:

  • The median loss caused by the frauds was $145,000
  • 22 percent of the cases involved losses of at least $1 million
  • The median duration—the amount of time from when the fraud commenced until it was detected—for the fraud cases was 18 months
  • Asset misappropriations are the most common type of fraud, occurring in 85 percent of the cases, as well as the least costly, causing a median loss of $130,000
  • Only nine percent of cases involved financial statement fraud, but those cases had the greatest financial impact, with a median loss of $1 million
  • Corruption schemes fell in the middle in terms of both frequency (37 percent of cases) and median loss ($200,000)
  • Approximately 30 percent of the schemes in the study included two or more of the three primary forms of occupational fraud
  • Tips are consistently and by far the most common fraud detection method
  • Over 40 percent of all cases were detected by a tip-more than twice the rate of any other detection method
  • Employees accounted for nearly half of all tips that led to the discovery of fraud
  • Organizations with hotlines detected frauds 50 percent quicker and suffered fewer losses

The smallest organizations tend to suffer disproportionately large losses due to occupational fraud. Additionally, certain categories of fraud are much more prominent at small entities.

  • The banking and financial services, government and public administration, and manufacturing industries continue to have the greatest number of fraud cases reported, while the mining, real estate, and oil and gas industries had the largest reported median losses
  • The presence of anti-fraud controls is associated with reduced fraud losses and shorter fraud duration
  • Fraud schemes that occurred at victim organizations that had implemented any of several common anti-fraud controls were significantly less costly and were detected much more quickly than frauds at organizations lacking these controls
  • The higher the perpetrator’s level of authority, the greater fraud losses tend to be:
  • Owners/executives only accounted for 19 percent of all cases, but they caused a median loss of $500,000
  • Employees, conversely, committed 42 percent of occupational frauds but only caused a median loss of $75,000
  • Managers ranked in the middle, committing 36 percent of frauds with a median loss of $130,000
  • Collusion helps employees evade independent checks and other anti-fraud controls, enabling them to steal larger amounts
  • The median loss in a fraud committed by a single person was $80,000, but as the number of perpetrators increased, losses rose dramatically
  • In cases with two perpetrators the median loss was $200,000, for three perpetrators it was $355,000, and when four or more perpetrators were involved, the median loss exceeded $500,000
  • 77 percent of the frauds were committed by individuals working in accounting, operations, sales, executive/upper management, customer service, purchasing and finance
  • At the time of the survey, 58 percent of the victim organizations had not recovered any of their losses due to fraud, and only 14 percent had made a full recovery

What practices can employers implement to prevent and uncover fraud?

The association recommends taking a proactive approach to fraud prevention and detection. Measures like hotlines, management review procedures, internal audits and employee monitoring are essential to uncover fraud and minimize the losses associated with it.

For small businesses—with less to spend and more to lose—the risks are greater, but simple controls can improve protection against fraud substantially. An anti-fraud policy is the most basic step, but extremely effective at reducing the effects of fraud. Management review and fraud training are other effective low-cost practices.

Besides relying on practices like external audits that may not be providing the desired results, businesses overlook truly effective practices. The association found:

proactive data monitoring and analysis was used by only 35 percent of the victim organizations, but the presence of this control was correlated with frauds that were 60 percent less costly and 50 percent shorter in duration. Other less common controls-including surprise audits, a dedicated fraud department or team and formal fraud risk assessments-showed similar associations with reductions in one or both of these measures of fraud damage.

And offers this advice:

When determining how to invest anti-fraud dollars, management should consider the observed effectiveness of specific control activities and how those controls will enhance potential fraudsters’ perception of detection. (Emphasis added.)

In other words, how effective one perceives a control to be also plays a part in its actual effectiveness.

Fraud warning signs

Since most perpetrators of fraud are first-time offenders, background checks are unlikely to uncover bad apples. Employers would do better to make an effort to understand fraud risk factors and warning signs, and perform ongoing employee monitoring.

Most occupational fraudsters exhibit certain behavioral traits that can be warning signs of their crimes, such as living beyond their means or having unusually close associations with vendors or customers. In 92 percent of the cases we reviewed, at least one common behavioral red flag was identified before the fraud was detected. Managers, employees, auditors and others should be trained to recognize these warning signs that, when combined with other factors, might indicate fraud. (Emphasis added.)

Other warning signs include a “wheeler-dealer” attitude, unwillingness to share duties, divorce or other family problems, addiction, job pressure, refusing to take vacations, acting suspicious or defensive, bullying or intimidation, excessive absenteeism or lateness, recent poor performance evaluations, fear of losing job, actual loss of job, demotion or pay cut.

Interestingly, the association found that in Canada internal audits were only as effective as external audits at detecting fraud. But combined with account reconciliation, document examination, surveillance, management review and employee tips, employers will have a strong set of controls to deter and detect employee fraud.

How do you match up?

The association outlines 18 common anti-fraud practices and the proportion of Canadian businesses that use them:

  • External audit of financial statements, 76.4 percent
  • Code of conduct, 73.6 percent
  • Employee support programs, 72.5 percent
  • Management certification of financial statements, 72.3 percent
  • Independent audit committee, 72.2 percent
  • Internal audit department, 68.4 percent
  • External audit of internal controls over financial reporting, 66.7 percent
  • Management review, 60.0 percent
  • Hotline, 56.1 percent
  • Fraud training for managers/executives, 50.0 percent
  • Anti-fraud policy, 46.0 percent
  • Fraud training for employees, 42.9 percent
  • Dedicated fraud department, function or team, 38.9 percent
  • Formal fraud risk assessments, 38.8 percent
  • Proactive data monitoring/analysis, 36.7 percent
  • Surprise audits, 29.4 percent
  • Job rotation/mandatory vacation, 22.0 percent
  • Rewards for whistleblowers, 4.4 percent

Which of these practices do you employ? Which have you found effective at preventing or detecting fraud?

prod-fappFor more information on anti-fraud controls, take a free trial of Finance and Accounting PolicyPro, published by First Reference.

Follow me

Adam Gorley

Editor at First Reference
Adam Gorley, B.A. (Phil.), is a researcher, content provider and editor. He contributes regularly to First Reference Talks and Internal Control blogs, HRinfodesk and other First Reference publications. His areas of focus include broad human resources issues, corporate social responsibility, corporate governance and government policies, information technology and labour market trends.Read more
Follow me

, , , , , , , , , , , , , , , , , , , , , , ,

Comments are currently closed.