Fraud risk is a real and ever-present concern for a range of industries, no matter the nature of the business or products in question. Assessing, managing and combating threats, in their various and increasingly sophisticated forms, is an ongoing battle.
The Association of Certified Fraud Examiners recently released its 2014 Report to the Nations on Occupational Fraud and Abuse. This study was based on a survey of certified fraud examiners and used cases investigated by those CFEs to analyze trends regarding how fraud is committed and detected. Participants shared detection methods and explored anti-fraud controls designed to detect fraud more quickly, thereby reducing losses.
This report clearly shows that the amount of loss caused by a fraud scheme is, in part, a function of the duration of the fraud scheme. While there are other variables that affect the size of the loss, such as the position of the fraudster within the company or the type of fraud committed, generally, the shorter the duration of the fraud, the smaller the amount of the loss.
The importance of this trend is magnified considering how expensive fraud can be, especially to small organizations. CFEs estimate that the average organization will lose 5 percent of their revenues to fraud every year. The median loss incurred from the cases highlighted in the report due to occupational fraud was $145,000.
For many organizations, a loss of this magnitude can cause irreparable damage, especially when considering there is a 48 to 58 percent chance the victim organization will not recover any of the fraud loss. However, in an effort to reduce the risk of losses due to fraud, organizations have many options.
Active fraud-detection methods
The five most effective methods – when it comes to effective and efficient fraud detection – are all considered “active detection” methods. Among the more successful methods are:
- Account reconciliation
- IT Controls
- Internal audit
- Management review
Interestingly, the external audit option, which serves many important functions related to compliance and financial reporting, is not particularly effective at detecting fraud. Though it was employed in 80 percent of the cases detailed in the report and is generally the most common anti-fraud control, the external audit process proved less effective, perhaps in part because it was the primary method of detection in only 3 percent of those cases. In fact, external audit was the initial method of detection half as frequently as detection by accident.
Proper utilization of anti-fraud controls
Many effective anti-fraud controls are currently being underutilized. For example, proactive data monitoring and analysis were present in only 35 percent of cases. But when this control was present, as compared to when this control was not present, losses were reduced by 60 percent and fraud duration was minimized by 50 percent. Another control, formal fraud risk assessments, while present in only 34 percent of all cases, reduced the loss amount by 44 percent and the duration of the fraud by 48 percent.
Smaller organizations tend to suffer disproportionately large losses, in part, because many of them underutilize anti-fraud controls. Per the report, almost one-third of victim organizations had not implemented appropriate anti-fraud controls. In small organizations, inadequate controls were the primary weakness in 41 percent of the reported cases. Additionally, 20 percent of the reported cases could have been avoided with sufficient management review.
Fraud risk, just like any other form of risk, can be mitigated if properly assessed and the appropriate controls are implemented and efficiently maintained. For additional assistance with risk management, consult with a LaPorte professional within the Risk Advisory Services team.