Business Fraud: Detecting It, Dealing with It, and Preventing It


Download printable version

Business Fraud: Detecting It, Dealing with It, and Preventing It from Ever Happening in the First Place

The average company in the United States loses 5 percent of its revenue to fraud each year. That’s an annual median loss of $120,000 from padded expense reports, understated sales, sophisticated billing schemes, and other fraudulent business behavior. On a worldwide level the total cost of business fraud reaches nearly $3.5 trillion a year.

It usually takes 18 months to discover fraud inside a company, and during that period a colleague or employee—someone in the next office or just down the hall—continues to lie, manipulate, and steal in a way that corrodes an organization’s culture and values.

Anyone can commit business fraud—males and females, managers and employees, college and high school graduates. Approximately 80 percent of all fraud inside companies is perpetrated by people between the ages of 31 and 60. And 70 percent of the time a fraudster acts alone.

When people choose to commit business fraud, they rationalize their behavior by telling themselves they’re just borrowing money from the organization or that they’ve done a good job and deserve the extra “bonus” payments. There could be other factors at play in employee fraud. For example, if employees’ wages have been frozen or cut or they’ve been asked to contribute more for health coverage or other benefits, this can take a toll in today’s uncertain economy—one in which legions of former two-income households must now make do with just one paycheck. As a result, a number of people are feeling the financial pressure and, in an effort to pay the bills, commit business fraud.

Management obviously can’t control the economy, but it can fight business fraud by developing and deploying a robust and rigorous system of internal controls. There are three types of internal controls essential to preventing and detecting business fraud.

Preventive Controls

These are prospective and are intended to keep bad things from happening. They can include criminal-history background checks, spending limits on company credit cards, a preapproval process before purchases are made, strict adherence to budgets, and a gamut of password-protection controls.

                                                (Click image for larger view.)

One of the most prevalent internal controls management can adopt is segregation of employee duties. This ensures no one has unilateral authority over a single transaction cycle. In practical terms this might mean that one person enters new employees into the system, another person processes the day-to-day payroll, and still another approves the payroll. Or one person opens the mail, another enters the deposits into the accounting system, another makes the deposits, and, finally, a separate individual reconciles the account to the bank statements. Segregation of employee duties helps prevent business fraud because most fraudsters work alone, whereas conspiracy may be needed to perpetrate a fraud when adequate segregation of duties exists.

Detective Controls

These are designed to identify errors or fraud as transactions occur. Here, management periodically performs a reconciliation of the books, inventory counts, or surprise cash counts. There may also be regular variance reports, budget-to-actual analyses, or exception reporting—all in the name of determining whether management’s objectives have been met and potentially identifying whether business fraud is taking place.

It’s important to note that no matter how much companies may trust their employees, trust isn’t a control; it’s really a perception. And unbridled trust contributes to an environment ripe for fraud. However, trust when combined with a verification process is a control.

Corrective Controls

These are implemented after an error, unintentional or otherwise, is uncovered. Common practice for unintentional errors includes adjusting entries, training, or process redesign. However, for intentional actions, corrective controls include forfeiting a company credit card, termination, or litigation, sending a clear message to employees that inappropriate activity and business fraud will simply not be tolerated. Studies by the Association of Certified Fraud Examiners (ACFE) indicate that without clear-cut repercussions like this, more employees might be tempted to perpetrate business fraud.

Despite the fact that corrective controls can serve as a powerful deterrent to business fraud, many organizations don’t employ them because they fear doing so will tarnish the company’s reputation. Instead a number of firms shrink from creating meaningful and effective boundaries and “punt” with half measures after discovering business fraud. This often means that an employee who has committed fraud is reassigned to a new job in a new department within the company.

                                                (Click image for larger view.)

The number one way companies learn about business fraud in their midst is through tips—and approximately half of those tips come from employees. To encourage honest employees to keep speaking up when they see or suspect questionable behavior or fraud, it’s especially important that companies display a willingness to punish offenders through a series of hard-line corrective controls.

One of the most critical things for companies to remember, though, is that even the very best controls will fail if management doesn’t set an appropriate “tone at the top” for acceptable behavior in the organization—one that applies to everyone.

In the end, however, the best advice for managers who want to prevent and detect fraud in their companies is to think like a criminal—and then develop and deploy strong internal controls that plug the holes a criminal might try to exploit.

For more information and additional resources on fighting fraud, including detailed industry-by-industry statistics, download the ACFE’s full report.

Take This Article to Go

Articles, videos, and other Moss Adams resources are also available on your mobile device. Get the free app for iOS and Android:

The material appearing in this communication is for informational purposes only and should not be construed as legal, accounting, or tax advice or opinion provided by Moss Adams LLP. This information is not intended to create, and receipt does not constitute, a legal relationship, including, but not limited to, an accountant-client relationship. Although these materials have been prepared by professionals, the user should not substitute these materials for professional services, and should seek advice from an independent advisor before acting on any information presented. Moss Adams LLP assumes no obligation to provide notification of changes in tax laws or other factors that could affect the information provided.