This article was updated August 30, 2022
Occupational fraud can sometimes equal millions of dollars in revenue loss. But the bottom line isn’t the only thing that suffers.
Small amounts, taken over the course of several years can equal substantial loss. It also has the potential to break trust with management, employees, customers, and clients—sometimes a more devastating consequence.
Ultimately, fraud is detectable, but prevention requires diligence. Given the high cost of occupational fraud loss, taking precautions, and implementing risk reduction measures should be necessary steps for any organization, no matter its size.
How Much Does Theft and Fraud Cost?
What Are Common Risk Factors and Fraud Techniques for Organizations?
There are a number of possible risk factors that might make an organization more vulnerable to various fraud techniques. Here are some examples of both:
Risk Factors
- Weak Internal control. This includes a lack of timeliness for cash deposits, failing to monitor overdraft funds, lack of appropriate segregation of duties, and a gap in the reconciliation of departmental expenditures. The ACFE also found that internal control weaknesses were responsible for nearly half of all frauds in the United States in 2022.
- Smaller organizations. In a small organization, the median loss per incident is $150,000. In comparison, organizations with more than 100 people suffer fraud losses of $104,000 on average, per the ACFE.
- Specific industries. The manufacturing, energy, and public administration sectors are industries at higher risk for corruption schemes.
Fraud Techniques
- Noncash asset misappropriation schemes. Inventory theft is one of the greatest fraud risks.
- Evidence tampering. Manager-level fraudsters are more likely to alter evidence. Owners and executives are more likely to create or delete evidence.
What’s the Fraud Triangle?
An organization is vulnerable to fraud when these three conditions occur together:
- Pressure
- Opportunity
- Rationalization
Together, they form what’s known as the fraud triangle, and help explain why people within an organization commit fraud. For example, an employee can succumb to the pressures of money problems—such as student loans, medical bills, or gambling debt—when they see a temporary opportunity to commit fraud. Then, they’ll find a way to rationalize and justify the fraudulent behavior.
What Are the Potential Consequences of Committing Fraud?
Fraud impacts and risk may vary depending on the number of employees. Here’s a breakdown of specific risks and their impact for organizations of varying sizes.
Small Organizations: Fewer than 100 Employees
Fraud transactions are often small sums of money that result in large losses over time. For a small organization, the impact can be devastating.
The average median loss was $117,000 per incident according to the ACFE. If the fraud incident continued for over five years, the average loss grew to $2.2 million. If it continued for 10 years or more, the number could be as high as $5.4 million, according to a 2017 Hiscox study.
Inadequate Controls
Smaller transactions make theft harder to detect and the origin more difficult to pinpoint. Small organizations—or small branches of larger organizations—also tend to have fewer anti-fraud controls in place. The lack of these controls can lead to process loopholes and structure gaps, which allow employees an opportunity to exploit an organization.
Approximately 29% of fraud incidents are caused by lack of internal controls and 23% are committed by an owner or executive, according to the same 2022 ACFE report.
Trust Issue
In addition to financial loss, a lack of trust may develop between an organization and its employees or between the employees and the management team. The staff might be asked to pull double duty and assist in the investigation at a time when caution should be exercised.
They may also be asked to allocate resources to cover key operational priorities, such as ongoing monitoring, taking funds away from their teams and tasks, and drawing further attention to the incident.
Large Organizations of More than 100 Employees
Although large organizations may have more resources to invest in their anti-fraud programs, their median loss is still $138,000 per incident, according to the 2022 ACFE report.
They also face greater exposures to risk, such as:
- More employees who are willing to rationalize a fraud scheme
- Increased opportunities for fraud to occur because processes are more complex
- Greater volumes of financial transactions to tempt and pressure employees
Larger organizations may feel safer because the average financial loss of each incident is lower, but more incidents of fraud could happen at a faster rate than smaller organizations.
What Are the Barriers to Fraud Prevention?
It can be easy to fall behind on risk reduction measures because fraud can originate from multiple sources, such as:
- Internal staff
- Customers
- Vendors
- Service providers
Technology also continues to evolve, introducing new vulnerabilities and related fraud considerations. For example, blockchain and decentralized finance (DeFi) have simultaneously strengthened security and controls while also establishing new environments for fraud of various types to thrive, including Ponzi schemes, digital asset scams, and rug pulls.
If adopting such technologies, whether internally or through a third-party service provider, it is important for entities to consider the impact to internal controls and fraud risk.
When an organization is tackling a fraud prevention plan, they tend to face three key challenges:
- Identification of emerging fraud risks and how to address them
- Lack of internal resources and expertise
- Shortage of manpower to tackle a manual review of transactions
Although these factors can lead to a higher risk of fraud occurring at an organization, they often go ignored until an incident has occurred.
Fear of Future Outcomes
Imagining that employees, management, executive leadership, or external partners are willing to commit fraud against an organization can be difficult. Even when ready to admit that employee fraud is a common occurrence, management may not to be proactive about detection given that incidents result in difficult outcomes.
Here are potential outcomes when fraud is discovered:
- Continued financial loss. Following an incident to its origin may require additional costs when an organization has already suffered a financial loss.
- Reputational damages. If there’s any finding, the reputation of an organization may be at risk internally and externally.
- Prosecution. An organization must decide if it’s willing to prosecute the perpetrator, which can result in additional time and resources.
How Can Your Organization Prevent Fraud?
Risk management is a continuous process. Once a fraud incident is identified, an organization must assess and respond to the occurrence. Then, it should continue to carefully monitor its risks because inaction presents the perfect opportunity for future incidents to occur.
Fraud Risk Assessment
Performing an independent assessment of an organization’s internal controls provides an objective view of procedures and potential vulnerabilities. It’s an effective method of laying a strong foundation for anti-fraud objectives while controlling costs at the same time.
What Are the Benefits of a Fraud Risk Assessment?
- Detect fraud
- Identify emerging or residual fraud risks
- Develop a hierarchy for prioritizing risk response
What Are the Most Common Inherent Risks an Assessment Can Identify?
- Corruption
- Incentives, pressures, and opportunities to commit fraud
- Legal or regulatory misconduct, including asset misappropriation
- Information technology risks, such as the risk of internal control override
- Fraudulent financial reporting
An assessment often causes minimal interference for an organization. The findings can help bolster education and training initiatives for internal resources. There’s also the added benefit of building employee confidence in an organization’s fraud identification approach.
Confidential Reporting Hotline
Fraud losses are found to be 50% smaller at companies when a confidential reporting hotline is in place. Employees, vendors, customers, and clients can use the hotline to make a report when they suspect violations of ethics.
In 2022, 42% of employees reported credible fraud tips and 50% of corruption cases were detected by a tip, per the ACFE.
Anti-fraud Management Technologies
Anti-fraud management technologies are effective methods for fighting emerging fraud risks.
Data monitoring and analysis help identify trends in data-quality metrics and data values that alert an organization to preestablished rule violations. Continuous monitoring could help spot variances from cyclical runs and notice when data exceeds preset limits. It can also provide incident notifications and analyze cost quantification for violations.
For example, blockchain technology uses public key encryption, identity authentication, and proof-of-work methods to create a chronological record of each transaction. This record helps trace the owner of any individual transaction, which discourages employees from committing fraud and makes perpetrators easy to identify.
Third-Party Protections
It’s important for companies to thoroughly vet clients and vendors. As a first step, they may want to ask service providers for their System and Organization Controls (SOC) report, which is an independent report of internal controls. Vendor and client portals can also be valuable tools for automated data validation.
When organizations provide a method to customers and vendors to report suspected violations —such as a confidential reporting hotline—it reinforces the message that they’re serious about fraud prevention.
We’re Here to Help
While fear of findings and uncontrolled costs prevent many organizations from acting, the cost of fraud far exceeds the cost of improving preventive and detective controls.
For more detailed information about how to approach fraud prevention at your organization and the benefits of a fraud risk assessment, contact your Moss Adams professional. You can also visit our Internal Audit Services page for additional resources.