Occupational fraud can sometimes equal millions of dollars in revenue loss. But the bottom line isn’t the only thing that suffers.
Small amounts, taken over the course of several years can equal substantial loss. It also has the potential to break trust with management, employee, customers, and clients—a sometimes more devastating consequence.
Ultimately, fraud is detectable, but prevention requires diligence. Given the high cost of occupational fraud loss, taking precautions and implementing risk reduction measures should be a necessary step for any organization, no matter its size.
The Pervasiveness of Fraud
Employee theft annually costs United States organizations $50 billion, according to Statistic Brain Research Institute report from 2018. This number is on the rise and represents a genuine threat to finances, employee morale, and the organization’s reputation.
Here’s some additional statistics that outline how fraud can result in damaging loss:
- $1.3 million average loss from employee theft (Hiscox, 2016)
- 5% of lost revenue each year to employee and executive fraud (Association of Certified Fraud Examiners, 2018)
There are a number of examples that make an organization more vulnerable to fraud. Here are the five most common scenarios:
- Internal control. This includes a lack of timeliness for cash deposits, failing to monitor overdraft funds, lack of appropriate segregation of duties, and a gap in the reconciliation of departmental expenditures. Internal control weaknesses were responsible for nearly half of all frauds in the United States in 2017 (ACFE, 2018).
- Noncash asset misappropriation schemes. Inventory theft is one of the greatest fraud risks.
- Evidence tampering. Manager-level fraudsters are more likely to alter evidence. Owners and executives are more likely to create or delete evidence.
- Smaller organizations. In a small organization, the median loss per incident is $200,000. In comparison, organizations with more than 100 people suffer fraud losses of $104,000 on average (ACFE, 2018).
- Specific industries. The manufacturing, energy, and government and public administration sectors are the industries with a higher risk for corruption schemes.
The Fraud Triangle
An organization is vulnerable to fraud when these three conditions occur in tandem:
Together, they form what’s known as the fraud triangle, which helps explain why people within an organization choose to commit fraud. For example, an employee can succumb to the pressures of money problems—such as student loans, medical bills, or even a gambling debt—when they see a temporary opportunity to commit fraud. Then, they’ll find a way to rationalize and justify the fraudulent behavior.
Consequences of Fraud
Fraud impacts and risk may vary depending on the number of employees. Here’s a breakdown of specific risks and their impact for organizations of varying sizes.
Small Organizations: Fewer Than 100 Employees
Fraud transactions are often small sums of money that result in large losses over time. For a small organization, the impact can be devastating.
As stated above, the average median loss was $200,000 per incident, according to a 2018 report from the ACFE. If the fraud incident continued for over five years, the average loss grew to $2.2 million; if it continued for 10 years or more, the number could be as high as $5.4 million, according to a 2016 Hiscox study.
Smaller transactions make theft harder to detect and the origin more difficult to pinpoint. Small organizations—or small branches of larger organizations—also tend to have fewer anti-fraud controls in place. The lack of these controls can lead to process loopholes and structure gaps, which allow employees an opportunity to exploit an organization.
Approximately 42% of fraud incidents are caused by lack of internal controls and 29% are committed by an owner or executive, according to the same 2018 ACFE report.
In addition to financial loss, a lack of trust may develop between an organization and the employees or the employees and the management team. The staff might be asked to pull double duty and assist in the investigation at a time when caution should be exercised.
They may also be asked to allocate resources to cover key operational priorities, such as ongoing monitoring, taking funds away from their teams and tasks, and drawing further attention to the incident.
Large Organizations of More Than 100 Employees
Although large organizations may have more resources to invest in their anti-fraud programs, their median loss is still $104,000 per incident, according to the 2018 ACFE report.
They also face greater exposures to risk, such as:
- More employees who are willing to rationalize a fraud scheme
- Increased opportunities for fraud to occur because processes are more complex
- Greater volumes of financial transactions to tempt and pressure employees
Larger organizations may feel safer because the financial loss of each incident is lower, but more incidents of fraud could happen at a faster rate than smaller organizations.
It can be easy to fall behind on risk reduction measures because fraud can originate from multiple sources: internal staff, customers, vendors, and service providers.
Methods to commit fraud also continue to change and grow. For example, a customer or vendor could falsify an invoice, a service-provider could have a controls failure, or an employee could collude with a vendor.
When an organization is tackling a fraud prevention plan, they tend to face three key challenges:
- Identification of emerging fraud risks and how to address them
- Lack of internal resources and expertise
- Shortage of manpower to tackle a manual review of transactions
Although these factors can lead to a higher risk of fraud occurring at an organization, they often go ignored until an incident has occurred.
Fear of Future Outcomes
It’s difficult to imagine that employees, management, executive leadership, or external partners are willing to commit fraud against an organization. Even when they’re ready to admit employee fraud is a common occurrence, management may choose not to be proactive about detection because incidents result in difficult outcomes.
Here are potential outcomes when fraud is discovered:
- Continued financial loss. Following an incident to its origin may require additional costs when an organization has already suffered a financial loss.
- Reputational damages. If there’s a finding, the reputation of an organization may be at risk internally and externally.
- Prosecution. An organization must decide if it’s willing to prosecute the perpetuator, which can result in additional time and resources.
Risk management is a continuous process. Once a fraud incident is identified, an organization must assess and respond to the occurrence. Then, it should continue to carefully monitor its risks because inaction presents the perfect opportunity for future incidents to occur.
Fraud Risk Assessment
Performing an independent assessment of an organization’s internal controls provides an objective view of procedures and potential vulnerabilities. It’s an effective method of laying a strong foundation for anti-fraud objectives while controlling costs at the same time.
The benefits of a fraud risk assessment are threefold:
- Detect fraud
- Identify emerging or residual fraud risks
- Develop a hierarchy for prioritizing risk response
The most common inherent risks an assessment can identify:
- Incentives, pressures, and opportunities to commit fraud
- Legal or regulatory misconduct, including asset misappropriation
- Information technology risks, such as the risk of internal control override
- Fraudulent financial reporting
An assessment often causes minimal interference for an organization. The findings can help bolster education and training initiatives for internal resources. There’s also the added benefit of building employee confidence in an organization’s fraud identification approach.
Confidential Reporting Hotline
Fraud losses are found to be 50% smaller at companies when a confidential reporting hotline is in place. Employees, vendors, customers, and clients can use the hotline to make a report when they suspect violations of ethics.
In 2018, 53% of employees reported credible fraud tips and 50% of corruption cases were detected by a tip, according to the ACFE.
Anti-fraud Management Technologies
Anti-fraud management technologies are effective method for fighting emerging fraud risks.
Data monitoring and analysis help identify trends in data-quality metrics and data values that alert an organization to pre-established rule violations. Continuous monitoring could spot variances from cyclical runs and notice when data exceeds pre-set limits. It can also provide incident notifications and analyze cost quantification for violations.
For example, blockchain technology uses public key encryption, identity authentication, and proof of work methods to create a chronological record of each transaction. This record helps trace the owner of any individual transaction, which discourages employees from committing fraud and makes perpetrators easy to identify.
It’s important for companies to thoroughly vet clients and vendors. As a first step, they may want to ask service providers for their System and Organization Controls (SOC) report, which is an independent report of internal controls. Vendor and client portals can also be valuable tools for automated data validation.
When organizations provide a method to customers and vendors to report suspected violations —such as a confidential reporting hotline—it reinforces the message that they’re serious about fraud prevention.
We’re Here to Help
While fear of findings and uncontrolled costs prevent many organizations from taking action, the cost of fraud far exceeds the cost of improving preventive and detective controls.
For more detailed information about how to approach fraud prevention at your organization and the benefits of a fraud risk assessment, contact your Moss Adams professional.