To prevent fraud, offer a hotline, train employees on fraud prevention, report says

Providing individuals a means to report suspicious activity and conducting targeted fraud awareness training for employees and managers are two key elements in detecting and preventing fraud, a new report says.

Fraud is most commonly detected through employee tips, and organisations that have anti-fraud training programmes for employees, managers and executives experience less costly losses and shorter occurrences of fraud, according to the 2012 “Report to the Nations on Occupational Fraud and Abuse” by the Association of Certified Fraud Examiners (ACFE).

Respondents from business and industry in an AICPA survey, meanwhile, said they are using general internal controls, screening of new employees, division of responsibilities, appropriate oversight, physical controls and computer-based controls to prevent fraud.

The AICPA’s recently completed report, “The 2011 Forensic and Valuation Services (FVS) Trend Survey”, also demonstrated the significant effect technology is having in the area of fraud. Aside from knowledge of forensic procedures (identified by 48%), knowledge about computer-driven internal control (16%) was identified by respondents as the most useful training related to uncovering financial statement misrepresentation over the next two to five years.

Eighty-three per cent anticipated greater demand for computer forensic investigations in the next two to five years, and nearly half anticipated hiring more people in this high-demand area.

Robert Harris, CPA/CFF/CGMA, the chair of the AICPA’s 2012 Certified in Financial Forensics Credential Committee, said it’s essential for accountants to understand the role computers are playing.

“So much more is happening with computers these days,” Harris said in a telephone interview. “We’re seeing more and more fraud committed within computers.”

Most common, costly schemes

Tips have been the most common method of fraud detection since the ACFE began tracking fraud data in 2002. As in the most recent previous “Report to the Nations” in 2010, management review and internal audit ranked as the second- and third-most common methods of detection, but tips were almost three times as common as either of those factors as an initial method of detection. Initial detection occurred via tip in 43% of the frauds in the survey.

The “Report to the Nations” was based on the results of an online survey of Certified Fraud Examiners from October 2011 to December 2011. The report is based on 1,388 fraud cases from 96 countries.

Investing entities (25%) and lending institutions (19%) were the business sectors respondents in the AICPA survey expected to have the most allegations of financial misrepresentation in the next two to five years.

The ACFE survey found industries most commonly victimised by fraud were banking and financial services, government and public administration, and manufacturing.

Frauds most commonly reported by business and industry respondents in the AICPA survey were false payment requests, check and credit card fraud, and theft by employees. Most financial statement misrepresentations involved overstatements of accounts receivable, inventory, securities or other assets.

Asset misappropriation was the most common type of fraud found in the ACFE survey at 87% of cases reported by respondents. But those cases were the least financially costly at a median loss of $120,000. Conversely, while financial statement frauds remained relatively rare at 8% of the cases detailed by respondents, they inflicted greater damage, with median losses of $1 million, the ACFE found.

For all geographic regions, corruption and billing schemes comprised more than 50% of the frauds reported to the ACFE, making those types of schemes a worldwide risk.

The ACFE survey also found that:

• Small businesses are particularly vulnerable to fraud because they often have fewer resources and less effective fraud controls than larger organisations.

• In 49% of cases, the victim organisation had recovered no losses from fraud at the time of the survey. Just 16% reported recovery of 100% of losses.

• As in 2010, accounting was the most common area of employment for perpetrators, representing 22% of cases. Operations ranked second at 17%.

• Behavioral red flags most commonly associated with perpetrators were: living beyond their means (36%) and financial difficulties (27%).

“An army” of auditors

Fraud reporting mechanisms such as hotlines should be set up to receive tips from internal and external sources and allow anonymity and confidentiality, according to the report. At a minimum, staff should be educated about what constitutes fraud, how fraud harms everyone in the organisation and how to report questionable activity, the report says.

“I liken the idea of investing in anti-fraud training for employees to essentially creating an army of fraud auditors out of your entire staff,” Andi McNeal, CPA/CFE, the ACFE’s director of research, said in a telephone interview.

External audits are the most commonly implemented control but should not be relied upon as a primary fraud detection method, according to the report, as they detected just 3% of the frauds reported in the survey.

Anti-fraud efforts at small businesses should focus on cost-effective methods such as hotlines, employee education and setting an appropriate ethical tone, according to the report. McNeal said that half the small companies victimised in the study did not even have a code of conduct in place.

She said a formal code of conduct can be implemented at very little cost, and that research shows that it’s more cost-effective to invest in fraud prevention measures than to spend later on detection, investigation and loss recovery.

Respondents in 36% of the cases in the ACFE survey said a lack of internal controls was the most important contributing factor to a fraud.

“It shows that there really is an opportunity for companies to invest here, and coming out of a period of economic difficulty, companies have worked really hard to maintain their economic soundness,” McNeal said. “It’s a good time to take a look and make sure there aren’t internal weaknesses that could result in financial stress or catastrophe.”

Revenue recognition “difficult … to get right”

The AICPA’s survey polled 737 forensic and valuation CPAs, who were primarily employed at accounting and consulting firms. AICPA members in business and industry including CFOs, controllers and chief executives or presidents participated in an additional segment of the survey. Revenue recognition, identified by 36% of forensic and valuation CPA respondents, was cited as the most prevalent issue in financial statement misrepresentation that would be encountered over the next two to five years. Valuation of assets carried at fair value was identified by 32%.

Harris said the US Financial Accounting Standards Board’s convergence project on revenue recognition with the International Accounting Standards Board is contributing to the concern over that subject. He also said revenue recognition is tricky because, for instance, a wireless phone company has to figure out when to recognise revenue from the smartphones it sells and when to take a two-year contract into income.

“It’s a very difficult task to get right,” Harris said.

The mobile threat

The use of mobile devices was the most common technological threat cited by forensic and valuation CPAs, identified by 28%. Malicious insiders (19%), remote access (19%) and social networking (18%) each were identified by nearly one-fifth of AICPA FVS survey participants as the biggest technology threat.

Harris said smartphones are a hazard because people essentially are carrying minicomputers everywhere and logging in to unsafe networks. Passwords are then compromised, and fraud ensues.

“If you’re not absolutely positive of what the network is that you’re logging in to, don’t log in to it,” Harris said.

—Ken Tysiac (ktysiac@aicpa.org) is a CGMA Magazine senior editor.