Fraud continues to take huge bites from organisational coffers, but the implementation of anti-fraud controls can significantly reduce the damage done, a new report shows.
The Association of Certified Fraud Examiners (ACFE) on Tuesday released its biennial Report to the Nations on Occupational Fraud and Abuse. The more than 1,400 anti-fraud experts surveyed for the report were asked to estimate what percentage of annual revenues organisations lose to all types of fraud. They produced a median estimate of 5%, which, when applied to the 2013 estimated gross world product of $73.87 trillion, produces a projection of nearly $3.7 trillion lost to fraud worldwide.
The ACFE report is based on 1,483 cases of occupational fraud in more than 100 countries. Information on the cases was provided by the certified fraud examiners (CFEs) who investigated them.
Nearly half of the cases (48%) were in the US.
The study found that having anti-fraud controls resulted in earlier detection and lower losses. For example, frauds discovered through surveillance and monitoring produced the shortest median duration (nine months) and smallest median loss ($49,000) of the detection methods studied. The next four shortest fraud durations and lowest losses were also generated by proactive fraud discovery methods – account reconciliation, IT controls, internal audit and management review.
In contrast, fraud discoveries that did not result from organisational efforts – confession by the perpetrator, notification by law enforcement, external audit and by accident – lasted longer and cost more money. For example, frauds uncovered by accident had a median duration of 32 months, the longest in the study, while frauds that ended with law enforcement notification to the organisation produced the highest median loss – $1.25 million.
The study reaffirmed the benefits of fraud-reporting hotlines for organisations. Employee tips remain easily the most common method of exposing fraud – occurring in 42% of the cases studied, more than twice the rate of management reviews (16%) and internal audit (14%), which were second and third, respectively. For organisations with hotlines, tips were responsible for more than half the frauds (51%) detected.
Tips and management review were the top two fraud detection methods in each of the study’s nine regions – the US, sub-Saharan Africa, Asia-Pacific, Western Europe, Eastern Europe and Western/Central Asia, Canada, Latin America and the Caribbean, Southern Asia, and the Middle East and North Africa. Western Europe had the highest percentage of frauds detected by accident (10%) and notification from law enforcement (6%).
Importance of early detection
How beneficial is it to catch frauds early? Frauds detected in their first six months produced a median loss of $50,000. Frauds that lasted five or more years resulted in a median loss of nearly $1 million. Cheque tampering schemes were the frauds that avoided detection the longest, a median of 26 months. Payroll, financial statement fraud, expense reimbursement and billing schemes each had a median duration of 24 months.
The implementation of anti-fraud controls dramatically reduced the median duration and cost of the fraud schemes studied. The control that appears to do the best job at limiting the duration and cost of fraud was proactive data monitoring and analysis. Frauds at organisations with that control in place lasted half as long and cost 60% less than frauds at organisations without the control.
Big problems for small organisations
Fraud takes a disproportionate toll on small organisations, defined in the ACFE report as those with fewer than 100 employees. Small organisations were victimised in 29% of the frauds studied and incurred a median loss of $154,000. That compares to the largest organisations (those with 10,000 or more employees), which represented 19% of the cases examined and posted a median loss of $160,000.
One reason for the struggle of small organisations is that they often lack the resources to install as many controls as larger ones do. While two-thirds of organisations with at least 100 employees have a hotline, less than one-fifth of small organisations have one. Thus, while tips were responsible for 45.1% of frauds detected in larger organisations, tips accounted for 34% of fraud detections for small organisations. A similar disparity (16.5% to 9.8%) was evident with internal audit as well.
Small organisations also are much less likely than larger organisations to have external audit and management certification of financial statements, codes of conduct, internal audit departments, fraud training, management review procedures, anti-fraud policies and a dedicated fraud department, function or team. While some controls are cost prohibitive to install, small organisations can implement others, such as codes of conduct, anti-fraud policies and training, and management review procedures, for relatively little money.
Small organisations also were much more likely than larger ones to experience certain types of fraud. For example, cheque tampering schemes took place in 22% of the small business cases, as opposed to 7% of cases for organisations with more than 100 employees. Payroll and cash larceny schemes also occurred more than twice as often in small organisations as in large ones.
Another reason the prevention and early detection of fraud is crucial is that the recovery of fraud losses is rare. No funds were recovered in 58% of the frauds studied in the 2014 report, up from 49% in 2012. Full fund recovery took place in only 13.6% of the cases, down from 15.8%.
Types of fraud
The report classifies fraud into three main categories: asset misappropriations, corruption and financial statement fraud. Asset misappropriations, which include the theft and misuse of cash and inventory, are the most common but the least costly, accounting for 85% of the frauds studied, with a median loss of $130,000. Financial statement frauds were the least common but most costly, representing 9% of cases and a median loss of $1 million. Corruption cases, which include bribery and extortion schemes, among others, accounted for 37% of the cases and produced a median loss of $200,000.
The Middle East and North Africa region had the highest rate of reported corruption cases, followed by sub-Saharan Africa. The report doesn’t say which regions had the highest rates of the other two fraud categories.
About 30% of the reported fraud cases involved more than one of the three main fraud types. Some frauds were more likely to be run in tandem with another fraud type. For example, in 80% of cash-on-hand misappropriations and 76% of financial statement frauds and expense reimbursement schemes, the fraudster was also running another type of fraud. In more than half of financial statement frauds, the perpetrator also was engaging in corruption.
Private and publicly traded companies accounted for two-thirds of the frauds studied, and they also suffered the highest median losses. Government (15%) and not-for-profits (11%) accounted for far fewer cases and absorbed much smaller median losses.
The industries with the highest incidents of fraud were banking and financial services, and government and public administration. The largest median losses were incurred by companies in the mining, real estate and oil and gas sectors.
Within organisations, seven departments accounted for 5% or more of fraud cases – accounting, operations, sales, executive/upper management, customer service, purchasing and finance. While accounting led the way, its percentage of fraud cases dropped five percentage points to 17% in 2014 from 22% in the 2012 and 2010 reports.
The amount of fraud losses generally rose with the rank of the fraud’s perpetrator. Owners and executives accounted for 19% of the cases but inflicted a median loss of $500,000. Managers committed 36% of the frauds, causing a median loss of $130,000. Employees were responsible for 42% of the fraud cases, but the median loss was relatively small at $75,000.
Fraud losses also rose dramatically with the number of people involved. While the median loss of one-person frauds was $80,000, the loss total jumped to $200,000 for two participants, $355,000 for three participants and more than $500,000 when at least four people were working together to circumvent financial controls and avoid detection.
More than half of the frauds were perpetrated by people between the ages of 31 and 45. Older fraudsters caused higher losses, however, in part because they were more likely to hold owner and executive positions than their younger counterparts.
Men were responsible for two-thirds of the fraud in the study, but the percentages varied widely by region. Women accounted for more than 45% of the frauds in the US and Canada but less than 30% in each of the other regions. Men committed more than 90% of the frauds in Southern Asia and the Middle East and North Africa, and 85% in Western Europe.
Men who committed fraud tended to hold higher positions than women in their organisations. Those men also produced higher median losses ($185,000 to $83,000).
About 83% of the executives and owners who committed fraud were men, and they produced a median loss of $600,000. Men also were much more likely to be involved in corruption and financial statement fraud schemes than women were.
Only 7% of perpetrators began their fraud schemes during their first year with an organisation. More than half of the fraudsters launched their schemes after being with their organisation at least six years, while 41% started their fraud during years one through five on the job.
Most of the fraudsters in the study didn’t have glaring red flags in their past that could have been spotted during the hiring process. Only 5% of the perpetrators had been convicted of a fraud-related offence, while fewer than 10% had ever been punished or fired for fraud-related conduct.
However, more than 90% of the fraud perpetrators displayed at least one red flag while they were committing their fraud. The most common sign of fraud was the perpetrator living beyond his or her means. Financial difficulties were another common sign, especially with women.
—Jeff Drew (email@example.com) is a CGMA Magazine senior editor.