insight magazine

Ethics Engaged | Fall 2024

Essential Fraud-Fighting Strategies That Promote Ethics and Trust

With these proper controls in place, your organization can prevent, detect, and reduce fraudulent activities.
Elizabeth Pittelkow Kittner CFO, GigaOm


Every couple of years, the Association of Certified Fraud Examiners (ACFE) researches and publishes a report on the patterns of fraud cases worldwide to help organizations influence their fraud risk assessments and identify techniques to help detect and prevent fraud.

According to its latest report, “Occupational Fraud 2024: A Report to the Nations,” most frauds reviewed involved asset misappropriation (89%), with a median loss of $120,000, and 48% involved corruption, with a median loss of $200,000. While financial statement fraud represented only 5% of the reviewed cases, this category accounted for the highest median loss of $766,000. Interestingly, only 1% of cases involved financial statement fraud alone, which means the perpetrators were more often than not also committing misappropriation or corruption.

The ACFE report also found that over 50% of occupational frauds happen due to either the absence of internal controls (32%) or overriding controls in place (19%). In terms of dollars, frauds perpetuated by boards of directors or executives/upper management accounted for the highest median losses, $800,000 and $793,000 respectively. In addition, a poor ethical tone at the top also contributed to these losses.

Perpetrators of fraud generally look to hide their evidence by creating fraudulent physical or electronic documents; altering physical or electronic documents; destroying documents; or working in the accounting system to create, alter, or delete fraudulent transactions.

Fortunately, when organizations put proper controls into place, they are more likely to remove or reduce fraudulent acts. Here are some strategies that organizations can implement now that may help.

STRATEGIES FOR FIGHTING FRAUD

For promoting an ethical tone at the top, controls like publishing a code of conduct, asking for feedback from employees throughout the organization about leadership, and asking leaders to commit to—and regularly discuss—the organization’s corporate values and ethics policies are all helpful approaches.

Beyond the organization’s leadership, other fraud prevention and detection methods include:

  • Encouraging tips.
  • Implementing internal audits.
  • Conducting management reviews.
  • Examining documents.
  • Reconciling accounts.
  • Conducting background checks for new hires (where permitted by law).
  • Implementing employee mental health and support programs.
  • Promoting open communication among colleagues and stakeholders.

Interestingly, the ACFE report suggests there is an association between fraud losses and the existence of reporting mechanisms and fraud awareness training. For example, tips are twice as likely to be reported from people who went through fraud awareness training compared to those in the organization who did not. Organizations that did not conduct fraud awareness training experienced almost two times more loss in fraud impact dollars. When just looking at nonprofit organizations, those that offered fraud awareness training found fraud more than 2.5 times quicker than organizations that did not offer fraud awareness training.

THE IMPORTANCE OF WHISTLEBLOWERS

Whistleblowers play an important role in identifying fraudulent behavior within organizations. In fact, according to the ACFE report, whistleblowers accounted for 43% of initial fraud detection and represented the most common way fraud was identified. Additionally, tips are the best fraud detection method, with more than 50% of tips coming from employees, 32% coming from customers and vendors, and 15% arriving anonymously.

Organizations can encourage whistleblowing behavior by:

  • Implementing a clear whistleblower policy. This policy should describe procedures for reporting misconduct, include a description of some of the items that should be reported, and outline whistleblower protections.
  • Employing multiple reporting methods. Organizations should offer several ways to report misconduct, such as anonymous forms, email addresses, and third-party services.
  • Celebrating successes with reporting. It is important for organizations to recognize when feedback has led to positive change, and they should share these successes with the wider organization.

THE ETHICS OF WHISTLEBLOWING

The AICPA Professional Ethics Executive Committee published “Responding to Noncompliance With Laws and Regulations,” which includes guidelines for members to consider when contemplating whistleblowing.

For members subject to the AICPA Code of Conduct, it is important to think through how noncompliance with laws and regulations impacts the Integrity and Objectivity Rule [1.100.001], Compliance With Standards Rule [1.310.001], and Confidential Client Information Rule [1.700.001]. Paragraph .04 of 1.180.010 states: “Some regulators, such as the SEC [U.S. Securities and Exchange Commission] or state boards of accountancy, may have regulatory provisions governing how a member should address noncompliance or suspected noncompliance which may differ from or go beyond this interpretation. In some circumstances, state and federal civil and criminal laws may also impose additional requirements. When encountering noncompliance or suspected noncompliance, a member has a responsibility to obtain an understanding of those legal or regulatory provisions and comply with them, including any requirement to report the matter to an appropriate authority and any prohibition on alerting the client prior to making any disclosure.”

For members in business subject to the AICPA Code of Conduct, it is important to consider how noncompliance with laws and regulations impacts the Integrity and Objectivity Rule [2.100.001], Confidential Information Obtained From Employment or Volunteer Activities Rule [2.400.001], and the Acts Discreditable Rule [2.400.001]. Paragraph .04 of 2.180.010 states: “Some regulators, for example, the SEC or state boards of accountancy, may have regulatory provisions governing how a member should address noncompliance or suspected noncompliance which may differ from or go beyond this interpretation. In some circumstances, state and federal civil and criminal laws may also impose additional requirements. When encountering noncompliance or suspected noncompliance, a member has a responsibility to obtain an understanding of those legal or regulatory provisions and comply with them, including any requirement to report the matter to an appropriate authority and any prohibition on alerting the relevant party prior to making any disclosure.”

IS WHISTLEBLOWING SAFE?

Overall, there are numerous protections in place for whistleblowers. For example, legal frameworks and professional groups have their own protections through the Sarbanes-Oxley Act of 2002, which offers protection from retaliation to employees of public companies who report fraud. The IRS also has a whistleblower program, which includes protections against retaliation and has paid out $1.2 billion dollars to whistleblowers since 2007.

Additionally, the Dodd-Frank Wall Street Reform and Consumer Protection Act created a whistleblower program that rewards people who provide the SEC and Commodity Futures Trading Commission (CFTC) with information about securities law violations. At the end of fiscal year 2023, close to $2 billion dollars had been awarded to almost 400 whistleblowers through the SEC award program. The CFTC program has awarded approximately $370 million dollars to whistleblowers.

As accountants and leaders of organizations, we have a responsibility to conduct ourselves ethically, serve the public interest, and promote trust. If you are part of an organization where you can influence policy, determine how you can help put these effective fraud prevention and detection mechanisms into place, including encouraging and protecting whistleblowers.

Related Content:



Leave a comment