How to Fortify Your Organization Against Fraud

Elizabeth Pittelkow Kittner CFO, GigaOm
Exploring Ethics in Business & Finance Today

When we think of fraud and threats to our organizations, we usually think about outside perpetrators finding and preying upon our vulnerabilities. However, oftentimes the greatest threats are internal. Occupational fraud happens when employees perpetrate frauds against their own organizations. In fact, occupational fraud costs companies billions of dollars each year.

The Association of Certified Fraud Examiners (ACFE) report, “Occupational Fraud 2022: A Report to the Nations,” summarized 2,110 cases of occupational fraud in 133 countries. The total losses studied were more than $3.6 billion, with an average loss per case of $1,783,000. It is further estimated that organizations lose 5% of revenue to fraud each year. You may think that such fraud could only impact large organizations, but the ACFE report notes that organizations with fewer than 100 employees had the highest median loss of $150,000, while the largest organizations with more than 10,000 employees had a median loss of $138,000. While the loss figures are close, the impact to smaller organizations is more likely to feel even larger.

When we examine the research on occupational fraud, we can learn insights to help us put proper controls in place, so we can better prepare our organizations to both discourage fraudulent behaviors and find fraud faster when it does occur.

Some new concerns we need to be mindful of that were highlighted in the 2022 report include cryptocurrency considerations and effects of the pandemic. Some bribery and kickback payments were made in cryptocurrency, some conversion of misappropriated assets went into cryptocurrency, and some proceeds of fraud laundered used cryptocurrency. More than half (52%) of respondents said at least one pandemic-related factor existed in their fraud cases, pandemic-related organizational staffing changes being the most common.

One compelling revelation from the report is that 85% of fraudsters demonstrated behavioral red flags, with eight distinct behaviors being observed in 76% of cases: living beyond means, financial difficulties, unusually close association with vendor/customer, control issues, irritability, bullying, family problems, and “wheeler-dealer” attitude.

Respectively, living beyond means and financial difficulties have been the top two red flags in every ACFE fraud report published since 2008. However, additional red flags more common in the C-suite are noteworthy, including bullying or intimidation, control issues, wheeler-dealer attitude, excessive pressure from within the organization, and past legal problems.

Another interesting revelation is that the median losses caused by men ($125,000) was only 25% higher than the median losses caused by women ($100,000). In each of ACFE’s prior studies, median losses caused by men were at least 75% higher. The ratio of men fraudsters compared to female fraudsters continues to remain high, with 73% of perpetrators being male in the research.

The report also shows that fraudsters are colluding more now than 10 years ago. In 2012’s report, 58% of cases studied were perpetrated by just one perpetrator and 42% by more than one perpetrator; these statistics reversed in 2022’s report. One reason perpetrators may be acting together more may be to override controls in place.

Fraudsters who collude usually generate higher losses than those who act alone. The median losses for one, two, and three or more perpetrators, respectively, is $57,000, $145,000, and $219,000. Additionally, in approximately 50% of cases studied, fraudsters experienced negative HR issues prior to or during their frauds—fear of job loss, poor performance evaluations, and denied raise or promotion being the three most cited.

Control weaknesses are a significant contributor to occupational fraud. The most common failures include lack of internal controls, override of existing controls, and lack of management review. In other words, effective controls are key to preventing fraud. A few suggestions from the ACFE’s Fraud Prevention Checklist in the report include:

1. Hold ongoing anti-fraud training for employees: Employees need to know where to go for advice when they encounter uncertainty or unethical behavior in decision-making, and they need to feel that they can speak freely.
2. Implement effective fraud reporting mechanisms, like anonymous hotlines: Employees need to feel they can report activity anonymously, confidentially, and without fear of retaliation.
3. Perpetuate honesty and integrity at the top of the organization: Employees can be surveyed to see if they believe management is acting truthfully, ethically, and with accountability.
4. Enact an open-door policy that allows employees to speak freely about pressures: Employees should know who they can talk to within the organization to seek advice.
5. Conduct anonymous surveys to assess employee morale: Employees like to be heard and feel that their voices and contributions matter; organizations can take steps toward improving employee morale if they know it is an issue.

Backing the effectiveness of these tips is the fact that frauds are largely detected by employee tips or internal audits. Further, the faster the detection of fraud, generally the lower the loss. For example, passive detection, like by accident, via notification from law enforcement, and from confession, is usually slow and results in higher losses. Active detection methods, like automated transaction and data monitoring, statistically yields faster detection and lower losses. Organizations with effective, anonymous hotlines are more likely to detect fraud faster—70% of victim organizations within the ACFE research had hotlines, and losses were double at organizations without hotlines. Training on using hotlines and reporting fraud further increases the likelihood that frauds will be reported via tips.

Once an organization experiences fraud, it is more likely to modify its anti-fraud controls. The report showed 81% of organizations modified anti-fraud controls after fraud occurred. Organizations that experienced higher losses were also more likely to update their controls after experiencing fraud.

The ACFE’s report indicates that nearly half of frauds reviewed were preventable if effective controls existed. My recommendation is that you examine preventative and detective controls at least annually to ensure the appropriate policies, procedures, and protocols exist to protect your organization’s finances and reputation.