Every couple of years, the Association of Certified Fraud Examiners (ACFE) researches and publishes a report on the patterns of fraud cases worldwide to help organizations influence their fraud risk assessments and identify techniques to help detect and prevent fraud.
According to its latest report, “Occupational Fraud 2024: A Report to the Nations,” most frauds reviewed involved asset misappropriation (89%), with a median loss of $120,000, and 48% involved corruption, with a median loss of $200,000. While financial statement fraud represented only 5% of the reviewed cases, this category accounted for the highest median loss of $766,000. Interestingly, only 1% of cases involved financial statement fraud alone, which means the perpetrators were more often than not also committing misappropriation or corruption.
The ACFE report also found that over 50% of occupational frauds happen due to either the absence of internal controls (32%) or overriding controls in place (19%). In terms of dollars, frauds perpetuated by boards of directors or executives/upper management accounted for the highest median losses, $800,000 and $793,000 respectively. In addition, a poor ethical tone at the top also contributed to these losses.
Perpetrators of fraud generally look to hide their evidence by creating fraudulent physical or electronic documents; altering physical or electronic documents; destroying documents; or working in the accounting system to create, alter, or delete fraudulent transactions.
Fortunately, when organizations put proper controls into place, they are more likely to remove or reduce fraudulent acts. Here are some strategies that organizations can implement now that may help.
For promoting an ethical tone at the top, controls like publishing a code of conduct, asking for feedback from employees throughout the organization about leadership, and asking leaders to commit to—and regularly discuss—the organization’s corporate values and ethics policies are all helpful approaches.
Beyond the organization’s leadership, other fraud prevention and detection methods include:
Interestingly, the ACFE report suggests there is an association between fraud losses and the existence of reporting mechanisms and fraud awareness training. For example, tips are twice as likely to be reported from people who went through fraud awareness training compared to those in the organization who did not. Organizations that did not conduct fraud awareness training experienced almost two times more loss in fraud impact dollars. When just looking at nonprofit organizations, those that offered fraud awareness training found fraud more than 2.5 times quicker than organizations that did not offer fraud awareness training.
Whistleblowers play an important role in identifying fraudulent behavior within organizations. In fact, according to the ACFE report, whistleblowers accounted for 43% of initial fraud detection and represented the most common way fraud was identified. Additionally, tips are the best fraud detection method, with more than 50% of tips coming from employees, 32% coming from customers and vendors, and 15% arriving anonymously.
Organizations can encourage whistleblowing behavior by:
The AICPA Professional Ethics Executive Committee published “Responding to Noncompliance With Laws and Regulations,” which includes guidelines for members to consider when contemplating whistleblowing.
For members subject to the AICPA Code of Conduct, it is important to think through how noncompliance with laws and regulations impacts the Integrity and Objectivity Rule [1.100.001], Compliance With Standards Rule [1.310.001], and Confidential Client Information Rule [1.700.001]. Paragraph .04 of 1.180.010 states: “Some regulators, such as the SEC [U.S. Securities and Exchange Commission] or state boards of accountancy, may have regulatory provisions governing how a member should address noncompliance or suspected noncompliance which may differ from or go beyond this interpretation. In some circumstances, state and federal civil and criminal laws may also impose additional requirements. When encountering noncompliance or suspected noncompliance, a member has a responsibility to obtain an understanding of those legal or regulatory provisions and comply with them, including any requirement to report the matter to an appropriate authority and any prohibition on alerting the client prior to making any disclosure.”
For members in business subject to the AICPA Code of Conduct, it is important to consider how noncompliance with laws and regulations impacts the Integrity and Objectivity Rule [2.100.001], Confidential Information Obtained From Employment or Volunteer Activities Rule [2.400.001], and the Acts Discreditable Rule [2.400.001]. Paragraph .04 of 2.180.010 states: “Some regulators, for example, the SEC or state boards of accountancy, may have regulatory provisions governing how a member should address noncompliance or suspected noncompliance which may differ from or go beyond this interpretation. In some circumstances, state and federal civil and criminal laws may also impose additional requirements. When encountering noncompliance or suspected noncompliance, a member has a responsibility to obtain an understanding of those legal or regulatory provisions and comply with them, including any requirement to report the matter to an appropriate authority and any prohibition on alerting the relevant party prior to making any disclosure.”
Overall, there are numerous protections in place for whistleblowers. For example, legal frameworks and professional groups have their own protections through the Sarbanes-Oxley Act of 2002, which offers protection from retaliation to employees of public companies who report fraud. The IRS also has a whistleblower program, which includes protections against retaliation and has paid out $1.2 billion dollars to whistleblowers since 2007.
Additionally, the Dodd-Frank Wall Street Reform and Consumer Protection Act created a whistleblower program that rewards people who provide the SEC and Commodity Futures Trading Commission (CFTC) with information about securities law violations. At the end of fiscal year 2023, close to $2 billion dollars had been awarded to almost 400 whistleblowers through the SEC award program. The CFTC program has awarded approximately $370 million dollars to whistleblowers.
As accountants and leaders of organizations, we have a responsibility to conduct ourselves ethically, serve the public interest, and promote trust. If you are part of an organization where you can influence policy, determine how you can help put these effective fraud prevention and detection mechanisms into place, including encouraging and protecting whistleblowers.
