Most Organizations Deny Prevalence of Fraud

At a loss of more than $6 billion annually, experts have found fraud occurs in most organizations, but 80% of respondents to a recent survey by ACL believe their organization has “medium to no” exposure.

The 2017 Fraud Survey of more than 500 professionals in the United States and Canada found that “alternative facts” extend to the mentality among many businesses.

“As the phenomena of ‘fake news’ and ‘alternative facts’ permeate the U.S. landscape, it is interesting to see how disconnected many executives are from the true prevalence of fraud and corruption in their organizations,” said Dan Zitting, chief product officer at ACL, a risk management software provider. He added that companies increasingly discover they have had “numerous instances of potential fraud” that need to be investigated.

Almost two-thirds of respondents (63%) also said that most instances of fraud committed in their organizations are not detected, and more than 75% said that at least some of the fraud that is detected goes unreported.

Respondents noted that a company’s fraud experts can feel pressure from senior leaders, direct managers and even peers to suppress or alter their fraud findings. While the existence of internal pressure is no surprise to most, the survey confirmed that pressure from all sides makes fraud harder to overcome.

“As long as companies refuse to admit that fraud exists, the fraud will continue,” Zitting said. “As unscrupulous employees and vendors realize the company’s ignorance, the problem has great potential to grow.”

According to ACL:
2017 Fraud Survey Results

Companies Failing to Use Technology to Fight Fraud

While an increasing number of malicious actors are using technology to perpetrate fraud, the vast majority of companies are not using the technological resources available to fight it. According to KPMG’s new report Global Profiles of the Fraudster, technology significantly enabled 29% of the 110 fraudsters analyzed in North America and 24% of the 750 fraudsters analyzed worldwide. What’s more, 25% of frauds that hinged on the use of technology were detected by accident rather than safeguards or analytics, compared to just 10% spotted by accident in cases where the criminals did not use technology.

Indeed, proactive data analytics was not the primary means of detection in any North American cases and was only used to detect 3% of fraudsters worldwide. In North America, the most common means of detecting fraud were: tip offs and complaints, management review, accidentally, suspicious superiors and internal audit.

KPMG found that weak internal controls contributed to 59% of frauds in North America. Companies are failing to focus on strengthening controls, the firm reported, despite the increasing threat of newer types of frauds, such as cyber fraud and continued traditional forms of wrongdoing.

“In addition to ensuring internal controls are thoughtfully designed, companies should deploy effective training and instill a culture of integrity so that controls are properly executed,” said Phillip Ostwalt, partner and Global Investigations Network Leader at KPMG LLP. “Companies should also adopt new controls as their risk profiles change. Ongoing risk assessments can help cost-constrained companies ensure they are properly investing in such controls.”

Who are these fraudsters?

  • 65% are between ages 36 and 55
  • 39% are employed by the victim organization for over six years, most in operations, finance or office of the chief executive
  • 42% operate in groups and 52% of collusive frauds involved external parties

Check out the infographic below for more of the study’s findings:

Profiles of the Fraudster InfographicFraudster Infographic Women

Companies Ignore Whistle-blower Protections

Whistle-blowers are in the news more and more, but some organizations don’t seem to have caught up with the trend, or the fact that retaliation is illegal. They don’t seem to realize that negative reactions to a whistle-blower can make them look petty—and guilty.

Take two front page stories in our area newspaper on the same day this week. Both were about whistle-blowers who put their jobs on the line to come forward. One was fired, the other was suspended and later resigned.

In one case, The Journal News reported, a member of a New York town’s financial staff, the supervisor of fiscal services for more than 10 years, testified at a hearing that she notified several of her superiors that the town’s revenue projections were overestimated—on a financial statement needed for a bond application. She also reported improper money transfers—one made to the town supervisor. The woman was ignored, told to keep quiet, and eventually fired.

Not only did the town officials make no move to right the wrongs she reported to them, one official denied ever being told of potential corruption or fraud. Meanwhile, the town, which is also being investigated by the FBI, has filed perjury and other charges against this former employee.

The second newspaper article is about a former security expert at the Indian Point nuclear power plant in New York. Because he feared the plant was vulnerable to a terrorist attack, he voiced his concerns to supervisors. In June he was suspended.

He filed a 76-page lawsuit in the U.S. District Court alleging misconduct and retaliation against him. The Indian Point employee alleged that security was inadequate and that documents and internal reports were falsified.

Unfortunately these sound like other stories in the news over the past few years following the financial crisis. At Lehman Brothers, the company’s chief risk officer, Madelyn Antoncic warned Dick Fuld, the CEO, that their risk in mortgage-backed security bets was too great. Her warnings were ignored. Her reward was to be fired.

The knee-jerk reaction of many organizations seems to be; get rid of the employee, blame the employee and then go to court. It appears that the whistle-blower protections under the Dodd-Frank Act, such as prohibiting retaliation against whistle-blowers, is still a mystery to some organizations.

Fraud experts contend that the burden is on the organization to see that employees are comfortable in coming forward and that their concerns are addressed. They advise companies to have hotlines available for employees to provide whistle-blower tips—and to act on those tips.

Whether or not a company is guilty of fraud, firing an employee for coming forward can make the organization look guilty and cause a whole host of other problems, including risk to the company’s reputation. Public entities and corporations would do well to study Dodd-Frank and put a plan in place before an employee does come forward. Have organizations learned nothing from Watergate? The cover-up always leads to exposure of the crime.