Most Organizations Deny Prevalence of Fraud

At a loss of more than $6 billion annually, experts have found fraud occurs in most organizations, but 80% of respondents to a recent survey by ACL believe their organization has “medium to no” exposure.

The 2017 Fraud Survey of more than 500 professionals in the United States and Canada found that “alternative facts” extend to the mentality among many businesses.

“As the phenomena of ‘fake news’ and ‘alternative facts’ permeate the U.S. landscape, it is interesting to see how disconnected many executives are from the true prevalence of fraud and corruption in their organizations,” said Dan Zitting, chief product officer at ACL, a risk management software provider. He added that companies increasingly discover they have had “numerous instances of potential fraud” that need to be investigated.

Almost two-thirds of respondents (63%) also said that most instances of fraud committed in their organizations are not detected, and more than 75% said that at least some of the fraud that is detected goes unreported.

Respondents noted that a company’s fraud experts can feel pressure from senior leaders, direct managers and even peers to suppress or alter their fraud findings. While the existence of internal pressure is no surprise to most, the survey confirmed that pressure from all sides makes fraud harder to overcome.

“As long as companies refuse to admit that fraud exists, the fraud will continue,” Zitting said. “As unscrupulous employees and vendors realize the company’s ignorance, the problem has great potential to grow.”

According to ACL:
2017 Fraud Survey Results

Fraud Incidents Rise in 2016, Kroll Finds

Reports of fraud have risen in the past year. In fact, incidences of every type of fraud have reached double-digit levels, according to the Kroll Global Fraud & Risk Report 2016/2017. Overall, 82% of executives reported falling victim to at least one instance of fraud in the past year, up from 75% in 2015.

Theft of physical assets remained the most prevalent type of fraud in the last year, reported by 29% of respondents, up 7 percentage points from 22% of respondents in the last survey. Kroll reported that vendor, supplier, or procurement fraud (26%) and information theft, loss, or attack (24%) were the next two most common types of fraud cited, each up 9 percentage points year-over-year.

Kroll found that most threats come from within an organization, with current and ex-employees being the most frequently cited perpetrators of fraud, cyber, and security incidents over the past 12 months. External parties were also identified as active perpetrators.

In the United States:
Kroll-fraud

• On the complexity of fraud risks, the majority (60%) of executives who reported suffering fraud incidents identified some combination of perpetrators, including current employees, ex-employees, and third parties, with almost half (49%) involving all three groups.

• Almost four in 10 respondents (39%) who were victims experienced fraud perpetrated by a junior employee, 30% by senior or middle management, 27% by ex-employees, and 27% by freelance/temporary employees. Agents and/or intermediaries were also cited by 27% of respondents as involved in carrying out fraud.

• Insiders were cited as the main perpetrators of fraud, and also identified as the most likely to discover it. Almost half (44%) of respondents said that recent fraud had been discovered through a whistleblowing system and 39% said it had been detected through an internal audit.

Among anti-fraud measures, the widest adoption—reported by 82% of executives surveyed—focused on information, such as IT security and technical countermeasures. The converse of the finding is concerning: nearly one out of five respondents (18%) have not adopted such protections.
kroll fraud risk

According to the report:

80% of respondents in the U.S. experienced fraud in the past 12 months, an increase of 5 percentage points on the previous year. This figure is 2 percentage points below the reported global average of 82%. Intellectual property (IP) theft, piracy, or counterfeiting is a clear threat to companies in the U.S., which was reported by just over a quarter (27%) of U.S. participants, almost twice the reported global average. The U.S. was the only country where IP theft was the most common type of fraud reported. Information theft, loss, or attack was the second most mentioned type of fraud impacting companies in the U.S., followed by conflicts of interest in the management team. The main perpetrators of fraud were reported to be insiders. Where fraud had been discovered, 36% of executives in the U.S. reported that junior employees were responsible, and 32% named senior or middle management. Respondents in the U.S. were most likely to have adopted IT security measures, followed by financial controls and asset security as their top three ways to mitigate fraud risk. In the U.S., the most common way fraud was detected was not through a whistle-blower, as it was for most of the other countries surveyed, but through an internal audit. Nearly half (49%) of U.S. participants said it was the most common detection mechanism.

Best Practices for Protecting Against Fraud

detecting fraud

In 1987, during arms control negotiations between the United States and the USSR, President Ronald Reagan popularized the phrase “trust but verify.” The maxim is pithy and oft-quoted, but for companies looking to mitigate risk and financial fraud, it should be reworded slightly to “Verify and monitor continuously.”

Fraud is often hard to detect—the Association of Certified Fraud Examiners (ACFE) estimates that the average fraud goes undetected for years. Some of the largest and most damaging frauds, including Bernie Madoff and Allen Stanford, spanned a decade or more. Fraud is also costly; it is estimated that U.S. businesses lose 7% of annual revenues to fraud, and it is responsible for one out of three business failures. The financial implications of fraud are bad enough, but reputational damage can be equally harmful.

Fraud is a potential danger for companies in all industries. In a survey my firm conducted in 2012, nearly 40% of private equity firms said they had experienced fraud. The statistics are sobering, but there is much that companies can do to protect themselves.

The biggest trend we are seeing is that corporate boards are implementing a tip line, which is a great way for employees and others to anonymously report wrongdoing. ACFE studies show 42% of frauds are uncovered through hotlines. You want employees to come forward and tell you what is wrong to give CEOs a chance to fix it. The average EEOC complaint costs between $50,000 and $100,000 in legal fees to settle, not to mention the potential damage to morale and reputation—wouldn’t you want a heads up to fix it before it gets to that?

Instituting rigorous hiring practices, including screening temps and contract workers, is another important tool in preventing fraud. It is not realistic to have the same level of scrutiny for an entry-level employee as you would for a senior executive, but the best way to avoid fraud is by carefully culling the bad apples before they are hired. Look for criminal or regulatory issues, limited references, job-hopping, trouble making eye contact and a pattern of lawsuits. A number of our clients have begun to ask us to vet their information technology hires. The IT department has access to the most sensitive files and so it is imperative to investigate potential hires in that department.

Every firm should also have a code of conduct, which describes the culture of a company and what is expected of each employee in terms of actions and conduct. Each company is different, but some rules are universal: sexual harassment cannot be tolerated; discrimination against anyone based on color or religion is strictly forbidden; the workplace should be free of illicit drugs and alcohol; and employees cannot accept gifts from customers or vendors. Consequences for violating any of these codes should be clearly spelled out.

A system of basic financial checks and balances is another way to protect against fraud. Even in smaller firms, the same person should not be in charge of both accounts payable and accounts receivable. Larger payments from the company should be signed by two executives. Regular meetings should be arranged with IT officials to insure that cyber-crime is being monitored at all times. Also, consider installing security cameras to serve as a deterrent for rogue employees.

In the wake of the Madoff scandal, the role of compliance officers has taken on greater importance. Compliance officers often have a seat at the C-level table and are valuable in helping companies to stay on the right side of regulations. As discussed, however, the best way to prevent fraud is by having several layers of protection.

Preventing fraud is an ongoing endeavor that requires a commitment to maintaining vigilance each day. Some red flags are easier to spot than others. Some of the most common “tells” of disgruntled or risky employees who may commit fraud include:

  • Living beyond their means
  • Financial difficulties
  • Too-close relationships with customers or vendors
  • Secretiveness
  • Drug or alcohol problems
  • Major stressors, like family problems, including divorce and bankruptcies

In the event that fraud is suspected, every company needs to have a playbook to help guide their actions. This should include having a process to address a tip or complaint, leveraging the expertise of investigators and attorneys and following a plan that keeps the company operating with minimum disruption.

The vast majority of companies prefer to keep things quiet and resolve matters in a private setting. No company wants to have one of its employees be the subject of a “perp walk,” where the alleged offender is shown by the media in handcuffs accompanied by police on their way to being charged.

The surge in cyber-crime is proof that fraud never truly disappears; it just changes shape and form. Therefore, it is up to each company to become a hardened target and make fraudsters want to look for an easier mark.

Smaller Companies More Vulnerable to Employee Theft

It stands to reason that larger organizations would be more at risk of embezzlement by employees, but the reverse has been shown to be the case. Organizations with fewer than 150 employees are particularly at risk, accounting for 82% of all embezzlement cases, HiscoxHiscox2 found in its new report, Embezzlement Study: A report on White Collar Crime in America. Smaller organizations with tight-knit workforces are particularly vulnerable because of the trust and empowerment given to employees.

Incorporating employee theft cases active in the U.S. federal court system in 2015, the study found that 69% represented companies with less than 500 employees. Perpetrators are often “regular people who are smart, well-liked, and those you’d least expect to steal,” according to Hiscox. How does a trusted employee become a criminal? Motivations can range from financial pressure to a belief that they are underpaid by the company.

Employees with more tenure, access and control over finances are found to take the largest amounts. While the type of fraud can vary by industry, what is consistent is access to funds. In fact, managers were found more likely to steal than other employees.

Hiscox3

For the second year in a row, the greatest number of cases, 17%, was in the financial services industry and second was nonprofits at 16%. Labor unions ranked third, followed by real estate/construction. The largest scheme was a $16.7 million loss in Texas; followed by ones in Connecticut at $9 million, Ohio at $8.7 million and Utah at $4 million.

Hiscox4

Schemes include taking cash or bank deposits, forging checks, fraudulent credit card use, fake invoices and false billing of vendors and payroll fraud.

Companies can protect themselves in a number of ways, including putting checks and balances in place, performing background checks on employees who handle money and teaching employees how to detect fraud, according to Hiscox.

Hiscox5

The study findings also include:

Hiscox