13 June 2010

5% of annual revenue—that’s the estimate of how much money the typical organization loses to fraud, according to participants in the 2010 Report to the Nations on Occupational Fraud and Abuse.

I am a few hours away fro leaving for the National Retail Federation’s Loss Prevention Show in Atlanta this week and I was reading the 2010 Report to the Nations on Occupational Fraud and Abuse from one of my favorite organizations that I am a member the Association of Certified Fraud Examiners (ACFE). 

The report, prepared by the ACFE, an international organization of more than 50,000 fraud examiners, CPAs, law enforcement professionals, government officials and others, examines a wide swath of business-related fraud in an effort to pinpoint problems and highlight solutions. The fraud cases at issue in the report lasted a median 18 months before being detected. While million-dollar-plus financial statement frauds made up a small percentage of the crimes, the majority were less complex asset misappropriation cases involving billing, check tampering, payroll and expense report schemes.



A few of the key findings are: 
  • Survey participants estimated that the typical organization loses 5% of its annual revenue to fraud. Applied to the estimated 2009 Gross World Product, this figure translates to a potential total fraud loss of more than $2.9 trillion. 
  • The median loss caused by the occupational fraud cases in our study was $160,000. Nearly one-quarter of the frauds involved losses of at least $1 million. 
  • The frauds lasted a median of 18 months before being detected. 
  • Asset misappropriation schemes were the most common form of fraud in our study by a wide margin, representing 90% of cases — though they were also the least costly, causing a median loss of $135,000. Financial statement fraud schemes were on the opposite end of the spectrum in both regards: These cases made up less than 5% of the frauds in the study, but caused a median loss of more than $4 million — by far the most costly category. Corruption schemes fell in the middle, comprising just under one-third of cases and causing a median loss of $250,000.  
  • Occupational frauds are much more likely to be detected by tip than by any other means. This finding has been consistent since 2002 when they began tracking data on fraud detection methods. 
  • Small organizations are disproportionately victimized by occupational fraud. These organizations are typically lacking in anti-fraud controls compared to their larger counterparts, which makes them particularly vulnerable to fraud.
  • Anti-fraud controls appear to help reduce the cost and duration of occupational fraud schemes. They looked at the effect of 15 common controls on the median loss and duration of the frauds.
  • Victim organizations that had these controls in place had significantly lower losses and time-to-detection than organizations without the controls. 
  • More than 80% of the frauds in the study were committed by individuals in one of six departments: accounting, operations, sales, executive/upper management, customer service or purchasing. 
  • More than 85% of fraudsters in the study had never been previously charged or convicted for a fraud-related offense. This finding is consistent with their prior studies. 
  • Fraud perpetrators often display warning signs that they are engaging in illicit activity.  The most common behavioral red flags displayed by the perpetrators in our study were living beyond their means (43% of cases) and experiencing financial difficulties (36% of cases).

Conclusions and Recommendations 

  • Occupational fraud is a global problem. Though some of their findings differ slightly from region to region, most of the trends in fraud schemes, perpetrator characteristics and anti-fraud controls are similar regardless of where the fraud occurred. 
  • Fraud reporting mechanisms are a critical component of an effective fraud prevention and detection system. Organizations should implement hotlines to receive tips from both internal and external sources. Such reporting mechanisms should allow anonymity and confidentiality, and employees should be encouraged to report suspicious activity without fear of reprisal. 
  • Organizations tend to over-rely on audits. External audits were the control mechanism most widely used by the victims in our survey, but they ranked comparatively poorly in both detecting fraud and limiting losses due to fraud. Audits are clearly important and can have a strong preventative effect on fraudulent behavior, but they should not be relied upon exclusively for fraud detection. 
  • Employee education is the foundation of preventing and detecting occupational fraud.  Staff members are an organization’s top fraud detection method; employees must be trained in what constitutes fraud, how it hurts everyone in the company and how to report any questionable activity. Their data show not only that most frauds are detected by tips, but also that organizations that have anti-fraud training for employees and managers experience lower fraud losses.  
  • Surprise audits are an effective, yet underutilized, tool in the fight against fraud. Less than 30% of victim organizations in our study conducted surprise audits; however, those organizations tended to have lower fraud losses and to detect frauds more quickly.  Very good news for ReTel Technologies, Inc. The company I am going to Atlanta with for the NRF show.  The report went on to say while surprise audits can be useful in detecting fraud; their most important benefit is in preventing fraud by creating a perception of detection. Since, I have been saying this for years I found it very interesting.  Generally speaking, occupational fraud perpetrators only commit fraud if they believe they will not be caught. The threat of surprise audits increases employees’ perception that fraud will be detected and thus has a strong deterrent effect on potential fraudsters. 
  • Internal controls alone are insufficient to fully prevent occupational fraud. Though it is important for organizations to have strategic and effective anti-fraud controls in place, internal controls will not prevent all fraud from occurring, nor will they detect most fraud once it begins.
  • Fraudsters exhibit behavioral warning signs of their misdeeds. These red flags — such as living beyond one’s means or exhibiting control issues — will not be identified by traditional controls. Auditors and employees alike should be trained to recognize the common behavioral signs that a fraud is occurring and encouraged not to ignore such red flags, as they might be the key to detecting or deterring a fraud.
After reading all of this I expect to have a great show.  Stop by booth 1140 if you are in Atlanta this week.  

Download your own copy of the ACFE report at http://www.acfe.com/rttn/2010-rttn.asp  


Learn more about ReTel Technologies Security Policy & Procedure Auditing, EAS Event-Driven Verification, Performance Standards Verification, On-Demand Investigations, Operational Auditing and      Consumer Insights at ReTel Technologies Website’s: http://www.reteltechnologies.com/

Physical Security Talking Points and Fraud

When discussing physical security, there are several important talking points to consider. Here are some key points to include: Risk Assessm...