The average organization loses 5% of its annual revenues to fraud, according to the 2016 Report to the Nations on Occupational Fraud and Abuse published by the Association of Certified Fraud Examiners (ACFE). Bear in mind, that's the top line of your income statement, not the bottom. So, for every $1 million in annual revenue, your company is expected to lose an average of $50,000 to thieves.
Why It Pays to Be Proactive
The 2016 Report to the Nations on Occupational Fraud and Abuse reminds companies that their losses will generally be lower if they're proactive about detecting fraud, rather than reactive. Here are the median fraud losses from schemes that were detected using proactive methods:
Now, here is how the median fraud losses compare when management waited to react to fraud reports from external sources:
As these findings show, you can't afford to take a reactive stance in the fight against white collar crime. It's critical to fortify your defenses and teach employees about the latest fraud prevention and detection techniques.
Although small and large companies suffered the same median fraud losses ($150,000) in the latest fraud study, a small business often feels the effects of fraud losses more profoundly than a larger organization. Moreover, the ACFE reports that white collar crime tends to be more common among smaller businesses. Small organizations (with fewer than 100 employees) were the most common victims in the 2016 study, at approximately 30%, while large organizations (with more than 10,000 employees) accounted for the fewest cases, at 20.5%.
Proactive business owners take steps to minimize their fraud risks. The ACFE has established a weeklong campaign during the third week of November to promote antifraud efforts. You can jump on the bandwagon by initiating a fraud awareness campaign at your workplace. Here are some simple ideas.
Visit the ACFE's Website
Educating employees about fraud prevention and detection techniques doesn't necessarily have to be costly or time consuming. In fact, the ACFE offers free resources that managers and owners can download quickly, such as:
You can even sign up as an official supporter of International Fraud Awareness Week, which runs from November 13 – 19, 2016.
Review Your Internal Controls
Chances are good that your company already has policies and procedures in place to prevent and detect fraud. Together, these antifraud efforts are known as your internal control system. International Fraud Awareness Week is a good time to pause and reflect on your internal controls. Ask your management team: Are our existing internal controls adequate based on today's global, technology-driven marketplace? And how could we make them stronger?
The Committee of Sponsoring Organizations of the Treadway Commission (COSO), a joint initiative of five private sector accounting and finance organizations, lists five components of effective internal control systems:
1. Control environment. The ethical tone that management sets filters down the organizational chart. Relevant factors in the control environment include the integrity, ethical values, management operating style and delegation of authority.
2. Risk assessment. Companies should continually evaluate external threats and internal weaknesses. Once they've been identified, threats and weaknesses need to be eliminated — or at least reduced and monitored.
3. Information and communication. Strong controls allow employees to identify, capture and exchange information. Effective communication ensures information flows to the right people inside and outside the organization.
4. Control activities. Strong systems include formal policies and procedures to ensure management's directives are carried out. Examples of control activities include authorization of transactions, accounting reconciliations, supervisory reviews of operating performance, physical security of assets and segregation of duties.
5. Monitoring. Risk factors continually change. Management should frequently review and improve antifraud control performance.
COSO recommends that companies design their antifraud controls "to provide reasonable assurance [of] the achievement of objectives in the effectiveness and efficiency of operations, reliability of financial reporting, and compliance with laws and regulations." A strong internal controls program — including fraud prevention and detection training, proactive data monitoring and analysis, employee support groups, management review, and whistleblower hotlines — can be essential in preventing and detecting fraud.
Get Professional Help
Your accountant and attorney are allies in the fight against white collar crime. In fact, many companies solicit outside help with fraud awareness training. A forensic specialist can present on warning signs and real-life horror stories during internal fraud training sessions. He or she also can help the management team perform a formal fraud risk assessment that identifies weaknesses in your internal controls and recommends possible fixes.
If you suspect fraudulent activities, a forensic specialist can discreetly review your books and records in an agreed-upon-procedures engagement. If fraud is unearthed, he or she can expand the scope of the engagement into a full-blown fraud investigation.
Outside fraud examiners are often more efficient than insiders when it comes to investigating fraud, because they're disinterested third parties with no emotional attachments or preconceived notions about the accused. In addition, they're experienced in common fraud scams and know where to look for evidence. Forensic accountants and attorneys also know how to build a comprehensive case using analytical and interrogation techniques that will withstand legal scrutiny.
An Ongoing Battle
After International Fraud Awareness Week is over, it's important for businesses to remain focused on fraud awareness, because these crimes happen year-round. Perpetrators generally need three elements in place to act: opportunity, motive and rationalization. Regular staff training and strong internal controls eliminate the opportunity to commit fraud and deter would-be fraudsters by letting them know that you won't tolerate fraud and have implemented controls to detect it.