COVID-19 update: A message from our partnersRead more
Surprise audits are one of the least-used forms of anti-fraud controls, but one of the most effective, according to the new 2014 Report to the Nations on Occupational Fraud and Abuse by the Association of Certified Fraud Examiners (ACFE).
Only 29 percent of American companies who were victims of fraud in the latest ACFE study used surprise audits as a method of detection. But after tips and management reviews, internal audits proved the next most effective means of discovering occupational fraud, detecting illegal activity in 14 percent of cases.
Conducting a regular external audit – which, at 73 percent, was the most common control enacted by most victim organizations along with implementing a code of conduct – was also one of the least effective means of detecting fraud, at 3 percent, according to the report.
More cases of employee fraud were detected by accident than by an external audit. The ACFE noted that while external audits serve many essential functions, they should not be strongly relied upon as a fraud detection tool.
Proactive fraud deterrents, such as surveillance/monitoring, account reconciliation and surprise audits, significantly reduce the duration and amount of fraud losses.
For instance, surveillance and monitoring detects fraudulent activity in a median of nine months, according to the study, with median losses of $49,000.
Internal audits bring fraud to light in a median of 18 months, with the median amount stolen – $100,000.
Regular external audits, on the other hand, are a passive means of detection, along with discovering fraud by accident and being informed by law enforcement. They allow fraud to go on for longer periods of time, and the loss is substantially higher.
Other than notification by law enforcement, crimes discovered by regular external audits had the highest median loss – $360,000. The duration of fraudulent activity before it was discovered by external audit was 30 months.
The study concluded that many of the most effective fraud deterrents – including surveillance/monitoring, management review and surprise audits – are being overlooked by most organizations and should be considered when investing future anti-fraud dollars.