Consider this scenario.  Chuck is a 52 yr old manager in the Accounting Department who has been with his company eight years, has never been convicted or charged of any crime, has never been punished or terminated from any job, and has a college degree. In addition, Chuck is the consummate company man, and so devoted to his job that he rarely takes a vacation day. Any company would feel fortunate to have Chuck on their team – right? Surprisingly, he also fits the description of the most common perpetrator of fraud against his employer resulting in a median loss of $250,000 per case. And that fraud could take his employer up to 18 months to detect.

The Cost of Occupational Fraud

This data and other sometimes surprising and disturbing facts are revealed in the Association of Certified Fraud Examiners’ (ACFE) 2010 Report to the Nations on Occupational Fraud and Abuse. The study is from data provided by Certified Fraud Examiners (CFEs) on cases they investigated from January 2008 through December 2009. Fraud against one’s employer, also called occupational fraud, is estimated to cost the typical organization 5% of its annual revenue.  You only have to think briefly about throwing 5% of your top line revenue out the window to realize that you can’t turn your back on occupational fraud. But you’re not at risk, because you have an annual audit – right? Wrong. While external audits are the control mechanism most widely used by victim organizations, they rank comparatively poorly in both detecting fraud and limiting losses. Audits are clearly important but are focused on whether a company’s financial statements present fairly the financial condition of a company in all material respects, and can’t be relied upon for fraud detection exclusively. In the study, smaller companies (those with less than 100 employees) were found to be disproportionately victimized by employees; and banking/financial services tops the list of fraud occurrence by industry, followed by manufacturing, and government/public administration. More than 80% of the frauds were committed by individuals in one of six departments: accounting, operations, sales, executive/upper management, customer service, or purchasing. Not surprisingly, high level perpetrators caused the greatest damage to their organizations, committing frauds that were nine times more costly than those committed by lower level employees. It was found that fraud perpetrators often display warning signs that they are engaged in illicit activity, with the most common being living beyond their means.  

Detecting Occupational Fraud

The study found again, as in the past, that occupational fraud is most likely to be detected by tips from fellow employees than by any other means, and that Fraud Hotlines were the control associated with the greatest reduction in median loss. However, of the companies reporting fraud, only 15% of small businesses had a Hotline set-up for tips versus 64% of large companies. Internal audits were second in detecting fraud, followed by management review. The fourth most frequent method of fraud detection reported was when the victim organization happened to stumble onto the fraud or was notified of it by an outside party, such as a customer. When experts were asked which issues were considered to be the primary factors that allowed the fraud to occur, a lack of internal controls such as segregation of duties was cited most often.  Management override of existing internal controls came in second, lack of management review came in third, and poor tone at the top was fourth. 

Stopping Occupational Fraud

So what can a company do to protect itself from occupational fraud? From the issues cited above, it is apparent that a strong anti-fraud program in any company begins with an adequate system of internal controls. Take a good look around your company to ensure that certain sensitive duties are not performed by the same employee, like check writing and reconciling the bank account. Also look at controls over assets that can be easily misappropriated such as cash, inventory, equipment, and tools. Check to see if adequate documentation is provided for employee expenses, purchase requests, and vendor invoices and whether a thorough review occurs prior to approval and payment. It is management’s responsibility to be sure adequate controls are in place. Controls also must be reviewed periodically to assure they are functioning as designed and are not overridden. This is the purpose of the internal audit function. A fully functioning internal audit presence is a strong deterrent to committing fraud. To combat fraud, many smaller companies without an internal audit department have elected to have “spot audits” performed by their CPA or a CFE (Certified Fraud Examiner). To create the proper tone at the top, it is crucial for the owners, the top executives, and employees at all levels of the company to behave with honesty and integrity and to adhere to the company’s policies and procedures. Exceptions to policies and procedures should not be allowed. A company must make it clear to everyone that it has a policy of zero-tolerance toward fraud, and in practice must never sweep issues under the carpet once discovered. And finally, employees should be educated on what constitutes fraud, understand the red flags of illicit behavior, know what they should do if they suspect fraud, and be provided with an anonymous means to report concerns. Remember – your employees are your front line of defense in fraud detection, and the sooner the fraud is caught the lower the loss to your organization. 

Priscilla Capes is a Consulting Manager with Harding, Shymanski, and Company, PSC, specializing in fraud investigations and forensic accounting techniques such as forensic data analysis, and is a CPA in addition to a Certified Fraud Examiner and an Accredited ACH Professional. Priscilla can be reached at pcapes@hsccpa.com or 502.584.4142.