A recent survey conducted by the Association of Certified Fraud Examiners (ACFE) estimates that fraud losses for a typical organization amount to 5% of total revenues each year with median losses to the tune of $150,000. More than one‐fifth of such losses hit the million dollar mark. The most common type of fraud: asset misappropriation with median losses of $125,000 comprised 83% of all fraud cases reported while financial statement fraud schemes made up just 10% of the total fraud cases, but caused the greatest median loss at nearly $1 million. The frauds reportedly lasted 18 months before being detected. The most telling fact was that private companies logged the highest median loss of $180,000 in comparison to public companies, government, non-profit and other sectors.
This is not entirely surprising given the lack of internal controls and other detection methods in private companies. The absence of anti‐fraud controls is notably correlated with significant increases in the cost and duration of occupational fraud schemes. The survey reported that fraud is more likely to be detected by a tip than by any other method. Not every private company would like to invest in a whistleblower scheme that requires monitoring and quite possibly a monthly fee. But there are several cost-effective anti-fraud controls that can make a significant impact on a company’s fraud detection rate such as:
- Establishing a code of conduct and an anti-fraud policy: a strong “tone at the top” that advocates honesty and integrity can go a long way in deterring fraudulent practices.
- Fraud training for employees: making employees aware of fraud and how to handle ethical situations can serve as an added fraud prevention measure.
- Management review and surprise audits: Adequate oversight by management is by far the most overlooked of controls and is one of the most common fraud detection methods.
- Requiring job rotation and mandatory vacations: helps discover irregular on-goings when the perpetrator is removed from their position of control.
- Segregation of duties: is often difficult to implement in smaller sized companies with limited employees. But a few tweaks can go a long way. For instance, not giving a single employee too much authority over the financial records is a key step in managing fraud risk. Other examples include separating bank deposits from the general ledger entry function; payroll processing from the HR function and the check signing function.
It is critical to understand the areas where the company could be vulnerable to fraud and structure. Designing the appropriate control mechanism is the next step. For further assistance in assessing and managing your fraud risks, please feel free to contact us.