John Warren, J.D., CFE
ACFE VP and General Counsel
It may be better and cheaper to prevent fraud than detect it, but it’s a fact of life in any organization that fraud will eventually happen. The tools we use to detect fraud are critically important. Data from the ACFE’s recent 2014 Report to the Nations on Occupational Fraud and Abuse suggest that organizations that proactively seek out fraud do a much better job of limiting their losses; whereas those who are reactive – relying on external or passive detection methods – tend to experience much larger fraud costs.
For those not familiar with the Report to the Nations, it is a bi-annual study based on actual cases of occupational fraud, with detailed information supplied by the Certified Fraud Examiners (CFEs) who investigated those cases. The 2014 Report contains data from 1,483 frauds that occurred in more than 100 countries.
We identified 18 common anti-fraud controls and asked our respondents which, if any, of these controls had been implemented by the victim organizations at the time their frauds occurred. We then compared the median loss and median duration of frauds based on whether each control was or was not present.
What we found was that every control was associated with a significant reduction in median losses, ranging from 20% to 60% per scheme. Each control was also associated with faster fraud detection. (For a full list of our results, see page 38 of the Report.) This analysis is not a perfect measure of control effectiveness – remember, we’re looking only at frauds that have occurred, so we’re not able to measure the preventative impact of controls. But our data strongly suggests that anti-fraud controls have a measurable impact in reducing fraud losses.
The control that scored the highest in our 2014 study was “proactive data monitoring and analysis.” Organizations that utilized proactive data monitoring experienced frauds with a median loss 60% lower than those without this tool, and they detected fraud 50% more quickly. Unfortunately, only a little more than one third of the victim organizations in our study conducted proactive data monitoring for fraud. This low implementation rate may be a factor of cost. A typical small business may not have the financial resources or personnel necessary to conduct proactive monitoring. When we focused on larger organizations (those with 10,000 or more employees) we found a stronger implementation rate of 49%, but that still means half of the largest, most well-financed organizations were ignoring this tool.
In the 2014 Report we’ve included a wealth of information about how frauds are committed, the highest risk areas for various departments and industries, and the characteristics of those who commit these crimes. We encourage readers to use this information to help determine where their organizations are most vulnerable to fraud, and then use the data we’ve gathered on controls and detection to design systems that will give them the best chance of catching these crimes early and limiting fraud losses.
Find more details and read more Report findings at ACFE.com/RTTN.