New Report Reveals Data Analysis as Most Effective Anti-Fraud Control

/
Download the Report today.

Download the Report today.

GUEST BLOGGER

John Warren, J.D., CFE
ACFE VP and General Counsel

It may be better and cheaper to prevent fraud than detect it, but it’s a fact of life in any organization that fraud will eventually happen. The tools we use to detect fraud are critically important. Data from the ACFE’s recent 2014 Report to the Nations on Occupational Fraud and Abuse suggest that organizations that proactively seek out fraud do a much better job of limiting their losses; whereas those who are reactive – relying on external or passive detection methods – tend to experience much larger fraud costs.

For those not familiar with the Report to the Nations, it is a bi-annual study based on actual cases of occupational fraud, with detailed information supplied by the Certified Fraud Examiners (CFEs) who investigated those cases. The 2014 Report contains data from 1,483 frauds that occurred in more than 100 countries.

We identified 18 common anti-fraud controls and asked our respondents which, if any, of these controls had been implemented by the victim organizations at the time their frauds occurred. We then compared the median loss and median duration of frauds based on whether each control was or was not present. 

What we found was that every control was associated with a significant reduction in median losses, ranging from 20% to 60% per scheme. Each control was also associated with faster fraud detection. (For a full list of our results, see page 38 of the Report.) This analysis is not a perfect measure of control effectiveness – remember, we’re looking only at frauds that have occurred, so we’re not able to measure the preventative impact of controls. But our data strongly suggests that anti-fraud controls have a measurable impact in reducing fraud losses. 

The control that scored the highest in our 2014 study was “proactive data monitoring and analysis.” Organizations that utilized proactive data monitoring experienced frauds with a median loss 60% lower than those without this tool, and they detected fraud 50% more quickly. Unfortunately, only a little more than one third of the victim organizations in our study conducted proactive data monitoring for fraud.  This low implementation rate may be a factor of cost. A typical small business may not have the financial resources or personnel necessary to conduct proactive monitoring. When we focused on larger organizations (those with 10,000 or more employees) we found a stronger implementation rate of 49%, but that still means half of the largest, most well-financed organizations were ignoring this tool. 

In the 2014 Report we’ve included a wealth of information about how frauds are committed, the highest risk areas for various departments and industries, and the characteristics of those who commit these crimes. We encourage readers to use this information to help determine where their organizations are most vulnerable to fraud, and then use the data we’ve gathered on controls and detection to design systems that will give them the best chance of catching these crimes early and limiting fraud losses.  

Find more details and read more Report findings at ACFE.com/RTTN.

Sneak Peek: New Report to the Nations Takes Fraud’s Temperature Worldwide

/
New Report out May 20 at ACFE.com/RTTN.

New Report out May 20 at ACFE.com/RTTN.

GUEST BLOGGER

Scott Patterson, CFE
ACFE Senior Media Specialist

Small businesses (those with fewer than 100 employees) still bear the brunt of fraud’s damaging effects. They are more often the victims of fraud cases than larger organizations, and their financial losses are disproportionately high. Another fraud fact: two out of three perpetrators are men, a persisting gender gap that shows no sign of closing.

These and other insights are detailed in the ACFE’s newly published 2014 Report to the Nations on Occupational Fraud and Abuse. The Report is based on data compiled from a study of 1,483 cases of occupational fraud that occurred worldwide between January 2012 and December 2013. All information was provided by the Certified Fraud Examiners (CFEs) who investigated those cases. The fraud cases in our study came from nearly 100 nations, providing a truly global view into the plague of occupational fraud.

A few of the other findings in the 80-page Report:

  • Fraud schemes are extremely costly. The median loss caused by the occupational fraud cases in the study was $145,000. More than one-fifth of these cases caused losses of at least $1 million.
  • Schemes can continue for months or even years before they are detected. The frauds in the study lasted a median of 18 months before being caught.
  • Tips are key in detecting fraud. Occupational fraud is more likely to be detected by a tip than by any other method. The majority of tips reporting fraud come from employees of the victim organization.
  •  Occupational fraud is a global problem. Though some findings differ slightly from region to region, most of the trends in fraud schemes, perpetrator characteristics and anti-fraud controls are similar regardless of where the fraud occurred.

Since the inception of the Report in 1996 (originally titled The Wells Report), the ACFE has released seven updated editions — in 2002, 2004, 2006, 2008, 2010, 2012, and the current version in 2014. Like the first Report, each subsequent edition has been based on detailed case information provided by Certified Fraud Examiners (CFEs).

With each new edition of the Report, the ACFE adds to and modifies survey questions in order to enhance the quality of the data. This evolution of the Report to the Nations provides a more meaningful statistical picture drawn from the experiences of CFEs and the frauds they encounter.

Download the Report at ACFE.com/RTTN on May 20.

Malaysian Anti-Corruption Commission Partners with the ACFE to Root Out Fraud and Corruption

/

GUEST BLOGGER

Ganesh Thuraisingham
ACFE Partnership Manager – Asia-Pacific Region

Last month, the Malaysian Anti-Corruption Commission (MACC) announced its plans to collaborate with the Association of Certified Fraud Examiners (ACFE) by joining the Law Enforcement and Government Partnership (LEGP) and certifying more than 400 MACC investigations officers with the CFE credential.

"To improve the knowledge and skills of our investigation officers in the operations section, in detecting corrupt practices, we will be cooperating with the ACFE," said MACC chief commissioner, Tan Sri Abu Kassim Mohamed. He said corruption did not only involve accepting or giving bribes in the form of cash, but also covered other forms like fraudulent managing of accounts, which was difficult to detect roughly. "With such an accreditation program [the Certified Fraud Examiner credential], our investigation officers will be able to enhance their capability in identifying corrupt practices including wrongdoings related to taxes and claims."

MACC Chief Commissioner Tan Sri Abu Kassim Mohamed and ACFE Faculty Member Allen Brown.

MACC Chief Commissioner Tan Sri Abu Kassim Mohamed and ACFE Faculty Member Allen Brown.

In the article, “MACC Seeks to be on Par with FBI” in the New Straits Times, MACC special adviser to the chief commissioner and head of forensics Datuk I.G. Chandran said the program was part of MACC's effort to move from witness-based probes to document-based probes. "As cases become more complex, we can no longer rely on witness statements. We need to have an understanding of financial documents to find evidence of graft, which can be well-hidden."

As the newly appointed Asia-Pacific Partnership Manager for the ACFE, I had the pleasure of sitting alongside Abu Kassim in Kuala Lumpur as he made his announcement at a press conference held at the International Internal Auditor’s Malaysia Corporate Fraud Conference. This type of partnership is something I am excited to be a part of and I hope to see more Asian law enforcement and government agencies step up to provide first-rate anti-fraud training to key staff in the future.

Although I have some background in auditing, I am understanding more and more about the fight against fraud. Last month, I also attended the Association of Certified Anti-Money Laundering Specialists' Asia-Pacific conference in Kuala Lumpur. I met with attendees of all different levels. It was interesting to hear from many about what they thought of the ACFE. To my surprise, not only were attendees familiar with the ACFE, they expressed how it is a well-respected professional organisation. Our recent event in Singapore, “Using Data Analytics to Detect Fraud,” was our largest 2-day course held outside of the U.S. with more than 90 participants, half of whom were not previously members of the ACFE.

To expand its international presence, the ACFE has come up with a variety of resources and events for members outside the U.S., which is constantly being reviewed and enhanced. For 2014, the ACFE has put together six 2-day seminars in Hong Kong, Australia, New Zealand, Singapore, Malaysia and Indonesia, as well as the 2014 ACFE Asia-Pacific Fraud Conference in Hong Kong this November. Due to the success of the courses held in the first part of the year, we are already planning more events in the region for 2015. These are just a few things which the ACFE is currently doing to support the growth in the region (and don’t forget they hired me as its Partnership Manager). 

Retaliation Exposure Tipping Point? Supreme Court Extends SOX Whistleblower Protections to Private Company Employees

/

GUEST BLOGGER

Shanti Atkins
President and Chief Strategy Officer, NAVEX Global

The Supreme Court in Lawson vs FMR, LLC (delivered March 4, 2014, after a 6-3 vote) has ruled that employees of private companies engaged by public companies are covered by the whistleblower protections of Sarbanes-Oxley Act of 2002 (SOX).

In Lawson, two employees of FMR, LLC (a private employer contracted with by publicly traded mutual funds) claimed they were retaliated against by their employer after raising issues of fraud. They filed for whistleblower protection under SOX. FMR responded by claiming that their employees were not protected by SOX from firing or retaliation because SOX applied only to claims brought by employees of public companies.

A Seminal Shift in Coverage

SOX was enacted largely in response to shareholder fraud at a publicly traded company, Enron. SOX included a provision to protect whistleblowers from retaliation to encourage reporting of fraud. No one ever argued that these protections did not apply to employees of public companies. In fact as pointed out by dissenting U.S. Supreme Court Justice Sonia Sotomayor, the name of the pertinent SOX section was “Protection for Employees of Publicly Traded Companies Who Provide Evidence of Fraud.” For years it was a widely held position that this whistleblower protection applied solely to employees of the 5,000 or so companies with publicly traded securities in the U.S. Lawson changes that position entirely.  The decision’s seminal shift in SOX coverage opens up the potential for more claims brought by employees of the third parties of private companies who have been engaged by public companies.

What’s the Practical Impact on Exposure?

The true size of this potential new universe of protected claimants is still uncertain. Depending on your position, you either think that there will be an overwhelming rush by accountants, law firms and even in the most extreme cases, babysitters (as argued in the dissenting opinion of Justice Sotomayor) to bring retaliation claims. Or, you believe it will be “business as usual.” Much of this final debate may hinge on an undecided question about the types of claims protected and whether or not, as many allege, they are limited to shareholder fraud. But one thing is clear. Public and private companies alike must now take greater care with how whistleblowers are handled after a report has been filed.

A Reminder that Risk Continues to Escalate Through the Use of Third Parties

While the full impact of the decision on the number and subject matter of whistleblower claims remains to be seen, there is another critical take-away from Lawson: The use of all third parties puts the engaging party at higher risk of fines, litigation and damage to reputation. Whether in the form of liability for direct, unlawful acts such as bribery or quality failures, or liability for the consequences of retaliation, all third parties need to be evaluated for the potential risk to the enterprise, private and public. This argues in favor of universal but proportional due diligence, especially data driven technology solutions, as well as strong policies, training and further monitoring and auditing of third parties.

The Importance of Effective Reporting Channels

In light of this opinion, an additional area of heightened concern for all employers should be the need to ensure that the company has an effective, well-communicated hotline for employees to report misconduct, along with a robust case management system to centralize, manage and resolve those reports – whether brought through the hotline, or another avenue, including management and HR. This is not just a requirement or best practice for publicly traded companies. It is a universal need. More than just collecting reports of misconduct, employers should ensure that reports are being promptly investigated and actually resolved. This concern is illustrated in the results of NAVEX Global’s just published 2014 Hotline Benchmarking Report. From the NAVEX Global website, “the Report’s findings showed that the number of days it is taking organizations to close a reported case has gone from 30 days in 2008 to 36 days in 2013. Questions on accounting, auditing and financial reporting took an average of 46 days to close…”

“Every additional day an employee is left wondering whether their concern has been taken seriously represents a risk to the organization,” said Carrie Penman, chief compliance officer and senior vice president of advisory services at NAVEX Global. “An ongoing increase in case closure time is a red flag; organizations need to ensure they have sufficient and properly trained resources available to manage the increasing volume of reports in the coming year. The trend is especially notable given that under some regulatory provisions for external reporting and whistleblower awards, an organization may have limited time to complete an internal investigation.”

Lawson Reminds Us of the Ongoing Challenges Around Whistleblowing and Retaliation

The whistleblower risk to companies is clearly increasing. Even with overall workplace misconduct on the decline according to a recent study from the Ethics Resource Center (ERC), retaliation bucks the trend, continuing to rise at an alarming pace. This syncs up with NAVEX Global’s own proprietary data (based on the largest database of reported incidents in the world) where overall report volume has increased substantially over the past three years. 

Lawson demonstrates continued support for expanding the protections for whistleblowers. Experienced compliance specialists, executives, attorneys and others who address the reduction of risk or exploit its vulnerabilities should take proactive steps to identify whistleblower risks and implement or enhance current plans to address them. Bringing the impact of Lawson to the attention of the top ranks of an organization is also critical – executive management, the C-Suite and the Board. It’s a decision worthy of everyone’s attention.

Find out more about how businesses can protect themselves by downloading our SOX Whistleblower Protection Toolkit for Private Businesses.

Where Will Data Analytics Take Us Next?

/

GUEST BLOGGER

Gerry Zack, ACFE Regent, CFE, CIA, CPA, CCEP
Zack, P.C.
Rockville, Md.

It seems like only yesterday that searching for dupes was considered to be sophisticated data mining! Oh, how the times have changed, and continue to change. Data analytics to detect fraud is an exciting field and one that is developing rapidly. (We even added an entire Data Analytics track at the upcoming 25th Annual ACFE Global Fraud Conference in San Antonio, Texas, June 15-20, 2014). According to a recent EY survey, 72 percent of executives surveyed believe big data can play a key role in fraud detection and prevention, but only 26 percent said their organization deploy forensic analytics, despite their interest in doing so. Those numbers show a big gap fraud fighters are hoping to close in the coming years. I am excited to have the opportunity to help close this gap by moderating a panel, “Where Will Data Analytics Take Us Next?” at the ACFE Global Fraud Conference. 

In addition to fielding questions from the audience, I hope to explore several issues with our panel of experts, such as:

  • What are some recent data analytic developments that are particularly useful to fraud detection that many of us might not be aware of?
  • What are some of the most helpful software solutions currently in development that we can expect to see available in the near future?
  • What future data analysis capability are you most interested to see a solution developed to address?
  • Big data doesn’t necessarily mean good or useful data. With so much potential data to mine and analyze, where should an organization begin the process of deciding what and where to mine without getting lost in forest of big data?
  • What are the most common mistakes that are made when an organization first embarks on a data analytics strategy?
  • How does one best address the issue of data ownership in an organization, such as when one department or group closely guards information they have developed?
  • How do data analytics needs and applications for fraud investigators differ from those of people who mine for signs of red flags on a regular basis?

These are just a few areas I’d like to see covered, but I’m sure you will have many other great questions to pose to our panel. This promises to be a fast-paced and exciting session that will be a great culmination to the conference, providing you with that one final opportunity for valuable take-aways. I also encourage you to stop by the conference's first-ever Data Analytics Showcase to meet with some of the industry's leading data analytics software providers.

I look forward to seeing you in San Antonio.