4 Ways to Increase Your Level of Management Review in 2015

GUEST BLOGGER

Jeremy Clopton, CFE, CPA, ACDA
Senior Managing Consultant, Forensic and Valuation Services, BKD, LLP

February is here. We've made it past the excitement of the new year, made (and perhaps broken) a few resolutions and undoubtedly read a few different “new year, new you” articles.  Now it is time to get down to business: the prior year’s books need to be closed, current year operations are kicking into high gear and you may be conducting your first management review of the 2014 financials. In fact, according to the 2014 Report to the Nations, nearly half of the organizations surveyed did not use management review as an anti-fraud control. This is especially true for smaller organizations, where only one-third of organizations used management review as a control. 

Interestingly, of the anti-fraud controls listed, management review is likely one of the easiest and most cost-effective controls to implement in a small business. And, given that small businesses are often owner-managed, there should be a keen interest in conducting such a review. Though, as with any control, figuring out how to get started is sometimes the most difficult. With that, here are four ways to increase your level of management review in 2015:

  • Obtain and review your bank statements. It is important to obtain a copy of your bank statements directly from the bank each month, including the cancelled check images. Some of the most common fraud schemes in the Report to the Nations are disbursement related  meaning money is going out the door. Generally, that activity is captured in the bank statements. Easy-to-spot items, such as unusual electronic payments, credit cards your organization doesn't have, checks payable to employees or manual checks in a batch of electronic payments can make this review both effective and efficient. If small business owners logged onto their bank’s website once a week to look at the transactions, it would keep many frauds from growing into a much bigger problem.
  • Take advantage of your ratios. Ratios were meant to be compared. That might not be the true reason they were created, but it is one of the most effective ways to use them for management review. Comparing your key ratios over time (monthly, quarterly, annually, etc.) to peers in the industry or to other benchmark data provides insights into how your business is performing. While they might not be enough to facilitate operational decision-making, these simple comparisons provide indications of change within the financials.
  •  Obtain electronic data and verify the reports you are provided for review. Management likely receives and reviews reports each day. These reports, however, may be a slight variation on what the data actually says. Therefore, it is important to obtain the underlying data for your standard reports and review the two for consistency. If the reports come directly from accounting, go directly to IT to obtain the data. Getting these items from different sources provides you a means to verify the contents of your regularly reviewed reports. For example, an accounts receivable aging report might not show a significant number of outstanding balances. A review of accounts receivable transaction data, however, shows a large number of write-offs. The review of the underlying data provides a better understanding of the report and may lead to additional questions.
  • Embrace the dashboard. No, I don’t mean go out and give your car a hug. Rather, enlist the help of someone in the IT department or internal audit department to leverage all of that “big data” your organization is generating. Aggregating the detailed data elements into a high-level dashboard can allow you to efficiently perform a management review of key metrics, controls and other items of interest. For example, if vendor management is a concern in your organization (hint: it probably should be), incorporate statistics about new vendors, vendor changes and dormant vendors in your dashboard. You might need dashboards for each business process or operating division. Dashboards allow you to have greater insight into the data without being overwhelmed by millions of data points. 

As you continue your review of the 2014 results, begin to review 2015 results now. Management review is not only an effective anti-fraud control; it is also a way to provide you greater insight into the operations of the organizations you manage.

Which Anti-fraud Controls Provide the Best Bang for Your Buck?

GUEST BLOGGER

Andi McNeal, CFE, CPA
ACFE Research Director

During International Fraud Awareness Week (Fraud Week), hundreds of organizations worldwide join together to promote the importance of fraud detection, deterrence and investigation. The proactive approach these organizations take to fighting fraud is notable, and it sends a clear message to their employees and the public — as well as to potential perpetrators — that management is serious about protecting the company from fraud.

As part of Fraud Week (and throughout the rest of the year), we encourage companies to examine their internal controls and assess whether they are effectively designed and operating to combat fraud. While undertaking this type of assessment, one of management’s most common concerns is whether the organization’s anti-fraud resources are invested in the most cost-efficient and effective preventive and detective controls. So how can organizations know which anti-fraud controls provide the best bang for their buck?

The ACFE’s 2014 Report to the Nations on Occupational Fraud and Abuse includes information that can help organizations gain insight into the answer to that question. And to highlight our findings in a way that we hope helps in making informed decisions about how to most effectively spend anti-fraud dollars, we also created an infographic on the impact of anti-fraud controls.

As part of our research, we examined the controls that were — and were not — in place at organizations victimized by fraud. This allowed us to identify trends that reflect the potential effectiveness of various anti-fraud controls, such as:

  • Organizations that engaged in proactive data monitoring and analysis suffered fraud losses that were approximately 60 percent smaller than organizations that did not.
  • Other controls associated with noteworthy reductions in median losses include employee support programs (such as addiction, family or financial counseling), formal management review procedures and a written code of conduct.
  •  Although tips are consistently the most common means by which frauds are detected, only 54 percent of the victim organizations in our study had a formal hotline in place at the time of the fraud, meaning nearly half of the companies were not optimally poised to detect the schemes at their organizations.
  •  External audits are widely used — 81 percent of victim organizations underwent financial statement audits at the time the frauds occurred — and they serve many useful purposes. However, these audits were responsible for uncovering just 3 percent of the frauds in our study, reflecting the need for organizations to not rely exclusively on this control as the primary means of fraud detection.

Our data also reinforces what so many anti-fraud professionals and small business owners inherently know — that small businesses are uniquely and particularly at risk for fraud. Across the board, small businesses have a much lower implementation rate of anti-fraud controls than larger organizations, which leaves them especially vulnerable to being victimized by dishonest employees.

International Fraud Awareness Week is a great time for anti-fraud professionals to download the infographic on the impact of anti-fraud controls and the full ACFE 2014 Report to the Nations, and to use these resources to educate and encourage managers and business owners about the need for wisely investing in fraud prevention and detection controls.

New Report Reveals Data Analysis as Most Effective Anti-Fraud Control

Download the Report today.

Download the Report today.

GUEST BLOGGER

John Warren, J.D., CFE
ACFE VP and General Counsel

It may be better and cheaper to prevent fraud than detect it, but it’s a fact of life in any organization that fraud will eventually happen. The tools we use to detect fraud are critically important. Data from the ACFE’s recent 2014 Report to the Nations on Occupational Fraud and Abuse suggest that organizations that proactively seek out fraud do a much better job of limiting their losses; whereas those who are reactive – relying on external or passive detection methods – tend to experience much larger fraud costs.

For those not familiar with the Report to the Nations, it is a bi-annual study based on actual cases of occupational fraud, with detailed information supplied by the Certified Fraud Examiners (CFEs) who investigated those cases. The 2014 Report contains data from 1,483 frauds that occurred in more than 100 countries.

We identified 18 common anti-fraud controls and asked our respondents which, if any, of these controls had been implemented by the victim organizations at the time their frauds occurred. We then compared the median loss and median duration of frauds based on whether each control was or was not present. 

What we found was that every control was associated with a significant reduction in median losses, ranging from 20% to 60% per scheme. Each control was also associated with faster fraud detection. (For a full list of our results, see page 38 of the Report.) This analysis is not a perfect measure of control effectiveness – remember, we’re looking only at frauds that have occurred, so we’re not able to measure the preventative impact of controls. But our data strongly suggests that anti-fraud controls have a measurable impact in reducing fraud losses. 

The control that scored the highest in our 2014 study was “proactive data monitoring and analysis.” Organizations that utilized proactive data monitoring experienced frauds with a median loss 60% lower than those without this tool, and they detected fraud 50% more quickly. Unfortunately, only a little more than one third of the victim organizations in our study conducted proactive data monitoring for fraud.  This low implementation rate may be a factor of cost. A typical small business may not have the financial resources or personnel necessary to conduct proactive monitoring. When we focused on larger organizations (those with 10,000 or more employees) we found a stronger implementation rate of 49%, but that still means half of the largest, most well-financed organizations were ignoring this tool. 

In the 2014 Report we’ve included a wealth of information about how frauds are committed, the highest risk areas for various departments and industries, and the characteristics of those who commit these crimes. We encourage readers to use this information to help determine where their organizations are most vulnerable to fraud, and then use the data we’ve gathered on controls and detection to design systems that will give them the best chance of catching these crimes early and limiting fraud losses.  

Find more details and read more Report findings at ACFE.com/RTTN.