5 Ways to Mitigate Fraud Risk

RISK gauge.jpg

GUEST BLOGGER

Kelly Todd, CFE
Managing member & member in charge of forensic investigations
Forensic Strategic Solutions, LLC

The growing abundance of internal and external threats can make it difficult to stay ahead of fraudsters. While fraud itself hasn’t changed all that much in recent years, the risks continue to grow in both size and complexity as technology changes and the ability to move, share and expose corporate assets becomes easier.

In today’s technology-crazed age, the scope of risk is growing, and businesses that do not keep up with evolving threats will be vulnerable. Here are some tips on how to keep up:

  1. Monitor your data. In the past, this meant monitoring transactional data to proactively identify anomalies indicative of fraud. Now, however, fraud can be committed in a variety of ways, including uploading sensitive data to the “cloud,” emailing company information, and saving sensitive information on a smartphone or sharing via social media. It’s essential to safeguard your company’s information to ensure it is not shared outside of your business in a malicious manner. Monitoring technology that promptly notifies you when company data is leaving the office, or when shared online, is readily available. Talk with your data security professional for the appropriate solution to monitor and secure your sensitive data.
  2. Establish proactive communication with employees around fraud. Educate your employees on what is and is not appropriate regarding the use of company technology and handling of company information. Establish policies that define the expectation of privacy and your company’s right to monitor network activity. Hold regular training on fraud and ethical behavior in the workplace and establish a chain of command in dealing with suspected fraudulent activity so that your employees are well-equipped to deal with any ethical dilemmas.
  3. Implement company policies on confidentiality and nondisclosure. Upon hiring, employees should be given information on confidentiality policies they must sign and agree to. If your current employees were not subjected to these agreements upon their hiring, implement the policies and require each of your employees to consent. If an employee violates the company policy, they should know that there will be consequences. If an employee leaves the organization, enforce agreed-upon nondisclosure terms.
  4. Set up a whistleblower hotline. Most frauds are discovered by tip or by accident, according to the 2016 ACFE Report to the Nations. It is important that employees work in an environment where they feel they can speak up if they see wrongdoing. Whistleblower hotlines often generate a wide range of reports – implement a few guiding principles around the type of matters that get reported to the audit committee, including significant deficiencies in internal control, senior management malfeasance, accounting irregularities, theft and financial losses, and broad deviations from the organizations anti-fraud policies.
  5. Hire the right people. Mitigate fraud risks by preventing nefarious actors from gaining access to your data in the first place. A thorough vetting of new hires remains critical. All too often, the unfounded belief a former employer won’t share anything of value keeps references from being checked – but if you don’t ask, you will never know.  Pick up the phone and check those references.

Internal controls have been the standard to prevent fraud in the workplace, but as the landscape becomes more multifaceted, new measures like the ones above are necessary.

Despite efforts to prevent fraud, the unfortunate reality is that it still happens. Stay tuned tomorrow for my five tips on what to do once fraud has been detected. 

Mitigating Fraud Risk in 2016

GUEST BLOGGER

Jeremy Clopton, CFE, CPA, ACDA
Director, Forensics and Valuation Services
BKD, LLP

The end of 2015 is quickly approaching and organizations are planning their activities for 2016, so it seems like a good time to consider the importance of fraud prevention efforts. The numbers are stacked against recovery — 58 percent of the victim organizations in the ACFE’s 2014 Report to the Nations recovered none of their losses — so thinking through how best to mitigate fraud risk is an important exercise. It’s my hope that you gave this consideration throughout the year. In the event you didn’t, there is no better time than the present to start.

One of the most common questions I hear from organizations is, “what can I do to prevent fraud in my organization?”  While I wish I had a great answer to that question, completely preventing fraud is nearly impossible and there is no guarantee that fraud will not occur. However, it is possible to mitigate and manage fraud risks with internal controls (FYI – trust is not one of them).

Based on the information in the Report to the Nations, proactive data monitoring/analysis was the most effective anti-fraud control. When looking at cases where this control was present compared to those where it was not, the report shows a 59.7 percent reduction in median loss and a 50 percent reduction in median duration. While this control is the most effective, it was far from the most common control. In fact, it was present in just over a third of all cases submitted.

Another of the most effective anti-fraud controls was surprise audits, which showed a 43.3 percent reduction in median loss and a 50 percent reduction in median duration. Again, this control was only present in about a third of all cases studied.

Hotlines are also near the top of the list of effective anti-fraud controls. Hotlines resulted in a reduction in median loss of 40.5 percent and median duration of 50 percent. Further, hotlines are responsible for tip-reporting, which is the most common method of detection, according to the report.

As 2016 approaches, many companies will likely wait until a fraud occurs to begin thinking through preventive procedures. I’ve highlighted three of the most effective anti-fraud controls in this post, and there are many others to consider. I hope you will take some time prior to the end of the year to consider what controls you have in place, and what controls you should consider adding, to help mitigate fraud in your organization. Here’s to a happy 2016!

Which Anti-fraud Controls Provide the Best Bang for Your Buck?

GUEST BLOGGER

Andi McNeal, CFE, CPA
ACFE Research Director

During International Fraud Awareness Week (Fraud Week), hundreds of organizations worldwide join together to promote the importance of fraud detection, deterrence and investigation. The proactive approach these organizations take to fighting fraud is notable, and it sends a clear message to their employees and the public — as well as to potential perpetrators — that management is serious about protecting the company from fraud.

As part of Fraud Week (and throughout the rest of the year), we encourage companies to examine their internal controls and assess whether they are effectively designed and operating to combat fraud. While undertaking this type of assessment, one of management’s most common concerns is whether the organization’s anti-fraud resources are invested in the most cost-efficient and effective preventive and detective controls. So how can organizations know which anti-fraud controls provide the best bang for their buck?

The ACFE’s 2014 Report to the Nations on Occupational Fraud and Abuse includes information that can help organizations gain insight into the answer to that question. And to highlight our findings in a way that we hope helps in making informed decisions about how to most effectively spend anti-fraud dollars, we also created an infographic on the impact of anti-fraud controls.

As part of our research, we examined the controls that were — and were not — in place at organizations victimized by fraud. This allowed us to identify trends that reflect the potential effectiveness of various anti-fraud controls, such as:

  • Organizations that engaged in proactive data monitoring and analysis suffered fraud losses that were approximately 60 percent smaller than organizations that did not.
  • Other controls associated with noteworthy reductions in median losses include employee support programs (such as addiction, family or financial counseling), formal management review procedures and a written code of conduct.
  •  Although tips are consistently the most common means by which frauds are detected, only 54 percent of the victim organizations in our study had a formal hotline in place at the time of the fraud, meaning nearly half of the companies were not optimally poised to detect the schemes at their organizations.
  •  External audits are widely used — 81 percent of victim organizations underwent financial statement audits at the time the frauds occurred — and they serve many useful purposes. However, these audits were responsible for uncovering just 3 percent of the frauds in our study, reflecting the need for organizations to not rely exclusively on this control as the primary means of fraud detection.

Our data also reinforces what so many anti-fraud professionals and small business owners inherently know — that small businesses are uniquely and particularly at risk for fraud. Across the board, small businesses have a much lower implementation rate of anti-fraud controls than larger organizations, which leaves them especially vulnerable to being victimized by dishonest employees.

International Fraud Awareness Week is a great time for anti-fraud professionals to download the infographic on the impact of anti-fraud controls and the full ACFE 2014 Report to the Nations, and to use these resources to educate and encourage managers and business owners about the need for wisely investing in fraud prevention and detection controls.