4 Ways to Protect Your Company’s Pot of Gold

AUTHOR'S POST

Mandy Moody, CFE
ACFE Content Manager

Don’t worry; I’m not going to go all Lucky Charms on you this St. Patrick’s Day and toss out a bunch of thinly veiled Irish puns. You would only be so lucky…sorry, I couldn’t resist.

But, I did want to take this opportunity to remind you about the cost of fraud to your organization and how to add four easy best practices that will help protect your company’s hard-earned pot of gold. Organizations worldwide lose an estimated 5 percent of their annual revenues to fraud, according to the ACFE’s 2016 Report to the Nations on Occupational Fraud and Abuse. A single instance of fraud can be devastating: the median loss per fraud case was $145,000, and more than a fifth of the cases involved losses of at least $1 million.

The good news? There are some basic steps your organization can take to lessen your vulnerability to fraud:

1. Adopt a Code of Ethics.
Be proactive in setting a tone for management and employees. Evaluate your internal controls for effectiveness and identify areas of the business that are vulnerable to fraud.

2. Establish Hiring Procedures.
When hiring staff, conduct thorough background investigations. Check educational, credit and employment history (as permitted by law), as well as references.

3. Implement a Fraud Hotline.
Fraud is still most likely to be detected by a tip. Providing an anonymous reporting system for your employees, contractors and clients will help uncover more fraud.

4. Increase the Perception of Detection.
Communicate regularly to staff about anti-fraud policies, ways to report suspicions of misconduct, and the potential consequences (including termination and prosecution) of fraudulent behavior.

Implementing these tips could help prevent your organization from becoming a statistic, and help keep your pot of gold safe and secure. I leave you with this Irish blessing: “Here’s to you and yours, And to mine and ours, And if mine and ours ever come across you and yours, I hope you and yours will do as much for mine and ours as mine and ours have done for you and yours!” Cheers, everyone!

Indifference to Ethical Business Conduct is Death for Organizations

FROM THE PRESIDENT

James D. Ratley, CFE
ACFE President

In my decades of anti-fraud work I've learned more things than I've taught. Here's one important nugget: Organizations should encourage whistleblowers. (At the ACFE, we like to call them sentinels.) As in years past, the 2016 Report to the Nations says the most common detection method still is tips.

In Fraud Magazine's latest cover article, Top 10 factors leading to hotline distrust: Understanding why no one calls, authors Ryan Hubbs and Julia Kniesche write that whistleblowers have always been subject to false allegations, retribution from management and even dismissal.

I've met few whistleblowers who weren't targets of their organizations after they bravely stepped up to the plate. (Just read the stories of Tony Menendez and James Holzrichter.)

Hubbs and Kniesche write that employees often ignore company hotlines because they witness top management's indifference to ethical business conduct. "When employees see management retaliating against would-be whistleblowers, the message at the operational level is clear: Mind your own business, don't ask questions and keep your head down if you want to keep your job," they write.

That attitude is death for organizations. "An ethics hotline reporting system becomes meaningless when employees can't trust that local management will take appropriate action," say the authors.

Some of the factors that lead to ineffective hotlines, they share, include neglecting to train hotline workers well; management that interferes; employees who don't understand the systems; inadequate resources and poor program designs; and retaliation against whistleblowers.

Sometimes, organizations begrudgingly begin hotlines because of stipulations in the U.S. Sarbanes-Oxley Act and the Dodd-Frank Act, or European Union directives.

However, the organizations that see the best hotline results initiate them because they know they'll encourage strong internal cultures and revive flagging morale. As the authors write, employees' lack of trust in the reporting process can create unhealthy work environments, and eventually result in employment lawsuits, legal and regulatory actions, loss of assets, external whistleblower complaints, poor customer perception or brand reputation, and high employee-turnover costs.

Hubbs and Kniesche write that most employees want to do the right thing, and organizations need to do what they can to help support and encourage employees to report. "Failures in employee reporting today can result in significant operational and reputational hurdles tomorrow," they explain. They encourage you to follow their tips to strengthen your reporting program so no top executive ever has to ask the question, "What went wrong?"

Mitigating Fraud Risk in 2016

GUEST BLOGGER

Jeremy Clopton, CFE, CPA, ACDA
Director, Forensics and Valuation Services
BKD, LLP

The end of 2015 is quickly approaching and organizations are planning their activities for 2016, so it seems like a good time to consider the importance of fraud prevention efforts. The numbers are stacked against recovery — 58 percent of the victim organizations in the ACFE’s 2014 Report to the Nations recovered none of their losses — so thinking through how best to mitigate fraud risk is an important exercise. It’s my hope that you gave this consideration throughout the year. In the event you didn’t, there is no better time than the present to start.

One of the most common questions I hear from organizations is, “what can I do to prevent fraud in my organization?”  While I wish I had a great answer to that question, completely preventing fraud is nearly impossible and there is no guarantee that fraud will not occur. However, it is possible to mitigate and manage fraud risks with internal controls (FYI – trust is not one of them).

Based on the information in the Report to the Nations, proactive data monitoring/analysis was the most effective anti-fraud control. When looking at cases where this control was present compared to those where it was not, the report shows a 59.7 percent reduction in median loss and a 50 percent reduction in median duration. While this control is the most effective, it was far from the most common control. In fact, it was present in just over a third of all cases submitted.

Another of the most effective anti-fraud controls was surprise audits, which showed a 43.3 percent reduction in median loss and a 50 percent reduction in median duration. Again, this control was only present in about a third of all cases studied.

Hotlines are also near the top of the list of effective anti-fraud controls. Hotlines resulted in a reduction in median loss of 40.5 percent and median duration of 50 percent. Further, hotlines are responsible for tip-reporting, which is the most common method of detection, according to the report.

As 2016 approaches, many companies will likely wait until a fraud occurs to begin thinking through preventive procedures. I’ve highlighted three of the most effective anti-fraud controls in this post, and there are many others to consider. I hope you will take some time prior to the end of the year to consider what controls you have in place, and what controls you should consider adding, to help mitigate fraud in your organization. Here’s to a happy 2016!

Which Anti-fraud Controls Provide the Best Bang for Your Buck?

GUEST BLOGGER

Andi McNeal, CFE, CPA
ACFE Research Director

During International Fraud Awareness Week (Fraud Week), hundreds of organizations worldwide join together to promote the importance of fraud detection, deterrence and investigation. The proactive approach these organizations take to fighting fraud is notable, and it sends a clear message to their employees and the public — as well as to potential perpetrators — that management is serious about protecting the company from fraud.

As part of Fraud Week (and throughout the rest of the year), we encourage companies to examine their internal controls and assess whether they are effectively designed and operating to combat fraud. While undertaking this type of assessment, one of management’s most common concerns is whether the organization’s anti-fraud resources are invested in the most cost-efficient and effective preventive and detective controls. So how can organizations know which anti-fraud controls provide the best bang for their buck?

The ACFE’s 2014 Report to the Nations on Occupational Fraud and Abuse includes information that can help organizations gain insight into the answer to that question. And to highlight our findings in a way that we hope helps in making informed decisions about how to most effectively spend anti-fraud dollars, we also created an infographic on the impact of anti-fraud controls.

As part of our research, we examined the controls that were — and were not — in place at organizations victimized by fraud. This allowed us to identify trends that reflect the potential effectiveness of various anti-fraud controls, such as:

  • Organizations that engaged in proactive data monitoring and analysis suffered fraud losses that were approximately 60 percent smaller than organizations that did not.
  • Other controls associated with noteworthy reductions in median losses include employee support programs (such as addiction, family or financial counseling), formal management review procedures and a written code of conduct.
  •  Although tips are consistently the most common means by which frauds are detected, only 54 percent of the victim organizations in our study had a formal hotline in place at the time of the fraud, meaning nearly half of the companies were not optimally poised to detect the schemes at their organizations.
  •  External audits are widely used — 81 percent of victim organizations underwent financial statement audits at the time the frauds occurred — and they serve many useful purposes. However, these audits were responsible for uncovering just 3 percent of the frauds in our study, reflecting the need for organizations to not rely exclusively on this control as the primary means of fraud detection.

Our data also reinforces what so many anti-fraud professionals and small business owners inherently know — that small businesses are uniquely and particularly at risk for fraud. Across the board, small businesses have a much lower implementation rate of anti-fraud controls than larger organizations, which leaves them especially vulnerable to being victimized by dishonest employees.

International Fraud Awareness Week is a great time for anti-fraud professionals to download the infographic on the impact of anti-fraud controls and the full ACFE 2014 Report to the Nations, and to use these resources to educate and encourage managers and business owners about the need for wisely investing in fraud prevention and detection controls.

Reporting Misconduct Internally

SPECIAL TO THE WEB

Richard H. Girgenti, CFE; Meghan V. Meehan, CAMS
Contributing Writers, Fraud Magazine

With the passage of the U.S. Dodd-Frank Wall Street Reform and Consumer Protection Act and subsequent enabling rules, corporations face greater challenges in maintaining effective compliance programs. A key provision of the law allows whistleblowers to reap possible multimillion-dollar rewards for providing the Securities and Exchange Commission (SEC) with original information on alleged corporate wrongdoing.

After much public debate, the new law and related rules don't require whistleblowers to report knowledge of wrongdoing to their companies as a condition of eligibility for rewards. What's more, research shows that, despite the best efforts of many entities, most corporate environments usually fall short in alerting their employees of the importance of reporting misconduct internally and making them comfortable when doing so. With the U.S. federal government opening a reporting path straight to the SEC and adding a monetary incentive for employees to take that approach, many companies have strengthened their compliance programs and ensured that their cultures encourage employees to raise their hands high when they know something is amiss.

THE RULE

The SEC board members voted three to two on Aug. 12, 2011 to make the rule effective. The government can now consider a whistleblower for a reward if he or she voluntarily provides the SEC with original information, which leads to successful enforcement of a federal court or administrative action that includes monetary sanctions of more than $1 million. That reward is 10 percent to 30 percent of the total monetary sanctions.

The SEC considers the nature and severity of the misconduct to determine if the whistleblower may collect an award. With a few exceptions, the rule excludes the reward eligibility of senior managers with legal, compliance, audit, supervisory or governance responsibilities who may have learned of a reportable issue during the course of their duties. A whistleblower who may have engaged in wrongdoing may still be eligible for an award.

The SEC noted in the Annual Report on the Dodd-Frank Whistleblower Program that it had received 334 whistleblower tips on a variety of financial issues between Aug. 12 and Sept. 30, 2011, the most recent data available.


WHAT CAN COMPANIES DO?

Faced with the prospects of any fraud or misconduct issue becoming a federal case —possibly even before the organization itself learns of the problem — most companies have launched a reassessment of their internal fraud prevention and compliance programs with a particular emphasis on the adequacy of internal reporting mechanisms and incentives. 

Read the rest of this article and discover the 10 things companies are doing to ensure they have an efficient internal reporting system on Fraud-Magazine.com.