It’s an even year, which means that all who work towards the minimisation of fraud in the workplace look forward to publication by the Association of Certified Fraud Examiners (ACFE) of its biennial ‘Report to the Nations’.
The recently-released 2018 Global Study on Occupational Fraud and Abuse is based on 2690 cases in 125 countries, the investigations of which were concluded in the period between January 2016 and October 2017. The analysis provides us with valuable insights into the prevention and detection of occupational fraud – fraud perpetrated against a victim organisation by one or more of its own employees.
In this article we highlight some of the practical implications of the study and draw your attention to the ways in which its interesting analyses can support your risk assessment and internal control programmes. You can find a link to the full ACFE 2018 Global Survey report at the end of the article.
The 2018 anti-fraud heroes: internal controls and hotlines
If you are to take just two findings from the comprehensive study, they should be of the importance to fraud detection and impact minimisation of a wide-range of internal controls including a hotline.
Each of the 18 internal control methods surveyed were associated with quicker detection and a reduction in the extent of loss suffered to fraud.
When initial sources of fraud detection are analysed, the single largest source by far was tips (40%), well ahead of internal audit (19%) and management review (12%).
The report drills down in its review of the types of internal control and their relative contribution, and analyses the source of tips. For example, while overall detection was attributed to tips in 40% of cases, in organisations with a hotline in place this rose to 46% but dropped to 30% in the absence of a hotline. The difference in the extent of loss suffered by organisations with and without hotlines is marked: those without a hotline suffered 50% greater losses to fraud schemes than those that did.
Other key findings
The most frequently-reported fraud schemes are not necessarily the most significant when analysed on a loss per incident basis. For example, asset misappropriation schemes take place more frequently than other scheme types, but the loss associated with less-common financial statement fraud is far higher.
Smaller businesses, those defined as employing less than 100 employees, are particularly vulnerable to fraud, reporting far more cases per organisation and a significantly higher median loss per incident than did larger organisations. The comparatively higher levels of personal trust and lower levels of internal controls that are seen in smaller businesses are likely contributors to this higher vulnerability.
Profiling the fraud perpetrator
It is important not to over-stereotype fraud perpetrators or lose sight of the fact that fraud can be perpetrated by employees of all ages and levels, but when the extent of loss suffered by victim organisations is analysed, some interesting trends are evident.
For example, the median extent of loss from fraud increases with the age, level of authority, level of education and length of service of the perpetrating employee.
The results again show that fraud perpetrators are predominantly male, even when the higher representation of men in senior positions is taken into consideration. Furthermore, the median loss suffered when a fraud is perpetrated by men is higher than that for women.
Of interest is the finding that 85% of the fraud perpetrators had not been previously punished or dismissed for fraud, and 89% had no criminal conviction. Around half of the fraudsters in question were ‘lone operators’, while the balance worked in collusion with others.
Behavioural red flags to look out for
One of the particularly interesting and useful sections of the report deals with the question of whether, in retrospect, there were evident behavioural ‘red flags’ that should have pointed to the possibility that something could be going amiss.
An astounding 85% of fraud perpetrators were reported as having evidenced at least one of the 18 possible red flags surveyed, and 50% of the fraud perpetrators were assessed as having displayed multiple red flags. Of the 18 red flags, the top three behaviours evidenced prior to detection were:
- Living beyond one’s means: 41% of fraud perpetrators
- Being in financial difficulty: 29%
- Having a particularly close relationship with a supplier or customer: 20%
These findings highlight the importance of observing and responding to behavioural red flags in the workplace and give clues as to the internal controls and ethics policies and procedures that can be put in place to ensure early detection. Early detection is highly desirable – the report shows that the duration of the fraud schemes prior to detection ranged between 12 and 24 months and that, not surprisingly, the longer a scheme operates undetected the larger the loss to the victim organisation.
Eight ways to use the 2018 ACFE Report to the Nations in your anti-fraud efforts
As an anti-fraud specialist or supporter you will find a wealth of value in the full report. Rather than be daunted by its length, consider the following ways in which it can help you in your work:
- Access and use the excellent infographics: Go to the ACFE website at http://www.acfe.com/ and access the separate document containing the report’s charts and graphs in PDF or JPEG form – ideal for inclusion in board presentations and employee awareness sessions. Non-members of ACFE simply have to provide their name and email address to get to the download page.
- Analyse fraud cases by the region/s in which you operate: Two-pager, infographic reports for each of the nine regions from which fraud cases were drawn can be found between pages 56 and 73. These can help you understand fraud trends in your own region and to assess geographic fraud risk if you have cross-border responsibilities.
- Identify the most critical anti-fraud controls by type of fraud scheme: By identifying control weakness types for the fraud cases analysed, it is possible to see which internal control types are most effective in deterring different types of fraud schemes. See especially page 26 and the figure on page 32.
- Understand the types of fraud most likely in different functions: Improve your fraud risk assessment by understanding the types of fraud most prevalent by department. For example, billing fraud is the most common type occurring in accounting departments while corruption (bribery and conflicts of interest) is most common in procurement. Refer to figure 29 on page 38 for a comprehensive analysis of fraud by function.
- Learn about fraud risk by sector: Anti-fraud professionals, especially external providers, will find information about the types of fraud risk most typically found in each industry sector especially useful. These insights, in figure 26 on page 25, will support your risk analysis and internal control implementation priorities.
- Use the ACFE Fraud Protection Checklist: This useful, high-level checklist can help you benchmark your organisation’s anti-fraud control processes against best practices. Find it on pages 76 – 77 of the report.
- Demonstrate the value added by your internal control activities: A most useful aspect of the report is the independent and credible data it provides on the impact of fraud on organisations. The data can help you motivate for the value of and investment in internal control functions. For example, it will be easier for you to motivate an investment in IT-based controls when you show that it is the control method associated with the earliest identification of a scheme and consequently the lowest level of loss. The extent to which the various internal controls impact on loss is powerfully captured in figure 18 on page 28.
- Raise non-financial employee awareness of fraud using the ACFE ‘fraud tree’: The Occupational Fraud and Abuse Classification System, also known as the fraud tree and presented in graphic form on page 11, is an excellent basis for your non-financial employee fraud awareness training.
Reflecting on the 2018 ACFE global study, Dale Horne, director at Whistle Blowers Pty Ltd, independent hotline provider to 26 countries on six continents, says that it is interesting to note that of the nine world regions surveyed, it is in the Sub-Saharan Africa region that the median loss per fraud incident is lowest. While still material, the median loss of US $90 000 per incident in Sub-Saharan Africa is far lower than in, for example, the US or Middle East-North Africa regions (median loss of US $200 000) or the Asia-Pacific region where median fraud loss peaked at US $236 000.
Welcoming the strong evidence in support of the role of hotlines in fraud detection, Horne adds that occupational fraud is just one of the many types of workplace misconduct being picked up by hotline tips today. He notes that the high vulnerability to fraud of organisations employing 100 or less, coupled with the lower percentage of tips they receive, points to the cost-effective anti-fraud role that hotlines could be playing in this sector.
He highlights another interesting statistic from the 2018 report: while the majority of tips (53%) are made by employees, customers and suppliers are together responsible for a further 29% of tips. This shows the importance of the current trend by organisations to promote their hotlines out into their supply-chains.
If you are interested in putting an independent hotline in place to strengthen your anti-fraud and ethics programmes, visit the Whistle Blowers website at www.whistleblowing.co.za and contact firstname.lastname@example.org. You can download the full 2018 ACFE Global Survey report from the Whistle Blowers’ website here.
Written for Whistle Blowers by Penny Milner-Smyth