Risk Management Blog

cybersecurity

Who’s Putting Your Organization at Risk of Fraud?

Share on:

  • November 14 2018
  • Lowers & Associates

Who’s Putting Your Organization at Risk of Fraud?

by Lowers & Associates | November 14, 2018
who's the fraudster?

Many times, occupational fraud is committed by an employee or third-party partner who is experienced and trusted. Which of your employees—or leaders—is likely to flip over to the dark side? And why?

The 2018 Report to the Nations on Occupational Fraud and Abuse provides valuable information on these questions. This tenth edition of the Report, published by the Association of Certified Fraud Examiners (ACFE), is based on data from almost 2,700 cases of occupational fraud submitted by Certified Fraud Examiners (CFEs) worldwide. While not a random sample, the selected cases aggregate a huge amount of descriptive information that managers can use to evaluate their own organizations.

Here are a couple of key takeaways about the question of “Who?” in the fraud equation:

  • Anyone and everyone is a potential fraudster, but organizations must be aware that those in long-tenured, high authority positions can present a greater risk. Fraud prevention programs have to recognize this fact and plan extensive monitoring and controls to mitigate the risk.
  • Identifying a potential fraudster can be difficult. Background checks can help, but some previous fraudsters may not have bad information in the public record. The fraud triangle of “red flag” factors on issues of motivation and opportunity may help to identify risks.

Longer-tenured, higher-authority = greater risk.

One hard lesson from the Report—which is consistent over all 10 editions—is that owners and executives are a big risk in terms of fraud. They commit only one-fifth of the total frauds, but the median loss when they do go off the rails is $850,000, more than 5 times greater than managers ($150,000 median loss) and 17 times greater than regular employees ($50,000 median loss). One reason people with greater authority cause more damaging frauds is that they are able to evade detection longer: owner/executives hide for 24 months; ordinary employees only 12.

Owners and executives have the most access to the organization’s assets, and also have authority over some of the controls and processes established to deter fraud. They are also more likely to collude with others, and their frauds are more likely to be discovered by an external auditor or law enforcement. This argues for putting a risk management plan in place before fraud occurs, and to make sure the plan includes provisions for monitoring executive behavior as well as extensive controls on regular operations.

47% of occupational frauds reported were perpetrated by people with six or more years tenure with the organization. These long-term employees also stole far more money. In aggregate, the long-term employees caused much higher total losses than those who were with the organization less than six years. The length of tenure increases loss in all types of jobs, but the higher the authority the greater the loss. Both authority and tenure operate to increase the losses.

Follow the money.

By department, the data tends to say, ‘follow the money’. The two biggest threats come from upper management and accounting (with the high authority individuals by far the bigger threat). The single most common type of fraud is corruption, which strikes hardest in executive/upper management, and purchasing. Both of these departments are likely to be linked to both internal and external networks, which may foster systematic (often collusive) corruption.

Occupational fraud is estimated to have cost over $7 billion dollars in 2017. The warning to organizations is clear. There is no absolute certainty about the likelihood of any given employee committing a fraud. The organization’s best response is systematic fraud prevention aimed at all levels and functions of the organization.

ABOUT THE AUTHOR

Lowers & Associates provides comprehensive enterprise risk management solutions to organizations operating in high-risk, highly-regulated environments and organizations that value risk mitigation.
View all posts by Lowers & Associates >