Mitigating Fraud Risk in a Changing Environment

The Association of Certified Fraud Examiners (ACFE) recently released the 12th edition of the largest global study on occupational fraud, Occupational Fraud: A Report to the Nations.

What is fraud risk?
Fraud Risk is the risk of unexpected financial, material, or reputational loss as the result of fraudulent action of persons (internal or external) to an organisation.

Occupational fraud includes a wide variety of schemes, and the ACFE has attempted to capture every type in The Fraud Tree. ACFE defines expense reimbursement fraud as a fraudulent disbursement scheme in which an employee makes a claim for reimbursement of fictitious or inflated business expenses. Many organisations entrust the employees with self-reporting of business expenses for reimbursement.

Invoice fraud involves a scammer notifying your company that supplier payment details have changed and providing alternative bank details to defraud your business. Funds are often quickly transferred so recovering money from fraudulent accounts can be extremely difficult.

What are some of the key findings of the report?
The study forming the basis of the report covered 2,110 cases of fraud across 133 countries and causing total losses of more than $3.6 billion (at an average loss per case of $1.78m).

Certified Fraud Examiners estimate that organisations lose 5% of revenue to fraud each year. Of the various schemes, asset misappropriation is the most common (86% of cases), but least costly ($100k median loss) and financial statement fraud schemes were the least common (9% of cases) but most costly ($593k median loss).

Concerningly, a typical fraud case lasts 12 months before being detected, causing a loss of $8,300 per month. Only 6% of perpetrators had a prior fraud conviction. Of the cases in the study, 40% involved more than one of the three primary categories of occupational fraud.

The top 5 industries which suffered the highest median losses were real estate, wholesale trade, transportation & warehousing, construction, and utilities. Nearly half of all cases came from 4 departments – operations, accounting, executive/upper management, or sales.

Technology can help close the loopholes
The presence of anti-fraud controls is associated with a reduction in fraud losses and quicker fraud detection. Nearly half (49%) of the cases were due a to either a lack of internal controls, or an over-ride of existing controls. Only 81% of victim organisations modified their fraud prevention controls (that means 19% did nothing!) – and of those, 75% increased review procedures (throwing people at the problem) while only 64% invested in proactive data monitoring/analysis to combat and prevent fraud.

The shift to hybrid/flexible working has increased the potential risk of fraud, as policies and spend categories shift, and attention is focussed on other aspects of the business.

The key to proactively and effectively managing fraud, is the underlying data – capturing data accurately at a transactional level together with an electronic supporting document, systematically recording appropriate approval workflows and change logs, and leveraging external data points as sources-of-truth throughout the process.

Combine that data with the increasing availability and affordability of technology such as artificial intelligence & machine learning, and many of the manual reviews, disconnected processes and silos of data can be systematically reviewed. Audit software can analyse 100% of transactions, spot trends in data and highlight suspicious or high-risk items for further investigation, making the audit process scalable and far more efficient.

Based on the Report to the Nations, there is arguably an opportunity to build a business case and invest in the right technology to create a robust compliance and audit process, and there is an undeniable cost of doing nothing.