Managing the Business Risk of Fraudulent ActivityFebruary 05, 2010
By Michael DiGiacomo, CPA, CFE, CFF, CIRA
In the 2009 business world, the unfortunate reality is occupational fraud is everywhere, and it is costing businesses enormous amounts of money when it goes unchecked and undetected.
While it is impossible to determine the true breadth and depth of this form of crime, reliable estimates show that this year, nearly $1 trillion in business revenues will be lost to fraudulent activity. On average, occupational fraud schemes last up to two years before they are detected, with a median loss of $175,000. In more than 60 percent of the cases, the amount lost is more than $100,000; in one out of every four cases, $1 million or more is lost.
Occupational fraud is the use of one's occupation for personal enrichment through the deliberate misuse or misapplication of the employing organization's resources or assets. It is an intentional act or omission designed to deceive others, resulting in the victim suffering a loss and/or the perpetrator achieving a gain. Occupational fraud schemes can be as simple as pilfering company supplies or as complex as sophisticated financial statement frauds. It is a significant problem faced by organizations of all sizes. Unfortunately, it is not a problem that is easily solved.
Fortunately, businesses can take steps to uncover fraudulent activity and significantly decrease the likelihood of it ever occurring by implementing a fraud risk management program. This is a comprehensive, organization-wide approach that is designed to protect against significant acts of fraud.
Before one attempts to design a program to prevent fraud, there needs to be an understanding of why fraud is committed. There are numerous means to commit fraud, but the primary reasons why fraud exists are pressures to meet goals or to seek personal gain. Perpetrators often do not consider their actions fraudulent or unethical.
Knowing how frauds are most-likely detected is another important element in designing a fraud prevention policy. A robust internal control structure is an integral component in fraud prevention, but internal controls can be circumvented. Statistically, fraud is more likely to be discovered by a tip than by any other means, including internal controls.
Employees can be an organization's best resource against fraudulent behavior. Many times employees may be aware of unethical or fraudulent behavior in the workplace but do not know what to do when they suspect it. Other times employees may witness something but choose not to speak up because they are uncertain if the behavior is in fact unethical or fraudulent. Organizations should develop written ethics and fraud policies and conduct fraud awareness training for their employees, including what constitutes fraudulent or unethical behavior and what to do if it is suspected. Such policies and procedures will not entirely prevent fraud from happening, but they clearly communicate that the organization will not tolerate unethical behavior.
Organizations should also perform periodic fraud risk assessments to identify inherent fraud risks, assess the likelihood and significance of such risks and respond to reasonably likely and significant risks. It may not be cost-beneficial to design controls to prevent all fraud risks, but high likelihood and significant risk should be addressed with either preventive or detection controls.
Vigilant handling of fraud cases within an organization sends clear signals to employees about management's attitude toward fraud. Employees will be less inclined to commit fraud if they know management is serious about preventing and detecting it. Planning ahead to militate against fraud is a wise move, and could mean major cost savings for an organization.
For more information, please contact Michael DiGiacomo at firstname.lastname@example.org or 203.944.8670.