Workplace fraud: Categories, threats and key steps to reduce risk
INSIGHT ARTICLE |
Without question, acts of fraud and corruption are a real threat to globally active businesses both large and small. Three-quarters of executives polled in RSM’s 2016 Global Corruption Law Compliance Survey reported their companies had some exposure to fraudulent activity in the past year. While cybercrime was rated as the No. 1 issue, internal threats continue to worry our C-suite survey respondents.
While the risk of fraudulent activity appears to be of concern to business leaders, their fraud response strategies vary. In our survey, just 38 percent of companies that reported being victims of recent fraud took time to conduct an internal investigation that fully assessed both the causes of the incidents and the extent of economic harms. This is despite the high costs of fraud. According to the Association of Certified Fraud Examiners (ACFE), organizations may lose roughly 5 percent of their total revenues, on average, in any given year to fraud. What’s more, nearly a quarter of reported incidents resulted in at least $1 million in economic damage.
Major categories, threat points for fraudulent activity
Generally speaking, workplace fraud fits into three categories: asset misappropriation, corruption and financial statement schemes. Here’s a closer look at each segment:
- Asset misappropriation. Next to cybercrime, which 43 percent of our survey respondents said was a potential business vulnerability, this form of fraud ranked second in the rankings of fraudulent threats (31 percent). Asset misappropriations often occur in companies that lack strong internal controls, and specific fraudulent acts in this category include theft of cash on hand, cash skimming from business accounts, illegal disbursements (such as billing, payroll or expense reimbursement schemes) or inventory-related thefts. The median global loss in an asset misappropriation case last year was $125,000, and this segment historically has the lowest losses of the three major fraud categories tracked by the ACFE.
- Corruption. This category involves acts of bribery (commercial or governmental), conflict of interest activity (such as sales or purchasing schemes), illicit gifts, and economic extortion potentially involving business leaders, employees or third-party business partners. Corruption cases are more commonly found in larger companies and may involve violations of the Foreign Corrupt Practices Act (FCPA) or other global corruption laws. The ACFE reported last year’s global median loss at $200,000 for this type of illicit activity.
- Financial statement schemes. While only about 15 percent of our survey respondents identified this type of scheme as a major threat, it’s important to note that it is also the most expensive form of fraud. According to the ACFE, global median losses stood at $975,000 per occurrence last year. Financial statement fraud generally involves overstatements or understatements of key financial data, such as revenues, liabilities, expenses and asset valuations.
Where is organizational fraud most likely to be found? In our 2016 Global Corruption Law Compliance Survey, 43 percent of business leaders said the sales department was the highest-risk launch point for fraudulent activity, followed by the accounting, operations, procurement, marketing and executive management areas of a given company.
Tips to mitigate fraud risks
While it’s likely that fraud assessment, prevention and detection is a growing business priority in most companies, the data noted above clearly shows why it can be an expensive mistake to overlook.
The following are five quick steps executives can take in an effort to reduce the potential harm of fraudulent activity to their organizations.
Stress individual accountability. While there’s a widely held perception that the repercussions of workplace fraud rest largely on companies, that tide may be turning. In late 2015, Deputy U.S. Attorney General Sally Yates emphasized a new push for individual accountability in the Department of Justice’s fraud and corruption enforcement efforts, noting in part via a Justice Department memo that “both criminal and civil corporate [fraud] investigations should focus on individuals from the inception of the investigation.” Consistent with this, nearly 80 percent of FCPA enforcement actions in 2015 focused on individual actors.
Review and strengthen internal controls. According to the ACFE’s most recent report, nearly 30 percent of all companies where fraud was discovered had little or no internal controls in place.This is an important finding, since 44 percent of all reported frauds in the United States last year were detected via management reviews, internal audits, account reconciliations, document examinations, external audits or information technology (IT) control procedures. In fact, the ACFE noted that companies with strong internal controls reported median losses that were 54 percent lower than peers without those detection tools, while detecting fraudulent activity twice as fast.
In addition, another 20 percent of reported frauds involved overrides of existing internal controls. The latter can be an especially challenging for small to midsized companies, since it typically involves a senior leader with the ability to work around these checkpoints. For that reason, a sound preventive step for smaller organizations may be to delegate more oversight to a board audit committee, which can flag and address any potential override activity.
Encourage use of tip and fraud hotlines. Tips have long been a vital tool for uncovering fraud, which raises the importance of having a reporting system for employees and third-party stakeholders. In our Global Corruption Law Compliance Survey, 70 percent of all respondents reported having a whistleblower hotline for their workers. As a whole, professional services firms were the most likely to offer employee hotline resources, while just over four in 10 manufacturing companies did so. However, since tips from customers, vendors and other parties can also provide valuable information, business leaders should also consider email, online or paper mail reporting avenues to help those external stakeholders report illicit acts.
Use low-cost anti-fraud efforts. Time and time again, the relative impact of fraud has weighed more heavily on small and midsized companies. The biggest reason for the disparity: Large firms are more likely to have anti-fraud controls in place and typically have greater financial and human resources with which to monitor, prevent and recover from fraudulent activity. Still, there are several low-cost steps smaller businesses can take to reduce their risks. These include implementing a written code of conduct; fraud training for employees, managers and executives; and well-documented and publicized anti-fraud policies. All of these tools are inexpensive and have been shown effective in helping companies prevent or reduce fraud losses.
Set a consistent tone at the top. All other steps previously mentioned will provide little value if senior leaders do not set clear ethical boundaries and demonstrate consequences for behavior outside of those areas. The big picture of what is—and is not—acceptable in corporate culture typically resides in a code of conduct, though it may also be part of the organization’s stated mission, vision and values. As noted above, fraud training for executives, managers and all employees can be a great tool for reinforcing expectations for an ethical work environment.
While a strong leadership tone is crucial, actions that dovetail with the message are also required. Organizations should implement policies that minimize workplace fraud opportunities. This may include ensuring firm separation of duties for staff in areas with high fraud risks such as the procurement, accounting and finance departments. Further, firms may mandate that such staff take a defined period of time off each year (such as one or two weeks taken in a block of time). This control step makes it harder for a single employee to operate a fraud because it requires others to handle their specific duties while they are on vacation. Mandatory job rotations can also serve a similar purpose as minimum defined vacation time.