Business fraud For a company to be safe they must not just suspect fraud, they must assume fraud

. Although the thefts committed by senior management make up fewer actual incidents of loss, the average loss is huge in comparison to a lower employee’s average theft. One can die by a thousand cuts, however it is the senior, trusted person who can do the most damage, due primarily to their position of trust and their ability to override controls much more easily. "Internal fraud at companies is on the rise", says CNN's Jim Barnett, (http://edition.cnn.com/2011/10/18/business/business-fraud). He writes: "When it comes to business fraud, it's more often an inside job, (finding) 60% of frauds are committed by insiders." He adds that "Among companies that were impacted by fraud, junior employees were the most likely perpetrators at 28% followed by senior management at 21% and intermediaries for the company at 11%," The following is the Association of Certified Fraud Examiners 2012 Report Summary: Methods of Fraud in Small Businesses • Our research reinforces the point that the specific fraud risks faced by small organizations typically differ from those faced by larger organizations. • For example, corruption was observed to be the most prevalent fraud committed in larger organizations, occurring in nearly 35% of the reported cases in companies with more than 100 employees, compared to 28% of small business cases. • In contrast, billing schemes were the most common fraud committed in smaller organizations. • In addition, check tampering was three times as common and payroll and skimming schemes were noted almost twice as often in smaller organization than in their larger counterparts. Anti-Fraud Controls at Small Businesses • Due to their limited resources, small businesses can be especially devastated by a loss of funds to fraud. Unfortunately, however, resource restrictions in most small organizations often mean less investment in anti-fraud controls, which makes those organizations more susceptible to fraud. • Admittedly, several of the controls analyzed, such as a dedicated internal audit or fraud examination department, do require a significant amount of resources that likely would not provide an appropriate cost/benefit balance for small companies. • However, other anti-fraud measures – such as a code of conduct, anti-fraud training programs and formal management review of controls and processes- can be implemented at a marginal cost in many small organizations and can greatly increase the ability to prevent and detect fraud. • Organizations that utilized job rotation and mandatory vacation policies, rewards for whistleblowers and surprise audits detected their frauds more than twice as quickly as organizations lacking such controls. Perpetrator’s Tenure • We continue to see that tenure has a strong correlation with fraud losses. Individuals who have worked at an organization for a longer period of time will often enjoy more trust from their supervisors and co-workers, which can mean less scrutiny over their actions. • Their experience can also give them a better understanding of the organization’s internal controls, which enables them to more successfully carry out and conceal their fraud schemes. • Approximately 54% of fraud perpetrators had a college degree or higher. Perpetrator’s Department • The six most common departments in which fraud perpetrators worked were accounting, operations, sales, executive/upper management, customer service and purchasing. Scheme Type • Corruption was the most common scheme in every department except accounting, where billing fraud (31%) and check tampering (30%) were the two most common scheme types.

Perpetrators The fraudster living beyond his or her means (36%), experiencing financial difficulties (27%), having an unusually close association with vendors or customers (19%), and displaying excessive control issues (18%) were the four most commonly cited red flags in 2012.

Managing the Business Risk of fraud: a Practical guide, released by AICPA, (http://www.aicpa.org/Press/PressReleases/2008/DownloadableDocuments/Managing_the_Business_Ris k_of_Fraud.pdf) adds: "Large frauds have led to the downfall of entire organizations, massive investment losses, significant legal costs, incarceration of key individuals, and erosion of confidence in capital markets. Publicized fraudulent behavior by key executives has negatively impacted the reputations, brands, and images of many organizations around the globe"; and "Reactions to recent corporate scandals have led the public and stakeholders to expect organizations to take a ―no fraud tolerance‖ attitude". In "The Role of the Auditor in the Prevention and Detection of Business Fraud", (Citation: Farrell, Barbara R. and Joseph R. Franco,1999, SAS No. 82, Western Criminology Review 2/1, (http://wcr.sonoma.edu/v2n1/v2n1.html), Farrell and Franco) address the issue of how to deal with the issue of internal fraud: "In order to combat fraud and white collar crime in businesses, a concerted effort must be exerted by the management of the business, the external auditors, and by all employees of the business. Everyone must realize that fraud is not a victimless crime. ..Through adequate internal controls by management, better working environments for employees, more stringent requirements for external auditors, and codes of ethics for employees, everyone can start to combat frauds and defalcations within corporate America." They ask "so what, if any, are management’s responsibilities when it comes to the prevention or detection of fraud... Managerial Controls ... Organizations with one hundred or fewer employees have the greatest median losses per capita. Annual reports of management clearly state that management is responsible for the preparation and integrity of the financial information presented, and the company and management maintain a system of internal controls to provide for administrative and accounting controls. All professional literature makes it clear that the responsibility of internal controls, proper reporting, and the adoption of sound accounting policies rests solely with management, not the auditors." Examples they present include " strict internal controls, segregation of duties, and separation of functions". They add "Forensic accountants are retained in many business situations to analyze, interpret, summarize and present financial issues and situations in an understandable and supportable manner." The Pennsylvania Institute of Certified Public Accountants article "The Role of Management in Preventing Fraud" written by Francis D. Morris, CPA, ABV, CFF(2011) (http://www.picpa.org/Content/42310.aspx) supports the assertion that management's role is key. The article adds: "An ethical work environment is the cornerstone of fraud prevention. The ―tone at the top‖ is an organization’s ethical approach to doing business. A perception that management lacks ethical business practices may spread to the employees, opening the door to fraud risk..." "A fraud management program should begin with the implementation of a written code of ethics and code of conduct that is tailored to that organization...Management’s commitment to those ethics has to be real for it to work. If senior management doesn’t adhere to the code of ethics and best business practices, or winks at the guidelines as if they are not serious, the message won’t trickle down." The AICPA has developed in depth guidelines addressing this issue of internal fraud (http://www.aicpa.org/Press/PressReleases/2008/DownloadableDocuments/Managing_the_Business_Ris k_of_Fraud.pdf ). They identify 5 "key principles for proactively establishing an environment to effectively manage an organization’s fraud risk: 1) As part of an organization’s governance structure, a fraud risk management program should be in place, including a written policy (or policies) to convey the expectations of the board of directors and senior management regarding managing fraud risk. 2) Fraud risk exposure should be assessed periodically by the organization to identify specific potential schemes and events that the organization needs to mitigate.

3) Prevention techniques to avoid potential key fraud risk events should be established, where feasible, to mitigate possible impacts on the organization. 4) Detection techniques should be established to uncover fraud events when preventive measures fail or unmitigated risks are realized. 5) A reporting process should be in place to solicit input on potential fraud, and a coordinated approach to investigation and corrective action should be used to help ensure potential fraud is addressed appropriately and timely" They state that "personnel at all levels of the organization — including every level of management, staff, and internal auditors, as well as the organization’s external auditors — have responsibility for dealing with fraud risk. Particularly, they are expected to explain how the organization is responding to heightened regulations, as well as public and stakeholder scrutiny; what form of fraud risk management program the organization has in place; how it identifies fraud risks; what it is doing to better prevent fraud, or at least detect it sooner; and what process is in place to investigate fraud and take corrective action". "fraud risk management program, including related documents, should be revised and reviewed based on the changing needs of the organization, recognizing that documentation is static, while organizations are dynamic." The AICPA document is in-depth and points out numerous factors to consider, such as: "As part of the risk identification process, it is important to consider the potential for management override of controls established to prevent or detect fraud. Personnel within the organization generally know the controls and standard operating procedures that are in place to prevent fraud. It is reasonable to assume that individuals who are intent on committing fraud will use their knowledge of the organization’s controls to do it in a manner that will conceal their actions...an anti-fraud control is not effective if it can be overridden easily." The address numerous classifications of fraud, such as "Fraudulent Financial Reporting...Misappropriation of Assets...Corruption... Information Technology and Fraud Risk...Regulatory and Legal Misconduct... Reputation risk". Because ―fraud happens,‖ AICPA insists "it is essential that appropriate preventive and detective techniques are in place. Although fraud prevention and detection are related concepts, they are not the same. While prevention encompasses policies, procedures, training, and communication, detection involves activities and programs designed to identify fraud or misconduct that is occurring or has occurred...preventive measures are apparent and readily identifiable by employees, third parties, and others, detective controls are clandestine in nature. This means they operate in a background that is not evident in the everyday business environment... Although preventive measures cannot ensure that fraud will not be committed, they are the first line of defense in minimizing fraud risk." AICPA has developed both a Fraud Prevention Scorecard and a Fraud Detection Scorecard, each with approximately 30 areas of assessment. These are used to assess the current levels of fraud prevention and detection, prior to either implementing or improving a company's plan. Some examples of fraud prevention include: "We have addressed the strengths and weaknesses of our internal control environment adequately and have taken specific steps to strengthen the internal control structure to help prevent the occurrences of fraud."; "Our organizational structure contains no unnecessary entities that might be used for inappropriate purposes or that might enable less-than-armslength transactions or relationships"; "We have assessed fraud risk for our organization adequately based on evaluations of similar organizations in our industry, known frauds that have occurred in similar organizations, in-house fraud brainstorming, and periodic reassessments of risk"; and "We review the above fraud preventive mechanisms on an ongoing basis and document these reviews as well as the communication with the audit committee regarding areas that need improvement." Some examples of fraud detection include: "Our fraud detection processes and techniques pervade all levels of responsibility within our organization, from the board of directors and audit committee, to managers at all levels, to employees in all areas of operation"; "Our internal auditors report to the audit committee and focus appropriate resources on assessing management’s commitment to fraud detection"; "Our internal audit department is adequately funded, staffed, and trained to follow professional standards, and our internal audit personnel possess the appropriate competencies to support the group’s objectives";

"Our internal audit department performs risk-based assessments to understand motivation and where potential manipulation may take place." This subject of fraud is nicely summarized by AICPA: "Although fraud is not a subject that any organization wants to deal with, the reality is most organizations experience fraud to some degree. The important thing to note is that dealing with fraud can be constructive, and forward-thinking, and can position an organization in a leadership role within its industry or business segment. Strong, effective and well-run organizations exist because management takes proactive steps to anticipate issues before they occur and to take action to prevent undesired results." They also add that it can be wise "to engage independent outside experts to assess their fraud prevention techniques."

Sign up to vote on this title
UsefulNot useful