Forensic accountants stress that the best way to prevent fraud is to establish an efficient control system.
How much should you spend on such a system? What mechanisms have worked best for other companies?
And, perhaps, most importantly – What is the price of doing nothing?
The Association of Certified Fraud Examiners and other groups provide the guidance below.
An efficient control system should include:
- A strong control environment influenced by management’s philosophy of ethical behavior and strong corporate governance policies
- A solid accounting system that ensures proper recording, classification and reporting of all transactions
- Tight procedural controls that provide for safeguarding of assets, proper authorizations, audit mechanisms and proper documentation
It’s helpful to know how most frauds are discovered before you decide which measures would work best for your organization. The ACFE says most frauds committed in their latest study of nearly 1,400 organizations victimized by fraud were detected by tips. These tips came from vendors, customers, employees and anonymous sources. The ten primary ways fraud was detected are:
- Tips (43.3 percent)
- Management review (14.5 percent)
- Internal audit (14.4 percent)
- Accident (7 percent)
- Account reconciliation (4.8 percent)
- Document examination (4.1 percent)
- External audit (3.3 percent)
- Notification by police (3 percent)
- Confession (1.5 percent)
- IT controls (1.1 percent)
This clearly demonstrates the importance of having a strong internal control environment, a mechanism of reporting tips and abuses to someone who will react accordingly, and external and internal audit services regularly performed.
Losses experienced by fraud
The average amount of loss by businesses that are victims of fraud is about $140,000, according to the latest figures by the Association of Certified Fraud Examiners.
Note the comparison to the list above. As seen by the amounts listed below, organizations that were more proactive with internal audits, management and IT controls had smaller average losses than those eventually discovered through the police, external audit or confession.
- Notification by police: $1 million
- External audit: $370,000
- Confession: $225,000
- By accident: $166,000
- Tip: $144,000
- Account reconciliation: $124,000
- Management review: $123,000
- IT controls: $110,000
- Document examination: $105,000
- Internal audit: $81,000
Industries most likely to experience fraud
The industries currently experiencing the most incidents of occupational fraud, in order of number of occurrences, are:
- Banking/Financial Services (16.7 percent)
- Government and public administration (10.3 percent)
- Manufacturing (10.1 percent
- Health care (6.7 percent)
- Education (6.4 percent)
- Retail (6.1 percent)
- Insurance (5.7 percent)
How much should you spend?
Because of fraud’s disastrous consequences, failure to implement safeguards could jeopardize your business. The ACFE estimates that fraud costs typical U.S. companies 6 percent of their annual revenues.
Determining how much your company should spend to safeguard itself is difficult to estimate. The ACFE doesn’t recommend how much an organization should spend on compliance. But at the very least, a means for employees to give anonymous tips should be instituted, as well as a system of checks and balances and regular internal audits.
Fraud prevention costs could vary significantly and are based on a number of factors. For example, you may be forced to conform to industry-specific regulatory compliance (banking, financial or insurance) or operate in an industry more prone to occupational fraud.
In some cases, it becomes a judgment decision. What would you spend to safeguard your organization from losing 6 percent of your annual revenues?
Various studies analyzing Sarbanes-Oxley (SOX) corporate governance reforms have been conducted. SOX reforms have cost public companies millions of dollars. One study found that the average cost of compliance for private firms was $50,000, whereas public companies reported that costs were close to $3 million.
An industry rule of thumb says that a company should plan to spend about $1 million on SOX compliance for every $1 billion in annual revenue, but many companies spend more.
The incidence of fraud is now so common that its occurrence is no longer remarkable, only its scale. By failing to protect your organization, you can expect to become a victim of fraud at some point in the future and become a statistic in the ACFE’s next study.