Fraud happens in businesses of all types, sizes and levels of sophistication. Though it can occur at any level of an organization, fraud more frequently happens at the management level or above. A 2014 report by the Association of Certified Fraud Examiners (ACFE) found that 36 percent of those who committed fraud were mid-level managers. Most were male and 87 percent were first-time offenders.
“Upper-level employees are more likely to be entrusted with sensitive information and may be able to override controls,” says J.W.Wilson, CPA, a partner in accounting and auditing services at Clarus Partners. “However, having a profile of a common perpetrator isn’t enough for an organization to stop fraud.”
Smart Business spoke with Wilson about fraud, its effect and what organizations can do to detect and mitigate it.
What are the more common types of fraud and what can they cost an organization?
There are two categories of fraud that are most common: misappropriation of assets and misstatement of financial statements. Asset misappropriation is a scheme through which employees steal or misuse an organization’s resources — for instance, false billing, inflated expense reports or outright theft of company cash. Misappropriation of assets is the most common, but it’s the least costly, averaging around $130,000 per loss.
Financial statement fraud is a scheme through which employees intentionally cause a misstatement or omission of material information in the organization’s financial statements. That could mean recording fictitious revenues, understating expenses or artificially inflating assets. Though financial statement fraud is the least common type of fraud, it’s the most costly, averaging $1 million per loss.
In general, fraud costs businesses in the U.S. billions of dollars each year. Typical acts of fraud costs businesses between $10,000 and $500,000. But in addition to costing businesses money, fraud also hurts productivity and company morale. Fraud can damage the reputation and customer relationships of the business, which can take significant time and energy to repair.
How is fraud typically detected?
Most often fraud is detected by an employee of the organization who then reports the fraud to someone internally.
Because staffers are most likely to identify and report fraud, it’s a good idea to put in place a fraud hotline or reporting system. In making employees aware of the hotline, consider communicating to whistleblowers that they will be protected from any reprisal, and that they could earn a financial reward if they’re willing and able to give useful information to law enforcement.
What are internal control reviews?
An internal control review is an overall assessment of the internal control system and the adequacy of that system to address the risks of the organization. They can highlight weaknesses in a company’s internal control structure or expose processes that could be strengthened to maximize efficiency. Detailed recommendations would be given to help mitigate risk or strengthen areas of identified weakness.
Most often, a company’s board, the owner or CFO requests internal control reviews. But it’s a good idea to perform a review every three to five years or more often if there is significant change in the company.
What should companies do once they have the results of their internal control review?
Management should work to implement the recommendations pulled from the findings of the internal control review and ensure that they are in place. Going forward, management should regularly communicate reminders of policies and procedures to the company, and periodically review the procedures and check that they are consistently being followed.
Research by the ACFE indicates that the typical organization loses 5 percent of revenues each year to fraud. While that 5 percent is certainly a chilling average, consider that the median losses from fraud for businesses with less than 100 employees are around $147,000. A loss of that size could be devastating for a midsize business.
Companies should understand that fraud could happen anywhere. Strong internal control policies and procedures are the best way to help minimize this risk.
Insights Accounting is brought to you by Clarus Partners