May 22, 2020
Could your organization be the next victim of fraud in an increasingly tense global marketplace? No one wants to believe that their trusted employees would steal assets or manipulate financial information for criminal purposes. But fraud is more common — and costly — than you might think, especially for smaller organizations.
A new study sheds light on some eye-opening statistics about fraud in the workplace, along with ways to prevent and detect occupational fraud scams.
The Big Picture
Every two years, the Association of Certified Fraud Examiners (ACFE) publishes a study detailing the costs, schemes, perpetrators and victims of occupational fraud. The Report to the Nations: 2020 Global Study on Occupational Fraud and Abuse was just released. It covers more than 2,500 cases of white-collar crime, occurring in more than 125 countries.
Consistent with the previous biennial study, the 2020 report estimates that the typical organization loses 5% of its revenues each year to fraud. Based on the latest Commerce Department estimate of 2019 U.S. gross domestic product ($21.4 trillion), domestic organizations lost about $1 trillion to fraud last year.
How much revenue did your company report in 2019? Multiply that amount by 5%. That’s a baseline estimate for how much you might have lost to occupational fraud over the last 12 months. The calculation can be sobering for many small business owners who adopt an “it-can’t-happen-here” mindset.
The ACFE study exposes only the tip of the iceberg, however. Many frauds go undetected or unmeasured. Plus, some losses are indirect, including lost productivity, reputational damage and the related future loss of business. In other words, the true losses from asset misappropriation, corruption and financial statement fraud are probably much higher than the study suggests. Many of these losses are never fully recovered.
Fraud investigations also can be costly, so some organizations cut their losses by simply terminating — but not fully prosecuting — white collar criminals. In the latest survey, 41% of the occupational frauds were never reported to law enforcement. The ACFE notes that there’s a general trend for organizations to resolve fraud cases internally or privately rather than through the criminal justice system.
A Closer Look
The 2020 report contains a lot of statistics about the global fraud crisis. Here are some key facts that every organization should know:
Median losses. Globally, the median loss caused by the frauds in the 2020 study was $125,000, down from $130,000 in the 2018 study. However, losses tend to be higher for smaller organizations. The 2020 study reports that the median loss for organizations with fewer than 100 employees was $150,000.
Duration. The longer fraud schemes go undetected, the more financial losses they tend to cause. From start to finish, the median fraud scheme took 14 months to uncover. This finding is consistent with the median duration in the 2018 study.
Perpetrators. The biggest fraud losses were caused by owners and executives. Most fraudsters had no previous criminal record. But, before being caught, many white-collar criminals exhibited classic red flags of fraudulent behavior, such as living beyond their means, unusually close ties with vendors or customers, and financial difficulties in their personal lives.
Important: Frauds scams are an unfortunate side-effect of the novel coronavirus (COVID-19) pandemic. (See “COVID-19 Crisis Opens Doors to Small Business Frauds,” below.) Financial distress — for example, because of a pay cut, reduced work hours or the loss of a spouse’s income — can provide a powerful motivation for an employee to resort to fraud. Talk to employees during the crisis and provide support to those who are struggling to make ends meet. Your organization can’t afford to become lax about anti-fraud measures during this difficult time. Consider using any downtime during the pandemic to implement stronger internal controls.
To Catch a Thief
The 2020 study reports that the top three methods of detection were:
- Tips (43%),
- Internal and external audit (19%), and
- Management review (12%).
Half of the fraud tips in the study came from employees; 22% were from customers. Phone hotlines help people report suspicious behaviors. Over the last decade, the use of such hotlines has increased 13% globally. While this approach remains popular, many companies now allow whistleblowers to submit tips via email and online portals, too.
The study found that organizations with hotlines detect frauds more quickly and lose less per incident than those without hotlines. Specifically, the average duration of frauds at victim-organizations with hotlines was 12 months (compared to 18 months without). And the median loss at victim-organizations with hotlines was $100,000 (compared to $198,000 months without).
The study also reveal that companies are investing more in training to help educate insiders about the warning signs of fraud and how to report coworkers who engage in suspicious behaviors. Over the last decade, the use of training to prevent and detect fraud has increased 11% for employees and 9% for managers and executives. The ACFE reports that fraud training combined with a formal reporting mechanism dramatically increases the likelihood that your organization will receive fraud tips.
Fraud training also sends a powerful message about your intention to fight fraud no matter where it originates. Employees must perceive a high probability that fraudulent activity will be detected. The perception of detection is often enough to dissuade those inclined toward unethical behavior.
Robust internal controls are another effective defense against fraud. What are the critical elements of an internal control system? In terms of lowering fraud losses, the most effective internal controls in the 2020 study were:
|Control||Percent Reduction in Fraud Loss|
|Code of conduct||51%|
|Management certification of financial statements||50%|
|External audit of internal controls over financial reporting||50%|
On the flipside, weak internal controls often provide dishonest people with the opportunity to steal assets or “cook the books.” In the 2020 study, leading factors that contributed to fraud include:
- Lack of internal controls,
- Ability to override internal controls, and
- Absence of management review.
Together, these factors were present in two-thirds of the fraud cases in the latest study. In addition, the 2020 study revealed that 28% of frauds at larger organizations were caused by a lack of internal controls. In contrast, 43% of frauds at small organizations stemmed from weak controls.
The ACFE concludes:
“Our data shows that there are clear opportunities for small businesses to increase their protection against fraud. Adopting a code of conduct and an anti-fraud policy, having managers review the work of their subordinates, and conducting targeted anti-fraud training for employees and managers are all measures that are correlated with significant reductions in fraud losses, yet each was implemented by fewer than half of the small businesses in our study.”
Your financial advisors can help reinforce your internal controls and investigate if you suspect fraud. Doing so can potentially save your organization thousands, if not millions, of dollars in losses and put everyone on alert that fraud won’t be tolerated.
COVID-19 Crisis Opens Doors to Small Business Frauds
From the terrorist attacks on 9/11 to Hurricane Katrina in 2005, con artists have piggybacked off national disasters to commit fraud. Today, the Federal Trade Commission (FTC) reports that fraud cases have skyrocketed during the novel coronavirus (COVID-19) pandemic.
The FTC’s website highlights the following COVID-19-inspired schemes that target small businesses.
“Public health” scams. Fraudsters may send messages that appear to come from the Centers for Disease Control and Prevention (CDC), World Health Organization (WHO) or other public health offices. The message may ask for the owner’s Social Security numbers or the business’s tax identification number — or ask recipients to click on a link that installs malware on your company’s network.
Government check scams. Thieves also may try to cash in on financial relief from the federal government during the COVID-19 crisis, including tax refunds from amending prior years’ returns and proceeds from Small Business Administration loans. Beware of unsolicited calls or emails that request you to pay up-front or provide personal information in order to receive government funds.
Business email scams. Con artists may send emails to employees, posing as higher-ups in your organization. The messages may direct the employee to wire money, transfer funds, send gift card codes or provide sensitive personal information. Or the fraudster may pose as a co-worker in the IT department and ask the employee for a password or direct the recipient to download software.
During the COVID-19 pandemic, many employees are working from home and have less direct contact with superiors and co-workers. Plus, there’s been a flurry of unusual financial transactions, such as expedited orders, cancelled deals and refunds. During a national crisis, emergency requests and software updates are less likely to raise a red flag than under normal conditions.
Supply scams. Many businesses are scrambling for essential supplies, such as hand sanitizer, face masks and paper products. Fraudsters may send emails with links to websites that mimic the look of well-known online retailers — or call your company — offering hard-to-find supplies at hard-to-beat prices. If you place an order from these bogus vendors, the fraudster gets your credit card or bank account information — and your business never receives the supplies it needs to operate.
Data scams. With more people working from home, hackers are hoping companies will drop their online defenses, making it easier to infiltrate business networks. During times of crisis, data security measures — such as encryption, firewalls, anti-virus and anti-malware software, and spam filters — are essential to keep your sensitive business, customer and employee records safe from cyberattacks.
It’s important to remind your employees about these COVID-19-related fraud scams. If your company unearths a bogus pitch, report it to the FTC or contact your financial advisors.