In a recent blog post, I explored why automated data monitoring and surveillance is ineffective in detecting occupational fraud.
In today’s post, I highlight the top three fraud protection methods used by organisations that reported fraud. I then compare these to the top three methods that actually detected fraud.
All statistics referred to in this blog post were sourced from the ACFE* report Occupational Fraud 2022: A Report to the Nations** and relate to organisations that experienced and reported occupational fraud between January 2020 and September 2021.
Below, I separate between the fraud protection methods used and the actual ways that fraud was detected, highlighting the percentage of related organisations for each of these based on more than 2,000 reported fraud cases.
Fraud Protection
Of the 18 most common methods of fraud protection (anti-fraud controls) used by organisations, the top three were as follows:
External audit of financial statements
Neither considered as a fully active or passive method of fraud detection, external audit of financial statements was in place at 82% of all organisations, however, this method only resulted in the detection of 4% of all reported fraud.
External audit of financial statements
Neither considered as a fully active or passive method of fraud detection, external audit of financial statements was in place at 82% of all organisations, however, this method only resulted in the detection of 4% of all reported fraud.
Code of conduct
This anti-fraud control was in place at 82% of all organisations, but did not appear specifically on the list of detection methods. It may, however, been a contributing factor in prompting detection methods such as tip-offs or confessions. It also could have been included as part of the “other” detection method classification which accounted for the detection of 1% of all reported fraud.
Code of conduct
This anti-fraud control was in place at 82% of all organisations, but did not appear specifically on the list of detection methods. It may, however, been a contributing factor in prompting detection methods such as tip-offs or confessions. It also could have been included as part of the “other” detection method classification which accounted for the detection of 1% of all reported fraud.
Internal audit department
This was the only anti-fraud control to appear in the top three of both the protection (77%) and detection methods (16%) lists. Internal audit was the 2nd most effective detection method, following tips.
Internal audit department
This was the only anti-fraud control to appear in the top three of both the protection (77%) and detection methods (16%) lists. Internal audit was the 2nd most effective detection method, following tips.
Fraud Detection
Organisations detected occupational fraud in many ways, however, the top three methods were responsible for detecting 70% of all reported fraud. These detection methods, in order of effectiveness, were:
Tip
Having an anonymous mechanism for reporting fraud has been identified as the most effective method of detecting occupational fraud with 42% of all reported fraud found this way. Of all the organisations that reported fraud, 60% had implemented a hotline.
Tip
Having an anonymous mechanism for reporting fraud has been identified as the most effective method of detecting occupational fraud with 42% of all reported fraud found this way. Of all the organisations that reported fraud, 60% had implemented a hotline.
Internal Audit
Independent assurance over risk management, governance and internal control processes has proven to be the second most effective method of detecting occupational fraud with 16% of reported fraud found this way. It is also the third most common protection control in place, used by 77% of all organisations that reported occupational fraud.
Internal Audit
Independent assurance over risk management, governance and internal control processes has proven to be the second most effective method of detecting occupational fraud with 16% of reported fraud found this way. It is also the third most common protection control in place, used by 77% of all organisations that reported occupational fraud.
Management review
Aside from activities such as assessing the effectiveness of essential business processes and ongoing due-diligence of operational activities, management reviews were found to be the third most effective method of detecting occupational fraud with 12% of all reported fraud found this way. It was a process in place at 60% of all organisations that reported occupational fraud.
Management review
Aside from activities such as assessing the effectiveness of essential business processes and ongoing due-diligence of operational activities, management reviews were found to be the third most effective method of detecting occupational fraud with 12% of all reported fraud found this way. It was a process in place at 60% of all organisations that reported occupational fraud.
Summary
Although it has been shown that having some form of tip-off mechanism is the best method to detect occupational fraud, it is essential to also consider that once a tip has been made, fraudulent activity (and loss) is likely to have already occurred. This is most pertinent when noting that of all money lost globally through occupational fraud, more than half was never recovered**. Additional, more preventative measures should also be considered when looking to protect against occupational fraud.
When reviewing all of the 18 most common internal controls that organisations chose to protect themselves against occupational fraud, it was interesting to note that only a small number of these methods had the sole purpose of detecting fraud. Instead, it appears that organisations rely upon detecting fraud via methods that have additional business outcomes and objectives, such as external audits and the implementation of a code of conduct.
*The Association of Certified Fraud Examiners (ACFE) is the world’s largest anti-fraud organization that releases its global Report to the Nations every two years focussed on occupational fraud.
**Read the full report – Occupational Fraud 2022: A Report to the Nations. (Copyright 2022 by the Association of Certified Fraud Examiners, Inc) at https://legacy.acfe.com/report-to-the-nations/2022/
Wayne Bryant
Wayne is Chief Executive & Founder, Threat Intelligence & Analytics Lead at 3rdegree. He has a decade of experience protecting businesses from fraud and financial crimes through roles in professional services, data analytics and software development.
To contact Wayne call him directly (+64) 21 199 4757 or email wayne@3dg.net.nz