NEW Fraud Survey – Identify Impactful Internal controls

In the mail I received an early copy of the “2008 Report to the Nation on Occupational Fraud and Abuse” from the Association of Certified Fraud Examiners.  The 2006 report has represented de facto standard for qualitative fraud calculations and risk mitigation efforts.  While there is no substitute for reading the full report I will highlight the following key areas – Audience, Nuggets, and Action items.

Audience:
The report is written for those that have both fraud responsibilities within the organization and those who have assets worth being exploited.  Therefore the audience I see (beyond the obvious Fraud professionals) includes:

  • Chiefs – CFO, CRO (Chief Risk Officer), CAO, CIO, CISO
  • Business Owners – VP, Directors
  • Team Leaders – of small teams

Nuggets:

  • 67 pages of facts sum up 959 cases of occupational fraud
  • 7% of Annual Revenues are lost due to fraud (up from 6% two years ago
  • In the U.S. that is approximately $994 Billion in fraud losses
  • 25% of the fraud sample were a million plus in damages
  • Tips identified 46.2% of all frauds
  • Small Business suffers more frequently (39.1% of all frauds) and greater (nearly double that of a public company)
  • Independent audit of financial statements was the most common control and nearly the worst in mitigating fraud (accountability of perception high error area)
  • Most Effective Controls: Internal Audit, Surprise Audits, Management review of Internal Controls and Fraud Hotlines

Action items:

  • Re-prioritize internal controls to address fraud
  • Identify what roles are truly accountable for fraud detection (i.e., address the perception vs. reality conundrum)
  • Emphasize training of employees of fraud (recognition) and the safeguards (whistleblower policies) and mechanisms (confidential hotlines)
  • Institute a mature process that follows-up on all leads completely and objectively (damages of a fraud grow over time, so quick elimination of identified fraud has strong rewards)
  • Establish Surprise Audits and mandatory job rotation

Again, this ACFE report is incredibly valuable and should be a cornerstone of any control environment.  Segments may be adopted today and into the future.  In addition, the ability to eliminate subjective values in risk calculations is tremendous.

Kind regards,

James DeLuccia IV

Looking forward to seeing everyone at the ACFE 19th Annual Fraud Conference next week in Boston.  My session on Best and Worst IT controls is on Monday!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s