Across from me sits the director of disbursements for a Fortune 500 company. She's smiling as we begin an overview of her company's financials, but her expression soon turns serious. Why? Her company's performance is on target and as a director she's doing almost everything right — streamlining processes, consolidating enterprise resource planning systems, and meeting tax and regulatory compliance requirements. Yet based on the most recent ACFE findings, we both know the truth. Each day, in small and large increments, almost 5 percent of revenue is likely leaking out of her organization through falsified invoices and expense reimbursements, check tampering and billing schemes, etc.
This director gets it. She knows what the ACFE's 2014 Report to the Nations on Occupational Fraud and Abuse has indicated: asset misappropriations are the most common occupational fraud. And while the median loss of $130,000 per incident pales in comparison to the $1 million median loss for financial statement fraud, asset misappropriation represents an insidious fraud category that's difficult to detect without preventive controls and continuous monitoring.
As a senior risk vendor analyst, I've primarily worked with companies that bring in annual revenues of $5 billion or more, and I've seen the full range of attempts to address fraud within the purchasing-to-accounts-payable cycle. Often, the company doesn't put a robust process in place until it's in the news with a violation, an FCPA incident or an internal case of undetected embezzlement that might have gone on for years. But why? As money walks out the door, why wouldn't companies adopt a more proactive stance for early detection?
The answer is fear. Fear can prevent a mom-and-pop shop or a Fortune 500 industry leader from becoming serious about fighting fraud. Business analytics and portal systems certainly enable companies to more quickly mine through volumes of data and identify red flags, yet they're not a requirement for fraud prevention. Depending on the size of the company, it can data mine and detect fraud early with such basic tools as Microsoft Access and Excel. And while companies pay lip service to efforts to fight fraud, they're often slow to take advantage of even these most elementary methods. Let's consider how the fear factor plays into the decision — or indecision — to fight fraud.
TOP 3 FEARS THAT PARALYZE FRAUD PREVENTION
Fear No. 1: Cost. Like health or car insurance, fraud prevention software is a cost for which you don't always recognize an immediate return. Management wants money brought back to the bottom line, and it's easy to assign a dollar figure to payment errors using platforms like duplicate invoice analysis. But when it comes to identifying and preventing risk and potential fraud, returns can be harder to quantify.
I often hear concerns about spending money on a system that might or might not identify fraud. And if the system does identify fraudulent activity, companies are now obligated to spend more for the additional investigation and possible litigation. Larger companies might see money lost to fraud as "pennies," but pennies add up. That's money that could have been reinvested toward a company's bottom line.
Fear No. 2: Technology. Companies are concerned that implementing new software technology might increase their exposure to fraud via data breaches. They're also concerned that technology will replace internal auditors. While data encryption and similar tools can combat the risk of data breaches, addressing personnel concerns are trickier.
When I work with companies, I point out that technology in any form is a means to assist — not replace — people. Computers alone don't "discover" fraud; they simply detect red flags that can point you in the right direction. The red flag could be a simple data-entry error or an anomaly within the data. Technology helps identify red flags, but human input and investigation is required to determine if fraud is indeed occurring. From there, companies must ask questions.
Fear No. 3: Loss of reputation. Companies might fear their reputations will take a hit if they uncover ongoing fraud schemes. Social media has evolved to become an incredibly popular form of information sharing, so all it takes is the hint of a rumor and the damage is done. Employees might post information — or alleged information — that makes it appear as though a company is attempting to hide something. For that reason, it's to a company's advantage to be open with their employees in their effort to fight fraud. Employees are less likely to whistleblow in public when there are safe, internal options for them to report discrepancies to management. For example, use proactive social risk-management strategies, such as toll-free hotlines, to help employees feel comfortable reporting potential or suspected frauds without the fear of retaliation.
FIGHTING FRAUD ON THE FRONT LINE
Companies must realize that the benefits of fighting fraud far outweigh the fears. Engagement in an early fraud education process acts as a buffer, which could lead to fewer fraudulent losses. Procurement and payables professionals must implement efficient processes that address red flags and track — early and upfront — non-adherence to mandates. Below is a quick overview of best practices for engaging analytic tools and front-line staff to identify and prevent fraud.
- Tone at the Top. Of course, top-level management must be committed to address fraud prevention. However, it's just as important for middle managers to adopt a zero-tolerance policy toward fraud. A lack of integrity can be contagious. If workers see their supervisors' rubberstamping processes, it gives them little incentive to raise concerns when they find inconsistencies.
- Segregation of duties. No one person should be responsible for an entire accounting function. The individual who sets up a vendor or client shouldn't be the same person who approves invoice payments. It's vital to have multiple eyes on the process, especially in smaller organizations where segregation of accounting duties might be limited or non-existent.
- Create a fraud-fighting culture. The very perception of detection helps prevent fraud. A fraud-prevention overview should be part of new employee orientation. Companies also should sign off on internal codes of ethics that outline the steps and procedures employees can take if they suspect fraud. Tips are consistently, and by far, the most common detection method. According to the Report to the Nations, tips detected more than 40 percent of all cases. Publicize a hotline number both internally and externally for your vendors — one of your employees might even be seeking to collude with a client!
- Training and process audits. Perform anti-fraud training for employees annually, at a minimum. Increase your anti-fraud training if you have a substantial number of new employees coming on board. Annual fraud awareness and detection training sends a clear message to employees about your organization's high standards and could deter fraudulent activity.
- Vet suppliers and clients. If you want to avert various types of fraudulent schemes, it's crucial that you understand the red flags to look for when onboarding a supplier or client. Vendor vetting in real time can mitigate upfront risks and dictate those actions required to prevent fraud from slipping undetected through the system. Vendor portals prove invaluable for vetting suppliers using automated data validation.
- Take action. There's no reason for you to identify or perform analysis if you're unwilling to take action. Fraud prevention software can help you do more than detect fraud — it can highlight poor processes that might expose you to fraud. For example, you might have a legitimate vendor or client, but software can raise a red flag because of gaps in your set-up process. Analyze results, make changes, monitor and constantly learn from your processes.
DON'T LET FEAR TAKE CONTROL
As CFEs, it's our duty to help diminish the fears that impede the fight against fraud. When our organizations acknowledge those fears we can effectively use resources to combat them. I've seen companies that use analytics tools and proactive monitoring turn idle threats into reality.
As a fraud examiner, I've also seen companies allow fear to paralyze them into inaction. These companies are at far greater risk for losses due to fraud than companies who take advantage of technology to leverage their resources. The larger the organization, the more complex and multi-faceted the governance and responsibility matrix for fraud detection should be. Passive detection methods aren't enough anymore. It's been proven time and again that instilling proactive efforts to discover or reduce fraud will increase the bottom line and enhance a company's reputation.
Tasha Bailey, CFE, is a senior vendor risk analyst with APEX Analytix in Greensboro, North Carolina.
The Association of Certified Fraud Examiners assumes sole copyright of any article published on www.Fraud-Magazine.com or www.ACFE.com. ACFE follows a policy of exclusive publication. Permission of the publisher is required before an article can be copied or reproduced. Requests for reprinting an article in any form must be emailed to FraudMagazine@ACFE.com.