How to defend your organization against fraud

If you don’t want anyone to find out, DON’T DO IT
(Chinese Proverb)

The fraud perpetrated by employees, top management, or third parties is a vital risk and threat to any business that should be properly addressed. Enron, WorldCom, FIFA, Volkswagen are a few examples of corporate scandals that brought more attention to fraud deterrence by organizations worldwide.

In accordance with Report to the Nations on Occupational Fraud and Abuse (2016) by the Association of Certified Fraud Examiners (ACFE), empirical results show that a typical organization loses around 5% of its annual revenue due to fraud cases. However, losses caused by fraud are hardly measured in monetary terms, since ethical issues arise as well. Fraud could eventually lead to reputation loss, social displeasure, mass personnel dismissal, or even bankruptcy.

What is fraud and how much does it cost?

Occupational fraud is defined by ACFE as “the use of one’s occupation for personal enrichment through the deliberate misuse of misapplication of the employing organization’s resources or assets”. Occupational fraud is classified into three main categories: asset misappropriation, corruption, and financial statement fraud.

In Report to the Nations, ACFE analyzed 2,410 cases of fraud which occurred in more than 114 countries in 2014 – 2015 years. In accordance with the analysis, asset misappropriation (cash or other assets’ theft and its concealment) turned to be the most common form of fraud (occurred in 83% of all cases), while financial statement fraud – the rare form of fraud (occurred in less than 10% of all cases). Corruption (misuse of power or authority in order to gain benefits) cases are in the middle in terms of both frequency and losses.

Fraud could be committed by only one person in trust, and be a threat to the whole organization. One of the examples is a case with the UK Bank Barings which collapsed in 1995 because of the fraudulent activity of a sole trader, Nicholas Leeson. Leeson was trading derivatives on Singapore International Monetary Exchange. He was in charge of trading, accounting and reporting that enabled him to carry out massive trading deals, manipulate with books, and falsify documents. The total loss of fraud perpetrated by Leeson accumulated to USD1.4 billion that was sufficient to collapse Barings Bank.

Why do people commit fraud?

The following three factors in place might lead to fraudulent activity: incentive, opportunity, and rationalization.  Donald Cressey’s fraud triangle is presented as follows:

‘Trusted persons become trust violators when they conceive of themselves as having a financial problem which is non-shareable, are aware this problem can be secretly resolved by violation of the position of financial trust, and are able to apply to their own conduct in that situation verbalizations which enable them to adjust their conceptions of themselves as trusted persons with their conceptions of themselves as users of the entrusted funds or property’  (Donald R. Cressey, Other People’s Money, 1973, p.30).

A nice house, a new car, or resolving financial problems are some examples of incentives that motivate people to perpetrate fraud. An opportunity exists when a person is in the position to commit and conceal the fraud.  Moreover, fraud perpetrators rationalize or justify their behaviour, have prepared arguments and explanations, they do not perceive their intentional actions as fraudulent.

How to prevent fraud?

Higher salaries, social benefits, and opportunities for further promotion could deal with the incentive factor. It is common for organizations to design, implement, and conduct effective internal controls so that employees would not have an opportunity to deceive others. For instance, segregation of duties (authorization of transactions, recording of transactions, and custody of assets should be carried out by different persons) or the right combination of job duties would greatly reduce a chance to commit fraud by one person. Job rotations, mandatory vacations, background checks of employees before hiring are among other useful tools.

The factor of rationalization of fraud triangle could be dealt with by communicating a clear message from the top down: fraud is not tolerated. Providing proper training to employees would enhance their awareness of fraud, help them to recognize red flags, and know how to report fraud. Training of staff to predict and prevent fraud by raising their interest and motivation to be helpful and honest could dramatically cut down the costs of fraud. It is essential for the training to be practical and interactive with the provision of real examples related to the industry where the organization operates.

A vital part of the anti-fraud corporate culture is anti-fraud policy, which must comply with internal policies, current legislation, and other relevant documentation. The policy should clearly state the forms of fraud, responsibilities, and rights of parties, reporting process, and likely consequences of committing fraud. After getting familiar with the policy, employees should not be left with questions such as whether a certain action is regarded as fraud or just violation of rules.

Fraud risk assessment is another practical exercise that elevates the awareness of employees of possible fraud risks and their consequences.  Fraud risk assessment includes the following procedures:

  • Assessment of each possible fraud risk by measuring its likelihood and impact;
  • Identification of benefits to a perpetrator;
  • Identification of methods to commit fraud by considering the existing controls;
  • Determination of the tolerance level of fraud risk.

The fraud risk assessment process requires the understanding of business operating environment, gathering available information, interviewing employees to create and update a risk profile.

How to detect fraud?

The so-called red flags could be of great help to fraud detection.  Red flags indicate that fraud is likely to take place in a certain situation.

Most common red flags signaling fraud committed by staff are:

  • ‘Lifestyle syndrome’ or living beyond one’s means;
  • ‘Behavioural syndrome’ or a sudden change in behaviour due to personal reasons such as financial problems or addiction to alcohol, drugs, gambling, etc.;
  • Close association of an employee with a vendor or customer;
  • A situation when an employee works hard with no rotations does not take vacations or/and reject promotions;
  • A high turnover of employees may suggest a fear of fraud being discovered;
  • No proper segregation of duties or lack of supervision.

Some of the red flags signaling fraud committed by management also include:

  • An intentional restriction of auditors’ access to information, staff, assets; long disputes with auditors, missing documentation;
  • Decision making by a single or small number of managers;
  • Override of internal controls by supervisors and managers;
  • A large number of transactions at the year end, or transactions with no relation to business.

Every organization needs to be proactive rather than reactive in detecting fraud.

The most common detection tool is tips given by employees, customers, vendors, etc. Therefore, it is beneficial for small and larger organizations to promote various channels for fraud reporting, such as telephone hotlines, website forms, e-mails, etc. Reporting policies should also be extended to external parties such as vendors and customers. Other internal controls in place help to detect fraud. Code of Conduct, management review procedures, internal audit, external audit is among the main tools.

Tone at the top

Defense against fraud requires a combination of relevant policies and mechanisms that should be initiated by executives. It all begins with the tone at the top.  Top management should set a right tone at the top by continuously promoting an anti-fraud corporate culture throughout the organization. Code of Ethics (or Conduct) describing behavioral norms expected from employees at all levels is a good way to start promoting a healthy culture. However, the mere existence of the Code does not mean that it is handled by employees in a daily routine, so the Board and Audit Committee should play an oversight role to ensure that Code is not disregarded by top management or/and employees. In any organizational culture, it is essential for leaders to behave ethically, commit to integrity and honesty, and lead by example.

Our professionals at PFC could help you with forensic investigations. For further discussion on this subject please contact PFC representative or e-mail: or call us: +1(403) 375 9955.