November 4, 2019
White-Collar Crime: Are You Next?
Small businesses lose twice as much per scheme to white-collar crime as larger businesses, and detecting fraud typically took 16 months.
Are you next for white-collar crime? Unfortunately, the answer is likely yes.
Karen’s family-owned company prided itself on the loyalty and longevity of its employees. However, when she didn’t recognize a vendor receiving continuing payments, she grew suspicious. When the company’s bookkeeper assured her the invoices, which totaled in the tens of thousands of dollars over 18 months, were legitimate, Karen wanted to believe her.
A thorough investigation determined the vendor was a front for fraud, and the “loyal” employee was the mastermind behind an all-too-common crime.
Chances are you know a client, colleague or acquaintance who has experienced a similar nightmare. According to the Association of Certified Fraud Examiners’ 2018 Report to the Nations, small businesses – those with 100 employees or less – lose nearly twice as much per scheme to white collar crime as larger businesses, $200,000 versus $104,000. Detecting fraud required a median duration of 16 months.
While misappropriation schemes like fraudulent disbursements are the most common, at 89% of occupational fraud cases, financial statement fraud schemes are the most costly, racking up a median loss of $800,000 in 2018 – enough to put most small businesses out of business. The most common forms of occupational fraud were corruption, billing fraud and non-cash theft.
Why are small companies more vulnerable?
First, most employers trust their people, especially those with tenure. If you think Darla in claims who just celebrated 20 years with the organization is unlikely to be running a false invoicing scheme, think again. Fraudsters who have been with a company longer than five years steal twice as much. Fraudsters who collude with coworkers, a common occurrence, up a company’s losses exponentially. Word to the wise: Don’t trust Darla, and don’t overlook her friend Sheila in accounts receivable!
Second, there’s a misplaced assumption that it “won’t happen to me.” The truth is that occupational fraud happens all the time, and most victims don’t recover a penny. In 2018, 2,690 cases of occupational fraud were reported globally, costing companies over $7 billion. However, the incidence of fraud is likely much higher. Why? Companies don’t want the negative publicity. In fact, the number of occupational fraud cases prosecuted in 2018 decreased by 16%.
Third, many companies simply don’t have the resources to establish a fraud prevention department. As a result, internal control weaknesses are responsible for half of all frauds. This includes a lack of formal controls, no management review of vulnerabilities and no independent checks or audits. Many companies choose instead to rely on employees to “tip them off” to co-workers who are skimming or running scams. While employee tips do work, it’s no guarantee that fraud will be avoided or less damaging.
See also: ‘Jobsolescence’: How Big a Threat?
The best defense is a good offense. Formal fraud control mechanisms result in lower losses and quicker detection. Among the most common fraud prevention tactics include employee codes of conduct, external audits of financial statement and reporting processes, audits by internal staff, independent audit committees, management certification of financial statements and fraud prevention training for employees and management.
Surprisingly, the best tactics for reducing fraud losses and duration are the least used. Surprise audits result in 51% lower losses and 54% quicker detection, and data monitoring and analysis results in 52% lower losses and 58% quicker detection. Yet only 37% of companies victimized in 2018 had these controls in place.
Here is my advice to insurance clients on how best to protect their businesses as well as those of their insureds from fraud:
Understand that an external audit is not intended to detect risk. Most accounting and assurance firms clearly state in their letter of engagement that an audit of financial statements is not designed for fraud detection. Any fraud-related services require a separate letter of engagement with a specific scope of services focused directly on fraud detection.
Know that neither you nor your insureds are impervious to fraud no matter how delightful your people are. There are six well-known behavioral red flags, such as living beyond one’s means, financial and family difficulties, control issues, a wheeler-dealer attitude and unusually close associations with vendors or customers. Fraudsters typically display one or more of these red flag behaviors. Understanding and recognizing the red flags can help detect fraud and mitigate losses.
Select an audit/assurance professional who holds both CPA (certified public accountant) and CFE (certified fraud examiner) designations. CPAs understand the financial side of organizations and financial ratios/relationships, while CFEs understand investigative techniques, fraud schemes, prevention and deterrence. Put these distinct knowledge bases together and your organization will have a powerful advocate for mitigating, preventing and detecting white-collar crime.
Conduct a risk assessment. The objective is to identify what makes an organization most vulnerable to fraud. The process involves assessing the incentives, pressures and opportunities that individuals within your organization have to commit fraud and determining those who put you at greatest risk. The assessment also looks at existing controls and their effectiveness and whether the organization is complying with regulations and professional standards. The findings serve as the foundation of the fraud prevention strategy.
Develop and implement a fraud prevention strategy that incorporates policies and procedures for: preventing and detecting fraud; educating employees; communicating continually; responding to fraud once identified; limiting damage; punishing perpetrators; and rebuilding organizational confidence in the wake of fraud.
If you suspect fraud is present in your organization, contact your CFE immediately. A CFE will help determine whether an issue is actual fraud or a mistake, and how best to proceed. The sooner you engage a knowledgeable CFE, the quicker you can determine fraud, the perpetrator, extent of damages and how best to proceed.
See also: Hacking the Human: Social Engineering
I close this article by asking the same question I opened with: Are you next? It is my hope that your organization is the next to implement an anti-fraud strategy and not the next victim of fraud. While no system of internal controls can fully eliminate the risk of fraud, well-designed and effective controls will mitigate your risk.