The Fraud Recipe: Trust, Weak Controls and Poor Ethics

The Fraud Recipe: Trust, Weak Controls and Poor Ethics

The Fraud Recipe: Trust, Weak Controls and Poor Ethics

The typical organization loses 5% of its annual revenues because of fraud.
The average loss caused by a single case of fraud perpetrated by employees is $145,000.
These are the shocking data emerging from the “2016 ACFE Report to the Nations on occupational frauds and abuse” by the Association of Certified Fraud Examiners.
Why many businesses experience increasing losses from fraudulent activities by their employees? Here are the main reasons why.

Trust and common myths

“My employees are honest and would never commit fraud”. This is a really common myth around fraud and one of the reasons why businesses, especially small, are very exposed to fraud.
Of course there should be trust in the workplace, however you should always keep in mind two elements:

  • The 10-80-10 rule
    Fraud prevention experts have developed what is known as the “10-80-10 Rule” which means that 10% of your employees will never fraud, 80% may or may not fraud depending on the circumstances and 10% will always try to fraud.
    It is very unlikely that all your employees are in the first 10%, therefore, managing the circumstances which might encourage the 80% to commit fraud become crucial in preventing fraud.
  •  Length of service
    As highlighted by “2016 ACFE Report to the Nations on occupational frauds and abuse”, 53% of fraudsters had been with their organizations for more than 5 years. The more the fraudster had worked for the company, the higher the loss they could cause due to the relationship of trust with the leadership developed over the years.

Weak internal controls

While no company is immune from fraud, strengthening the internal control environment makes companies a less attractive target to fraudsters seeking to exploit internal control weaknesses. The most common weaknesses are:

  • Lack of policies and procedure
    Policies and procedures are critical tools to define how business processes should work and to allocate responsibilities for tasks. Unclear processes and responsibilities lead to a climate of uncertainty over the rules to be followed which is the ideal environment for frauds. Furthermore, un-written rules are virtually unenforceable.
  • Poor segregation of duties
    Segregation of duties is a basic internal control that attempts to ensure no single individual has the authority to perform two or more conflicting tasks with the potential to perpetrate a fraud.
    A lack of it is extremely common in small companies where the teams are very small if not even made of only one person and it increases exponentially the chances of fraud.
  • Lack of review
    The lack of review is another source of opportunities for frauds.
    The “4-eyes principle” (one person performing a task and another one reviewing it) ensures that mistakes are prevented and occasions for frauds are limited… if, of course, it is actually implemented.
    Often, even in the companies where there are defined internal controls and there is a good segregation of duties, reviews are not carried out properly due to lack of time and reliance over the relationship of trust with the employee.

Poor ethics

Having a “tone at the top” is believed by business ethics experts to help prevent fraud and other unethical practices. One of the worst mistake by senior managers and top executives is to tolerate unethical behaviours and overriding of rules by employees.
There might be a number of reasons to turn a blind eye such as the fear to lose a key employee or  the tendency to avoid conflicting situations.
However, this climate of tolerance would cause a lack of trust in the senior management who is deemed to be unable to enforce existing rules.
40% of the frauds are discovered thank to whistle-blowers’ tips, however, this number decreases in organizations where the whistle-blower is not protected against retaliation.
This lack of clarity will create an optimal environment for fraudsters to act as it is much easier to conceal the fraud and, even if they are discovered, they might even get away with it.

What can you do to prevent fraud?

There are a number of ways to decrease the chances of being defrauded:

  • Pre-Employment screenings
    A robust pre-employment screening process helps mitigate the risks of hiring an applicant with previous criminal history, workers’ compensation claims, or employer sanctions.
    However, most occupational fraudsters are first-time offenders with clean employment histories who might belong to that 80% of the population which turns fraudster only because of the circumstances.
  • Monitoring employees’ behaviours
    Being able to identify unusual behaviours is key in identifying potential frauds. The “2016 ACFE Report to the Nations on occupational frauds and abuse” reports that the most common red flags are: living beyond means, experiencing financial difficulties, unusually close association with customer/vendor, wheeler-dealer attitude and unwillingness to share duties or to take vacations.
  • Fraud risk assessments
    A fraud risk assessment is a periodic review of all the critical business processes to ensure enough controls are in place to prevent fraud.
    The benefits of such assessment are even greater if carried out by an external consultant rather than by company’s management because a fraud risk consultant is not only specialised in identifying every possible weakness which might open opportunities to fraud but he is also independent to the organization and therefore can evaluate the company’s processes with fresh eyes.
    Surprise audits are also very recommended as they have been proved to be a very good fraud deterrent as well as a great tool to detect them.
  • Policies and procedures
    Written policies and procedures are essential for rule enforcement as well for clarity over processes. They should also specify the person responsible for carrying out the tasks and the person responsible of reviewing them.
    Of course it is not enough to write down the procedure but it is essential that they are applied and enforced.
  • Anti-fraud policy
    An anti-fraud policy should be created to clarify the fraud management process and to ensure the same standard of accountability to everyone in the company, including long-term employees and top performers.
    The policy should cover topics such as fraud prevention, deterrence, detection, how investigation of all forms of fraud and corruption should be carried out, who is responsible for it, and the consequences of committing fraud.
    Finally, the policy should be advertised to all the employees in order to be an effective instrument for fraud prevention and should be enforced by management when needed.