©scyther5/ISTOCK/THINKSTOCK
The Association of Certified Fraud Examiners (ACFE) regularly reports that multiple forms of fraud – equivalent to around 5 percent of revenues – affect corporations each year. This is a staggering amount and even if this number is slightly overstated, the potential for fraud to occur in organizations is not – and it’s something that every leader in financial control and risk management should be taking seriously.
Fraud by employees, as well as by third parties who may collude with employees, can occur in most financial and business systems including purchasing, payments, billing, payroll, inventory and shipping, P-cards, and travel and entertainment expenses. Of course, the risk of fraud should be considered when designing controls throughout financial and business processes – however, there are several reasons to look beyond the traditional approaches to preventing and detecting fraud.
The weakness of traditional control systems
No control system is perfect. In fact, if systems included all possible controls to eliminate any chance of fraud, they would become so cumbersome as to be unworkable. For example, imagine a corporate credit card being blocked every time there is an out-of-state purchase. This is one reason some control settings in ERP’s are often turned off, or are never implemented in the first place. Even if automated controls are functioning as intended, employees will often find workarounds – not necessarily with any criminal intent, often just to get their jobs done more quickly and easily – and if well-intentioned employees know there’s a workaround, it’s almost certain the fraudsters do too.
Studies show a disconnect between actual rates of fraud and what most managers and executives think is the likelihood of fraud in their organization. For various reasons, many people are reluctant to acknowledge that fraud takes place in their organization, and so they avoid looking out for it. Managers – including financial managers – tend to focus on business and operational priorities, without spending much time on the possibilities for fraud or enforcing necessary control procedures. Most organizations also promote cultures of trust and respect among management and employees, which tend to run counter to creating a strong sense of fraud awareness. While some managers may well be aware of a wide range of common fraud schemes, their attitude often includes “but that doesn’t apply in my team.”
A solution to the problem
So, there is a problem – one that often takes place virtually unseen in many organizations – and it needs to be addressed. There is one solution that has proven effective – both in detecting fraud and preventing it in the first place. Yet, surprisingly, it has still not been widely adopted.
Technology, in the form of data analytics, provides a way to both prevent and detect fraud and to improve control systems overall. The concept is simple enough: use data analytics to examine every transaction that flows through systems and flag any indicators of fraud. Various forms of fraud each have several indicators – or red flags – so, each transaction can be tested several ways. Then, develop automated routines to perform these tests on an ongoing basis (i.e. continuous monitoring) and implement processes to review and respond to fraud indicators as they arise.
This data-driven monitoring approach means that actual instances of fraud can be addressed almost immediately. It also means that fraudulent activities are caught before they have a chance to grow into something far more serious. Not only does this identify on a timely basis when fraud has occurred, but also reduces the likelihood that employees will risk fraudulent behavior, because they know they are more likely to get caught.
Not just for fraud risks
While data analysis can be used very effectively for proactive fraud detection and prevention, very similar techniques can be used for many other forms of transaction monitoring and for testing controls relating to compliance requirements such as for FCPA and SOX. Increasingly, transaction monitoring analytics are being used to provide the basis for a data-driven approach to integrated risk and compliance management across the organization.
A worthwhile ROI
Some organizations already know the benefits of automated transaction monitoring and use data analytics very effectively to reduce the risk and magnitude of fraud. However, many organizations have been very slow to recognize the risks of fraud by employees and others, as well as to respond effectively.
The ACFE’s 2016 Global Fraud Study identified fraud cases with an average loss of $2.7 million and a median loss of $150,000, with 23.2 percent of cases causing losses of $1 million or more.
The cost and effort of implementing fraud detection monitoring systems is often just a small fraction of what could otherwise be lost due to fraud, so there is usually a pretty good business case for using technology to fight fraud in any organization.
John Verver, CPA CA, CISA, CMC is an advisor to ACL.