Internal fraud is a huge risk to companies. Experts estimate that on average it costs companies 3% to 5% of revenue each year. When profit margins are thin, internal fraud can literally put some companies out of business. Executives are prone to underestimating the amount of fraud that exists within their companies. They want to believe that their internal controls are better, their employees are more honest, and their ability to stop fraud is more effective than that of executives at other companies.
The truth is, they are often unaware of all the frauds committed within their company’s walls. Indeed, fraud is often hard to find and may be hidden among the seemingly more trustworthy employees, those who are necessary for keeping the business running. They are the ones putting companies at risk; they have access to assets and information and the opportunity to steal and cover up fraud.
This is why Corporate America likes to speak in averages, under the guise of including all known and unknown frauds at companies across the globe. However, CFOs and other top executives should not get caught in the trap of believing their company is much better than average. They need to move beyond thinking a basic compliance program and an internal hotline are enough. Proactive fraud-prevention measures are necessary to manage the risk of fraud.
Fraud experts usually talk about occupational fraud in three general categories: asset misappropriation, corruption, and financial-statement fraud. Asset misappropriation is the internal fraud we hear the most about because it happens most often. Included here are thefts of inventory, money, business opportunities, and anything of value that employees can wrongly divert from the company.
Even though corruption and financial-statement frauds are not as common, the costs to the victims are much greater per fraud scheme. Corruption schemes include bribery and kickbacks, often with vendors and employees colluding to get money, benefits, or favorable terms. Financial-statement fraud includes the manipulation of reports to create a financial opportunity for an individual or entity. It is the most costly type of fraud in terms of the dollars lost by victims, but can also be costly in terms of investigative expenses, regulatory actions against those involved, and penalties assessed by the government once the fraud is discovered.
Finding the Perpetrators
These frauds and their perpetrators tend to be uncovered from an internal tip and a subsequent investigation. These probes are important to companies not only to hunt down the corporate thieves but also to send a message to other employees that management is serious about finding and stopping fraud. Investigations are also an important information-gathering exercise. They help the company discover weaknesses in the system that can be exploited by dishonest employees.
However, investigations are not the best way to reduce fraud losses. Recovery from fraudsters is generally very low, so performing an investigation with the sole intent of recovering ill-gotten gains is misguided.
Moreover, compliance with regulations like the Sarbanes-Oxley Act is not enough to prevent the need for fraud investigations in the first place. Companies need to implement their own proactive anti-fraud measures. This means developing policies and procedures specifically designed to stop fraud and detect fraud, such as designing procedures to avoid the concentration of too much access and authority by a single employee, implementing a data analytics program to identify red flags in financial data, outlining the chain of command for employees to report suspicions of wrongdoing, and regularly engaging third parties to perform surprise fraud-detection procedures. The effectiveness of those proactive measures needs to be evaluated regularly, with changes made promptly to better prevent and detect fraud.
These efforts need to be aimed specifically at both preventing and detecting fraud. First the company must try to stop fraud by putting controls in place. Then management must work on detecting any fraud that might have slipped through the company’s fraud-prevention procedures.
Worth the Cost?
With a mind-boggling number of regulations to which large companies must adhere, the concept of incurring additional costs to shore up operations is unappealing. I have heard over and over again from top finance executives that the cost of implementing Sarbanes-Oxley and related regulations was enormous, and management simply doesn’t have the budget to do even more to try to stop fraud before it occurs.
The problem, though, is that the right proactive fraud-fighting measures can prevent so much fraud that the investment will be quickly returned to the company. I know it’s a hard sell, because so much fraud is unseen and therefore the measurement of the dollars is based on estimates.
Think about it this way: suppose your company does $5 billion in sales each year, with net profit of 5% of revenue, or $250 million. If your company is like the average company in the current economy (and with the current regulations), it is losing $150 million to $250 million each year to fraud committed by employees. If the company could reduce its fraud risk by only 10%, that would mean $15 million to $25 million saved, which goes directly to the bottom line.
The cost and pain of implementing effective anti-fraud controls may seem high, but the benefits are much greater in both the short and long term. Current regulations and standard financial-statement audits alone have not been enough to quell the tide of employee fraud, as evidenced by the all-too-frequent reports of the discovery of fraud schemes. It is time for companies to be proactive because when it comes to fraud, the best defense is a good offense.