Fraud is big business. Companies are at the greatest risk of fraud from their employees, since the employees have easy access to information and assets. We don’t know for sure how much fraud happens, but experts estimate that companies lose 5% of their revenues to employee fraud. At a company with annual sales of $100 million, that means that $5 million is walking out the door each year.

Executives tell themselves that their company isn’t the norm. They do better than average. They certainly haven’t been a victim of internal fraud to the tune of 5% of revenues. The sad truth is that they don’t know exactly how much has been stolen from their companies because they aren’t aware of all the fraudulent activities committed. Five percent is an average level of fraud for a company, and it would be wise for executives to take this number seriously.

Even though management would like to believe they’re doing better than the average company, this is a dangerous trap. Thieves are always on the lookout for unprepared companies, and it shows.

Access Equals Opportunity
The most expensive internal frauds are committed by upper level executives, and their frauds make those committed by employees and managers look minor in comparison. The median fraud committed by an owner or executive is more than six times higher than those committed by managers, and more than 14 times higher than those committed by employees.

When employees collude to commit fraud, the financial losses also increase. The median loss for a fraud scheme perpetrated by two or more employees is three times the loss when only one employee is involved. This trend occurs because the involvement of multiple employees makes it easier to circumvent anti-fraud controls and conceal the frauds longer.

As you can see, the more access available to data and assets, the more money lost to internal fraud. Clearly, owners and executives need access to data and systems within the company. Yet that access should not be granted without anti-fraud controls in place. Those controls should first be aimed at preventing fraud all together, and second directed at detecting fraud if it occurs.

Tracking Down Thieves
Companies are often determined to go after perpetrators of fraud with an arsenal of trained investigators and all the legal muscle they can assemble. Investigations send an important message to employees that the company is serious about finding fraud and taking action against the thieves. An investigation can also be useful to discover the weaknesses exploited by dishonest employees.

While investigations are very useful, they are still not the best way to reduce fraud losses. Recovery of funds from fraudsters is generally very low, so performing an investigation with the intent of recovering ill-gotten gains is misguided. 78% of companies recover less than half of the money they lose due to a fraud scheme. This includes all sources of recovery, such as restitution and insurance. 58% of victim companies never recover any funds.

Because recovery of stolen funds is so low, it is much more cost effective for companies to invest in fraud prevention measures. While this will cost money up front, that investment is easily recovered by a reduction in the company’s fraud risk. At a $100 million company, even a 10% reduction in annual exposure to internal fraud is worth $500,000. As fraud prevention efforts continue year-to-year, the annual savings will likely compound.

Weapons Against Fraud
An effective corporate fraud prevention program includes three major components: education, investigation, and proactive prevention. Each of the components is strongly connected to the other two, and they all work together to provide the maximum protection against internal fraud.

The first component, education, is essential for all employees. Internal fraud is most commonly discovered through tips from employees, customers or vendors. Because employees are likely to report theft to management, it makes sense to arm them with the knowledge to help the company. I recommend broad based fraud education for all employees, with more specific anti-fraud training provided based upon department and position within the company.

As a company’s fraud education program becomes more sophisticated, more employees can be involved in creating and providing the training. Rank-and-file employees can enhance the development of training based upon their job experiences. Further, the inclusion of peers in training can help connect with front-line employees.

The second part of a comprehensive fraud prevention program is investigation. While fraud prevention efforts are aimed at stopping theft, the need for investigations will never be fully abated. When employees believe management is actively seeking out fraud and punishing offenders, they are less likely to commit fraud. Ongoing investigations are important deterrents to fraud, but should not be the main focus of a prevention effort.

Effective investigations should include a well-defined plan, a reasonable division of duties, and a central point of contact. As evidence is gathered and witnesses are interviewed, it is important to bear in mind that this information may someday be presented to a court.

Ideally, the need for investigations will decrease as your company’s fraud prevention efforts increase. However, it is necessary to have resources available to conduct competent investigations.

The third and most extensive part of a comprehensive fraud prevention program is the creation and implementation of proactive preventive techniques. These policies and procedures should go above and beyond traditional internal controls and government regulations to specifically address fraud.

Effective anti-fraud policies outline expected behaviors and encourage disclosure of conflicts of interest. These policies apply to all levels of employees and management, with executives taking the lead in abiding by the policies. The tone at the top will demonstrate the company’s commitment to anti-fraud policies.

Development of standard procedures that address the risk of fraud is the most critical part of all fraud prevention efforts. Every proactive anti-fraud procedure should have a true purpose relative to the prevention of fraud. It is useless to implement ineffective controls. While management may believe that they’ve “done something” by implementing those controls, it really does not advance the anti-fraud effort.

Creating and maintaining a thorough fraud prevention program is serious business. It can take up to two years to implement a full-blown program. The process really never ends, however. A company committed to fraud prevention will continuously monitor and improve control policies and procedures. Management will examine information gathered from investigations, and use that data to further develop anti-fraud procedures.

An effective fraud prevention program can be implemented efficiently with the right people and the right expertise. It may be complex and time consuming, but the cost and pain to implement effective anti-fraud controls is small in comparison to potential and actual fraud losses.