Assessing and Mitigating Fraud Risk with the ACFE Report to the Nations




By John Warren, J.D., CFE

ACFE Vice President and General Counsel

The ACFE just released its 2014 Report to the Nations on Occupational Fraud and Abuse, and along with it comes the typically grim picture of occupational fraud’s impact on the global economy: CFEs estimate the average organization loses 5% of its revenues to fraud; over one-fifth of all cases in our study caused at least $1 million in losses; the typical fraud lasts 18 months before it is detected; and so on. But if there is any good news in the Report, it is in the fact that we continue to develop a better understanding of how these crimes occur and what organizations can do to mitigate their risk.

For readers who are unfamiliar with the Report to the Nations, it is a study conducted by ACFE every two years, based on actual cases of occupational fraud as reported by the Certified Fraud Examiners (CFEs) who investigated them. The data in the 2014 Report is based on 1,483 frauds that occurred in more than 100 countries and that collectively caused more than $3 billion in losses.

This is our eighth edition of the Report, and despite the fact that each study is based on an entirely different set of frauds committed by a different group of perpetrators, the patterns that emerge are remarkably consistent. For instance, when we focus on how fraud is committed, we find that asset misappropriation schemes continuously account for 85-92% of cases, corruption schemes make up 27-37% of frauds, and financial statement schemes show up in 5-11% of cases.

We also see clear trends in terms of who commits fraud. The typical occupational fraudster is a male (67% of cases in our 2014 study) between the ages of 31 and 45 (52% of cases), has worked for his organization between 1 and 5 years (41% of cases) and works in one of four departments: accounting, operations, sales or executive/upper management (combined 57% of cases). We have also been able to identify the most common fraud schemes committed within given industries, as well as within various organizational departments. For example, 52% of all frauds in the executive/upper management suite involve corruption (such as kickbacks, conflicts of interest, etc.), but in the accounting department, the biggest risks are from check tampering (36% of cases) and billing schemes (31% of cases). Across the board, the frequency of schemes in various departments has remained stable since we began tracking this data, which means we have a firm grasp of how fraud is most likely to occur in those areas.

Every organization has a limited number of anti-fraud dollars to work with, so the more we know about where fraud risk lies, the more effectively we can target those resources in a way that provides the most bang for the buck. But our Report does not just focus on identifying risk. It also provides data on the best ways to detect fraud and minimize exposure.

Since we began tracking detection methods in 2002, we have found that by far the most effective way to detect fraud is through tips. In our 2014 Report, 42% of all cases were caught by tips, as opposed to just 16% by management review of transactions and 14% by internal audits. Given the fact that tips are such an effective fraud detection tool, organizations should do everything they reasonably can to foster the reporting of improper or illegal conduct. Among other things, this means establishing a hotline and conducting anti-fraud training to educate employees about how to recognize and report potential fraud. In our study, organizations with hotlines caught frauds 50% more quickly than those without hotlines, and they had 41% lower fraud losses. Organizations that conducted fraud training for employees had 39% lower losses and caught fraud schemes in half the time.

In addition to the importance of hotlines and training, our data show that the key to detecting fraud quickly and limiting its damage is to simply make a proactive effort to do so. We looked at losses based on the manner in which frauds were caught, and it is very clear that the way you catch fraud matters. Organizations that detected fraud through proactive measures like surveillance/monitoring, internal audit, and management review of transactions caught frauds quickly and had relatively low losses. On the other hand, those who detected fraud reactively (e.g., by the fraudster’s confession, by accident, through their external auditors or by notification from law enforcement) tended to experience much longer, more costly frauds. In other words, if you want to effectively address fraud, you have to seek it out. This seems like a simple message, but it’s one that is too often overlooked.