If you are one of the many CEOs who thinks that occupational fraud only happens to other companies, you might want to review the facts. According to participants in the “2006 Report to the Nation on Occupational Fraud and Abuse” issued by the Association of Certified Fraud Examiners, Inc. (ACFE), U.S. businesses lose more than 5 percent of their annual revenues to fraud. That translates to more than $652 billion in fraud losses each year.
The report goes on to state that while fraud happens in all businesses, among firms that used preventive measures such as fraud-prevention training, surprise internal audits and an anonymous tip line for reporting suspected fraud, the dollar amount of the average loss was less than half than firms without the measures.
“Occupational fraud is hard to detect because, by its very nature, the act itself is concealed,” says Patrick Ross, principal with the Audit and Business Advisory Services Group of Haskell & White LLP. “Having the proper anti-fraud controls to prevent, deter and detect fraud based on the specific risks of your business is important in reducing potential losses.”
Smart Business spoke with Ross about how CEOs can take action and set the right tone to help prevent occupational fraud.
How common is occupational fraud?
Given the numbers reported by ACFE, it is much more common than many people think. Many times, it goes unreported in an effort to avoid bad publicity, or executives do not want to deal with the effort involved in prosecuting the crime. Also, because there is no universal definition of fraud, knowing when it occurs is typically not a black-and-white issue. If the boss takes a few inventory samples from the warehouse, is that fraud? Or what about doing personal work on company time? It can be hard to prevent occupational fraud unless the company has clearly communicated what is expected of its employees.
Why is fraud hard to detect?
The average length of time that occupational fraud goes on before being detected is 18 months, and frauds are often committed by trusted employees. An important element of fraud is the need to cover up the act. Also, because so many more business transactions are electronic today, there is less of a paper trail that can be followed. For some frauds, the extent of losses cannot even be determined.
Given the rapid changes in business, CEOs need to make sure their fraud-prevention process changes with their business in order to keep fraud from happening. It’s like a water leak in your house; it may start out small but if you ignore it over time, look out.
What steps can CEOs take to help prevent fraud?
First, conduct a risk analysis of your business looking for potential vulnerabilities. For example, if you run a cash business, look for ways that the cash could be siphoned off without your knowledge and make sure that job responsibilities are properly segregated. Review your controls with fraud prevention in mind and then actually test those controls to make certain that they are working. Conducting random audits is important; the surprise element embedded in the process can help deter potential fraud.
Second, the CEO should establish an investigation plan before needing it. The plan usually involves your corporate attorney, internal auditors or — if you don’t have the necessary internal resources — hiring an external certified fraud examiner.
What role should CEOs play in fraud prevention?
It is important to define what constitutes fraud and publicly state that it will not be tolerated. To deliver this message, the company should have a defined code of ethics. CEOs should set the tone from the top and lead by example because employees take cues from senior management in terms of what’s appropriate. For example, if the boss uses company vehicles for personal use, then is it OK for me to do the same? There are three elements that need to be present for fraud to take place: (1) the opportunity to commit fraud; (2) the rationalization on the part of the perpetrator that it is ‘OK’ to commit the acts and (3) perceived pressure by the perpetrator — such as personal financial need. CEOs can play a major role in eliminating two of the three elements.
What actions should CEOs take if they suspect occupational fraud has occurred?
The first step would be to follow your investigation plan. Not following certain procedures of forensic investigation or not taking the proper legal steps could lead to a fraud perpetrator not being held accountable. When fraud is suspected, emotions often come into play, so it is best to let the professionals handle this. CEOs should be supportive of the investigation process and be prepared to take any necessary disciplinary action — including termination and pursuing criminal or civil legal action.
PATRICK ROSS is a principal with the Audit and Business Advisory Services Group of Haskell & White LLP. He has more than 13 years experience in public accounting in Orange County. Reach him at (949) 450-6362 or pross@www.hwcpa.com. For more information visit www.hwcpa.com.