Despite our best efforts to combat white-collar crime, dishonest people continue to find novel ways — often exploiting technology — to steal from businesses and not-for-profit organizations.
And honest people continue to report suspected fraudulent activity, also using technology. In a new development, fraud reporting was more common through the Internet than by telephone at companies that have hotlines or reporting systems. Email accounted for 34.1% of tips, while Web-based or online forms accounted for 23.5%. This suggests that if your company has only a telephone hotline, it should consider adding more electronic channels.
These insights are pulled from the 2016 Report to the Nations on Occupational Fraud and Abuse. This survey is published every two years by the Association of Certified Fraud Examiners (ACFE). This year’s report covers more than 2,400 cases of white-collar crime, occurring in 114 countries.
Consistent with previous studies, the 2016 report estimates that the typical organization loses 5% of its revenues each year to fraud. The total loss from cases in the study exceeded $8 billion, with an average loss per case of $3.5 million. In Canada, the median loss was $190,000 from 86 cases of reported fraud, compared to $155,000 for just over 1,000 reported cases in the United States.
That calculation can be sobering for many small business owners who think they’re immune to fraud — it happens to organizations of all sizes and in all types of industries.
The ACFE study exposes only the tip of the iceberg, however. Many frauds go undetected or unmeasured. Plus, there are additional indirect costs, including lost productivity, damage to a company’s reputation and loss of stakeholder relationships. As well, fraud investigations can be costly. Some organizations simply opt to cut their losses by terminating — but not fully prosecuting — white-collar criminals.
Small versus Large Organizations
The median loss for all for-profit companies, regardless of whether they’re publicly traded or privately held, was roughly $180,000. By comparison, the median losses for government and not-for-profit entities were approximately $109,000 and $100,000, respectively.
The median loss for the smallest organizations was the same as the median loss for the largest organizations ($150,000). But there are some subtle distinctions between the types of fraud schemes and the anti-fraud controls employed at small and large organizations.
Top 5 Fraud Schemes by Size in All Countries
|Rank||Less than 100 Employees||100+ Employees|
|1||Corruption (29.9%)||Corruption (40.2%)|
|2||Billing (27.1%)||Billing (20.9%)|
|3||Check tampering (20.1%)||Non-cash schemes (19.3%)|
|4||Skimming (19.9%)||Expense reimbursement (13.9%)|
|5||Non-cash schemes (18.8%)||Cash on hand (10.3%)
Although corruption is listed as the top fraud scheme for both small and large organizations, it’s more common outside North America. Corruption includes bribery, illegal gratuities and economic extortion. In Canada, billing schemes outnumber corruption schemes. Billing frauds were reported in 29.1% of Canada cases while corruption was reported in 26.7% of the U.S. cases.
The following occurred more than twice as frequently in small businesses as in larger organizations:
- Cheque tampering (including the manipulation of paper cheques and electronic payments),
- Payroll, and
- Cash larceny schemes, where an employee steals cash and checks from daily receipts before they can be deposited in the bank.
Additionally, the 2016 study showed that larger organizations generally dedicate more resources toward deterring fraud.
Frequency of Anti-fraud Controls by Size
|Rank||Less than 100 Employees||100+ Employees|
|1||External financial statement audit (56.2%)||External financial statement audit (94.2%)|
|2||Code of conduct (53.8%)||Code of conduct (91.3%)|
|3||Management certification (43.2%)||Internal audit (88.3%)|
|4||Management review (40.4%)||Management certification (83.7%)|
|5||Internal audit (38.6%)||External audit of internal controls (79.9%)|
The ways fraudsters were caught varied by region. In Canada, tips accounted for 32.6% of cases, followed by management review (20.9%) and internal audits (16.3%). Small and large organizations also differ in how they catch fraudsters. Globally, tips were the detection method in 29.6% of the cases involving small entities compared to 43.5% of the cases involving large ones. This could be because reporting hotlines are more common at larger companies than small ones with more limited resources.
Honest employees are an organization’s first line of defense against white-collar crime, so it makes sense that you consider some of these ways to encourage employees to join the fight:
Invest in training. Educate staff on the red flags associated with fraud from within and outside the company. This sends a powerful message about your company’s intention to fight fraud no matter where it originates. Employees must perceive a high probability that fraudulent activity will be detected.
Set up a hotline. Fraud reporting hotlines can be an effective method of obtaining tips about unethical behaviors. Unfortunately, many small businesses shy away from hotlines, because they think they’re too expensive and difficult to administer. But as we mentioned above, emails and Internet forms accounted for more than half of reports. If your company already has a website, this is a potentially reasonable solution.
The study found that employers were much more likely to be tipped off if they offer hotlines. The study showed that tips led to the detection of fraud in 47% of the cases involving organizations with reporting hotlines, but only 28% of the cases involving organizations without them.
The fact that more than half of all tips involved parties other than confirmed employees emphasizes the importance of cultivating tips from various sources. So it’s also advantageous to educate vendors, customers and owners on how to report suspicions of fraud.
Highlight management involvement. Managers must be seen and heard reviewing controls and urgently correcting weaknesses. If your organization’s managers are perceived to be unwilling or unable to take the time to review the controls, they may inadvertently be sending a message that it’s safe to commit fraud.
Best Practices in Internal Controls
Weak internal controls often provide dishonest people with the opportunity to steal assets or cook the books. The study cited a lack of internal controls and the ability to override them as the leading contributors to fraud, accounting for nearly half of the cases.
Your accounting and legal advisers can help reinforce your internal controls and investigate suspected fraud. Doing so can potentially save your company thousands, if not millions, of dollars in losses and put everyone on alert that fraud won’t be tolerated.