the risk management blog

The Hard Truth About Fraud

byMark Lowers | December 17, 2014

The evidence is that organizational fraud occurs at a startling rate and at great cost. Fraudsters can occupy positions at any level and in any kind of organization, finding creative ways to enrich themselves at the expense of the organization. Owners, managers, and employees who dismiss or minimize the chances of fraud occurring in their workplace do so at their financial peril.

The hard truth about organizational fraud is that new fraudsters emerge every minute. They are not born that way—need, self-serving justifications, and opportunity can turn a trustworthy employee into a thief without warning. Situations such as addictions, family troubles or financial pressures can help to create the circumstances that might trigger fraudulent behavior in someone who wouldn’t normally commit fraud.

In other words, the most salient fact about fraud is that it is a highly probable event given enough time for a would-be fraudster to find opportunities somewhere in the organizational environment. Fraud is as constant as human nature.

You Cannot Eliminate Fraud, But You Can Manage It

Given the continuous emergence of new fraudsters, it’s easy to understand when some organizational managers throw up their hands in defeat. But the risk of fraud can be managed just like any other risk. In a column on this topic, the Economist summed it up:

Fraud by wayward employees, be they high or low, can never be eliminated. Directors and executives can, however, treat it like any other unavoidable risk, and manage it professionally.

Generically, risk management is the objective identification of the sources of risk, the evaluation of these risk’s costs and probabilities (to get an expected value), and the development of targeted risk mitigation tactics appropriate for the expected value of the risk. In the case of organizational fraud, there are several specific dimensions for action.

Identify the opportunities.

Fraudsters can find myriad ways to siphon off the organization’s resources, but some opportunities are bigger than others. The data shows that employees who are closer to the financial operations, in areas such as accounting or sales, are more likely to be involved in fraud. The higher the fraudster is in the organization, the larger the potential loss. A systematic effort to develop controls where the potential losses are greatest can pay off.

Involve everyone.

Every other year, the Association of Certified Fraud Examiners publishes research on organizational fraud, and it always finds that the biggest source of fraud detection is through tips, most often from employees. The strongest barrier to an effective whistleblower program is the threat of retaliation against the “tattle-tail”.

Organizations that are serious about using this front line defense against fraud need to design a program that is safe for the whistleblower as well as the organization. When an anti-fraud culture takes hold, crowd sourcing favors the organization over the fraudster.

Review and repeat.

Organizations today are evolving in many directions at once under the twin pressures of globalization and cyber automation. Business operations and partners change in this environment, possibly making previous anti-fraud controls and policies obsolete.

Further, the fraudsters can take advantage of new technologies and new relationships to exploit opportunities that may not have existed in previous regimes.  Therefore, at least annual testing and review of anti-fraud policies and outcomes is an important way to ensure that fraud losses are minimized.

In the long haul, organizations that implement effective anti-fraud policies experience smaller losses to fraud. That’s not ZERO losses, but smaller is a good start. Over time, controls can improve (and change with the times) and the organizational culture can be more and more integrated into the fight against fraud.

If you have questions about how your organization can put up a harder fight against fraud, talk to a risk management consultant.