An Investment No One Can Afford to Forego
The most cost-effective way to deal with financial loss through fraud is prevention. According to the Association of Fraud Examiners (ACFE; www.acfe.org), a company defrauded is unlikely to ever recover its losses. In its 2004 "Report to the Nation on Occupational Fraud and Abuse," ACFE estimated that fraud costs the typical U.S. company 6% of its annual revenue. So, for a mid-market company with $500 million in sales, $30 million disappears annually from profits because of corporate inattention to fraud and its prevention. Indeed, in the 2004 ACFE report, the 508 cases of occupational fraud studied accounted for more than $761 million in financial losses.
Importance of Fraud Prevention
For purposes of this article, fraud is defined in terms of one's employment, as ACFE did in its 2004 study: "The use of one's occupation for personal enrichment through the deliberate misuse or misapplication of the employing organization's resources or assets."
Clearly, fraud is a pervasive corporate problem, affecting organizations across industries and time zones without regard to company size. Because of fraud's disastrous consequences, failure to put deterrent procedures in place could put a company out of business within days. Fraud prevention, then, is a defined program of proactive measures to avoid or mitigate fraud.
Because of relative scaling, the greatest financial impact of fraud can occur in a small-business environment. A loss of 6% of revenues is significant for any company, however large, but a small operation whose margins are thin and reserves nonexistent will go out of business. Even if an operation survives the fiscal loss, its business continuity can be in jeopardy and it may no longer be able to function as an independent entity. Failing to address these issues places a company at a competitive disadvantage when fraud becomes a cost of doing business. Through cost avoidance, this impact becomes doubly significant because competitors can lower their product or service costs to their customers as their revenue yield-unaffected, through fraud prevention -is higher.
Finally, public disclosure of significant fraud can irreparably damage a large organization's brand. Customers and vendors translate sensational media coverage of fraud into an early warning sign of decreased market value in the product or service offered, resulting in declining sales and revenue. In extreme cases, it can even lead to the market collapse of the business.
Assess Current Conditions
Developing a fraud prevention program requires an accurate picture of the organization's current state of fraud risk. The "Assess" phase in Exhibit 1 highlights key tasks, including assessing the likely baseline behavior of the organization using cultural and other assumptions of social behavior.
Interviews with key project stakeholders are an essential part of this assessment. The board or audit committee executive sponsor will probably have a good sense of the current state of affairs as well as of why the company needs a new or improved fraud prevention program. Interviews with them also allow an assessment of the strength of the "tone from the top" and of whether additional actions from senior leadership are needed to reinforce communications. The owner of the project, perhaps the CFO or the chief risk officer, will have a good understanding of fraud and the associated risks within both the organization and its industry. These individuals can identify the three to five areas of greatest fraud risk facing the company. Last, the internal audit group or an independent third party hired to collect data will provide guidance. Collectively, these factors will influence assumptions and help guide the type of information gathered.
Fraud Risk Assessment and Additional Data Collection
A systematic, formal fraud risk assessment survey provides an opportunity to obtain additional information on the areas posing the greatest fraud risk. …