Fraud Risk: Practical Steps to Safeguard Your Company
In their journey towards success, organizations face numerous challenges and threats that can prevent them from achieving their goals. One of those threats is « Occupational Fraud » which is, in simple terms, the type of fraud perpetrated by an executive, manager, or employee against his or her employer. The ACFE[1] published an eye-opening Global Fraud Study in 2016 which is worth the read.
An Overview on Occupational Fraud
Occupational fraud or Internal Fraud can be defined as: “the use of one’s occupation for personal enrichment through the deliberate misuse or misapplication of the organization’s resources or assets.” [2]
Internal fraud breaks down into three categories:
- Asset misappropriation: representing 83.5% of cases, it is by far the most common type of fraud. However, it tends to cause the lowest losses with a median cost of €110,000 per case;
- Corruption: it takes second place in terms of both frequency (35.4% of cases) and median loss (€170,000);
- Financial Statements Fraud: with a median loss of €835,000 per case, it is the most harmful type of fraud to companies, although it appears to be the least common (9.6% of cases).
It is worth-mentioning that these three types of fraud can all occur together in one single company and that the typical organization loses 5% of annual revenues to fraud.
Fraud schemes may happen in various forms and in many areas. Examples being: billing, expense reimbursements, check tampering, payroll, cash larceny and the list goes on.
In France, the so-called “Sapin 2 Law” [3] enacted on 9 December 2016, has made the fight against corruption a top priority and aims at bringing French legislation up to the best European and international standards in this area. As an effort to protect whistleblowers, it has also established a recognized “Whistleblower” status compliant with international standards (see Primexis article).
In addition, under the “Sapin 2 Law”, companies that employ more than 500 employees or belong to a group that employs more than 500 employees, and companies that generate more than €100 million of (consolidated) annual revenue, are required to implement an “Anticorruption plan” [4] as of June 2017.
Some Techniques to Prevent Fraud
Although preventive procedures cannot ensure that fraud will not occur, they are the first line of defense in minimizing fraud risk.
1. Raising employees’ awareness with regard to fraud risk
It is crucial that employees be acutely aware of the fraud risk, since the first fraud detection sources are “Tips”, which usually come from employees themselves. Another positive impact of educating staff about fraud risk and the preventive measures in place is that it will dissuade potential fraudsters from acting out. Consequently, many companies have set up a reporting system (whistleblower policy or a hotline) that enables employees to report fraudulent behaviors or suspicious activities that they have witnessed.
Also, the “Sapin 2 Law” demands that companies provide tailored training to key staff members most often at risk for corruption.
2. Internal Audit and/or Internal Controls
Internal Audit is an independent function within a company designed to assist in corporate governance by assessing internal controls and helping in risk management (including fraud risk). The internal audit department is the second most common source of fraud detection.
It is important to note that external audit (or statutory audit) is not specifically designed to detect fraud, therefore, having one’s financial statements audited doesn’t guarantee the non-existence of fraud (see the above chart).
Segregation of duties is an essential component of internal control, if not the most important, that can significantly reduce the risk of fraud from occurring. In simple terms, no single individual should be given authority to execute two conflicting duties. For instance, the employee in charge of creating vendors in a system must not have the authority to pay vendor invoices. That will help to prevent fictitious vendors and fictitious invoices.
While establishing an internal audit department might be costly and constraining, every single company should at least demonstrate sound internal controls procedures. The internal control system should be assessed and regularly reviewed by an external expert.
Cekou Coulibaly
Senior Accountant
International Business Services Department
[1] Association of Certified Fraud Examiners, www.acfe.com
[2] www.acfe.com/fraud-101.aspx
[3] Loi n°2016-1691, www.legifrance.gouv.fr/affichTexte.do cidTexte=JORFTEXT000033558528&dateTexte=20170727
[4] Which include 8 preventive measures (examples of these are: a risk mapping, a code of conduct, a special training, etc.)