Nothing related to fraud is good news.
The bad news is that fraud is committed at every level of an organization — by employees, managers and executives. Even more bad news is that no department is immune. Fraud occurs in accounting, operations, sales, customer service and even the C-suite.
Worse news is that the Association of Certified Fraud Examiners (ACFE) estimates the typical organization loses 5 percent of its revenue to fraud every year. When you consider that most organizations would be happy to add just a half-percent to net income, let alone revenue, losing 5 percent of revenue to fraud is a staggering amount. Finally, the even worse news is that fraud is on the increase and is expected to continue rising.
What chance does the CFO or finance professional have against all that bad news?
While it may seem to be a daunting task, you can win the battle against fraud. In order to stem the tide and prevent fraud, the finance professional needs to wear many different hats – realist, psychologist, assessor, controls expert, translator, trainer and sheriff.
The first step in preventing fraud is recognizing that there’s a problem. Too many of us read about fraud in the news and then say, “How horrible, but that would never happen here.” Unfortunately, fraud is an equal opportunity employer hitting private, public, government and nonprofit organizations. In addition, while fraud is more common among employers with fewer than 100 employees, organizations with more than 10,000 employees are not exempt. Fraud can (and probably will) happen in your organization, no matter what type or size. Be a realist accept that fraud exists, and start taking steps to address it.
|Type of organization||Percentage of fraud occurrences||Number of employees||Percentage of fraud occurrences|
|Public||39%||< than 100||32%|
|Private||28%||100 – 999||20%|
|Government||17%||1,000 – 9,999||27%|
One of the difficulties in preventing fraud is that fraud can take many forms. Similar organizations may not be subject to the same fraud risks. So, there is no one-size-fits-all approach to dealing with fraud risk. In order to address the problem of fraud, you have to understand the underlying theory that explains why a normally honest person would suddenly become dishonest and commit fraud. The “fraud triangle” identifies three factors that lead to fraudulent behavior — pressure, rationalization and opportunity.
Pressure refers to a financial need. It is the catalyst that motivates an individual to commit fraud. For an employee, it may be that a family member lost their job, their house is in foreclosure, or medical bills are piling up for a sick child. For an executive, it may be the need to meet board and investor expectations, budgeted sales targets or loan covenants.
Rationalization is how an individual justifies committing fraud. Most people, including fraudsters, consider themselves honest. The fraudster often sees themselves as a victim of unusual circumstances and has to develop an explanation that makes illegal behavior acceptable. Rationalizations can range from helping oneself to helping others. Common justifications for committing fraud:
- “I deserve it.”
- “I’m only going to borrow the money.”
- “I’m underpaid and overworked.”
- “I have to take care of my family.”
Opportunity is the ability to actually commit a fraud. Opportunity increases with ease and lack of oversight. The fewer steps involved to commit fraud the more likely it is to occur. With inventory, if there are no restrictions on access and any employee can walk in at any time, there is greater opportunity for theft. If a salesperson can submit an order of any value without providing a customer’s purchase order, there is greater opportunity to submit fake orders.
Since fraud takes so many shapes and forms, the CFO needs to analyze their own organization to assess its unique fraud risks. There are several tools for assessing fraud risk. First, using the fraud triangle, look around your organization to identify potential problem areas. Are there any employees who might be struggling financially? Are there any executives who might have an incentive to manipulate revenue or earnings? Consider both internal and external pressures. An employee may have external financial pressures, or there could be internal pressures, such as not earning as much as a co-worker. For an executive, the external pressure may come from the need to meet bank covenants, or internal pressure could come from the CEO’s stated desire to meet budgeted revenue.
A second tool for assessing fraud risk is simply to ask your employees, “How could someone steal from our company?” or “How could someone manipulate earnings?” The employees are the ones most familiar with the day-to-day operations, and they are aware of how to circumvent policies and procedures. Look for the areas most frequently mentioned.
Once you have identified the high-risk areas for fraud, it’s time to implement mitigating controls. Simply stated, effective internal controls ensure that what you want to happen will happen, and what you don’t want to happen won’t happen. For each of your risk areas, consider whether you can implement preventative controls such as approvals and authorizations for certain transactions, increased physical security of valuable assets, or segregation of duties.
Internal control policies and procedures cannot be considered independently of IT. General controls, such as the use of passwords, and application controls, such as restricting access to programs or files, can significantly strengthen your fraud prevention program. Unfortunately, IT and finance professionals may have different departmental goals and objectives and often speak completely different languages. Successful implementation of fraud prevention controls requires establishing a common understanding between the two departments.
Training, or really the lack of training, is often the reason why internal controls fail. Even good controls designed to prevent fraud can be ignored or circumvented if they are not understood. A process that is not properly documented and explained is not likely to be followed consistently.
The unfortunate result is that many employees see controls as rules put in place to make their lives more difficult. Every control process should be fully explained to everyone involved. The easiest way to find out whether a process is understood is to ask your employee, “Why do you do it that way?” My least favorite answer is, “Because that’s the way it’s always been done.” An employee that has no understanding of the reason behind a process won’t mind bending the rules if asked. Training sessions covering the need for and purpose of controls should be made across all departments and at all levels in your organization.
The final role in fraud prevention is the most important.
The role of sheriff has two parts. First, the CFO has to be the enforcer. Two major deterrents of fraud are the fear of being caught and the fear of punishment. Internal controls are the organization’s way to catch a thief. The sheriff has to hold everyone accountable for complying with the internal control policies and procedures. Establishing an investigation protocol for when fraud is suspected or detected will also increase the likelihood of catching a fraudster. Once caught, the fraudster must be held accountable. Quietly firing a fraudster to avoid bad publicity does not instill the fear of punishment. Filing criminal charges or a civil claim is far more effective.
The second part of the sheriff’s role is to deputize everyone in the company to be fraud seekers. All employees should be on the lookout for fraud. Provide fraud training for all employees. The training should be customized to the department and level, focusing on the frauds they are likely to see. “See something, say something” should be every organization’s mantra. One CFO/sheriff can’t prevent or detect much fraud on their own, but with the eyes and ears of every employee assisting, it will be exponentially more difficult for a fraudster to be successful.
Fraud is constantly evolving. The CFO and the team of finance professionals must have a multi-faced approach to be successful in the prevention of fraud. They must wear many different hats–and wear them at all times. Fraudsters are always thinking of new ways to commit fraud; you must always be thinking of ways to stop them.
About the Author
Jennifer Elder CPA, CMA, CIA, CFF, CGMA, MS helps accountants advance their careers and organizations increase retention by developing powerful communication skills. Jennifer works with companies and their emerging leaders to increase employee engagement and client value by understanding personality styles, generational characteristics, and communicating clearly, concisely, and persuasively.
As a consultant and keynote speaker Jennifer is known for being energetic and enthusiastic. She has conducted seminars for the Fortune 500, the US Government, State CPA Societies, and CPA firms in 48 states and 5 countries. She is both a business strategist and an accounting expert who can make the complicated simple, practical and useful. She is a published author, writer for the AICPA’s CPE Direct, named a “2015 Woman to Watch” by the AICPA and MACPA, and been awarded Outstanding Educator by the AICPA for the past four years.
When not on the road teaching, she is either living on her boat on Chesapeake Bay or skiing the slopes of New Hampshire with her husband and two cats (no the cats don’t ski!)You can reach her at 410-231-1881, or firstname.lastname@example.org