Over the years, the Association of Certified Fraud Examiners (ACFE) has consistently estimated that occupational fraud costs the typical organization 5% of its revenue annually. In its most recent biennial report on occupational fraud, the ACFE found that the median loss caused by fraud was a whopping $145,000.
Clearly, no organization can afford to ignore the risks of employee theft, corruption and financial misstatement. One of the best ways to tackle these risks head-on is to conduct surprise audits.
Surprise vs. Financial
Some of your clients may dismiss the need for surprise audits, mistakenly assuming their annual financial statement audits provide sufficient coverage to detect and deter fraud among their employees. But financial audits were the primary detection method in just 3% of the fraud cases reported in the ACFE study. Although financial audits serve a vital role in corporate governance, the ACFE advises that “they should not be relied upon as organizations’ primary anti-fraud mechanism.”
By comparison, a surprise audit more closely examines the company’s internal controls that are intended to prevent and detect fraud. Here, auditors aim to identify any weaknesses that could make assets vulnerable and to determine whether anyone has already exploited those weaknesses to misappropriate assets. Auditors show up unexpectedly — usually when the owners suspect foul play or randomly as part of the company’s antifraud policies — to review cash accounts, bank statements, expense reports, payroll, purchasing, sales and other areas for suspicious activity.
The element of surprise is critical because most fraud perpetrators are constantly on guard. Announcing an upcoming audit gives wrongdoers time to cover their tracks by shredding (or creating false) documents, altering records or financial statements, or hiding evidence.
Fraud perpetrators likely have paid close attention to how previous financial audits were performed — including the order in which the auditor proceeded. So in a surprise audit, the auditor might follow a different process or schedule. For example, instead of beginning audit procedures with cash, the auditor might first scrutinize receivables or vendor invoices. Surprise audits focus particularly on high-risk areas such as inventory, receivables and sales, and auditors typically use technology to conduct sampling and data analysis.
The ACFE’s 2014 Report to the Nations on Occupational Fraud and Abuse demonstrates the primary advantages of surprise audits: reduced duration of schemes and fewer financial losses. Yet, according to the ACFE, only 29% of its survey’s U.S. respondents reported performing surprise audits.
The median loss for organizations that conducted surprise audits was $93,000, compared with a median loss of $164,000 for those organizations that didn’t — a 43% difference. This discrepancy is no surprise in light of how much longer fraud schemes went undetected in organizations that failed to conduct surprise audits. The median duration in those organizations was 24 months, compared with only 12 months for organizations that performed surprise audits.
Such audits can have a strong deterrent effect as well. While surprise audits, by definition, aren’t announced ahead of time, companies should state in their fraud policy that random tests will be conducted to ensure internal controls aren’t being circumvented. If this isn’t enough to deter would-be thieves or convince current perpetrators to abandon their schemes, simply seeing guilty co-workers get swept up in a surprise audit should do the trick.
The mere discovery of red flags for fraud in a surprise audit isn’t enough to take significant action, such as firing an employee or calling in law enforcement. As with financial audits, an auditor’s finding of suspicious activity in a surprise audit will likely require additional forensic investigation. Depending on the type of scheme, an auditor might conduct interviews with suspects and possible witnesses, scour financial statements and records, and perform in-depth data analysis to get to the bottom of the matter.
Who Commits Fraud on the Job?
The ACFE’s 2014 Report to the Nations on Occupational Fraud and Abuse looked at nearly 1,500 perpetrators from more than 100 countries. Its findings can prove helpful for targeting fraud detection efforts.
The ACFE found that a majority (52%) of occupational thieves were between 31 and 45 years of age. However, older perpetrators tended to produce larger losses, with those ages 60 and over causing a median loss of $450,000. This supports the finding that greater losses are generally associated with higher levels of authority ($500,000 for executives vs. $75,000 for employees), which typically increases with age and tenure ($220,000 for those with tenure greater than 10 years vs. $51,000 for those with tenure under one year). Higher-level employees generally have greater access to the organization’s assets and are better positioned to override controls.
Gender is also relevant. Male perpetrators outnumbered females 2-to-1. The median losses attributed to men were more than double those attributed to women ($185,000 vs. $83,000). This proportion has remained consistent over the ACFE’s previous three studies. ©2015
Contact me at firstname.lastname@example.org or 609-689-9700 to learn how Mercadien’s highly-credentialed and experienced Forensic and Litigation Support Group can help you or your clients investigate, prosecute and prevent internal, corporate accounting fraud.