ccupational fraud has become—at least so far—the crime of the 21st century. It is a widespread phenomenon that affects practically every organization. The frauds in the 2004 Report to the Nation on Occupational Fraud and Abuse, from the Association of Certified Fraud Examiners, caused over $761 million in total losses, with a disproportionate percentage committed against small businesses—almost half of the frauds in the study took place in businesses with fewer than 100 employees. Not surprisingly such businesses are less likely to be audited or employ antifraud measures than the larger ones.
Several broad conclusions can be drawn from the 2004 report. First, though the losses have been stable over the years, the fact that in one year alone they are approaching $660 billion is cause for concern. Dishonest executives and employees are plying essentially the same schemes with the same results. Second, although large financial statement frauds receive the most attention, they are relatively uncommon compared to asset misappropriations and corruption. Third, small businesses remain the most vulnerable to occupational fraud because of three factors: They are the least likely to have an audit, a hotline or adequate internal controls. Fourth, audits—both internal and external—although excellent prevention devices are not the most effective means of detecting frauds. Fifth, hotlines and other reporting mechanisms are a vital part of any organization’s prevention efforts but should go beyond employees to vendors and customers, too. Finally, occupational fraud cannot be eliminated but organizations that use both hotlines and auditors can greatly reduce these costly crimes.
Occupational fraud schemes can be as simple as pilferage of company supplies or as complex as sophisticated financial statement frauds. This article summarizes some of the key findings of certified fraud examiners (CFEs) in cases they investigated. Internal and external auditors and CPAs advising small business clients will learn of the most effective antifraud measures.
MEASURING THE COST OF FRAUD
The study asked CFEs to give their best estimate of the percentage of revenues a typical organization in the United States loses in a year as a result of occupational fraud. The median response was 6%, the same result obtained from previous studies. This is a staggering figure. If multiplied by the U.S. gross domestic product, which for 2004 will total over $11 trillion, it would translate into $660 billion in annual fraud losses (see exhibit 1 ).
Approximately 46% of the occupational frauds in our study were committed in small businesses (defined as organizations with fewer than 100 employees). The impact of occupational fraud on small businesses was much greater than on larger companies (see exhibit 3 ). Part of the reason for the larger losses is that small businesses are the least likely to be audited. As noted in the 2002 report, the audit appears to be a powerful deterrent to occupational fraud.
HOW OCCUPATIONAL FRAUD IS COMMITTED
There are three major categories of occupational fraud to consider:
Asset misappropriations. These schemes involve the theft or misuse of an organization’s assets by such means as skimming revenues, stealing inventory or committing payroll fraud.
Corruption. Fraudsters wrongfully use their influence in business transactions to procure some benefit for themselves or another person. One of the most common is accepting kickbacks or engaging in conflicts of interest.
Fraudulent financial statements. These generally involve falsification of an organization’s financial statements by overstating revenues or understating liabilities or expenses.
While asset misappropriations were by far the most common of the three categories, occurring in over 90% of the cases, they also had the lowest median loss, at $93,000. Conversely, fraudulent financial statements were the least common (7.9%) but had the highest median loss at $1,000,000. (See exhibit 4 and exhibit 5 .)
Fraudulent disbursements. A perpetrator causes his organization to disburse funds through some trick or device, such as submitting false invoices or forging company checks.
Skimming. Cash is stolen from an organization before it is recorded on the organization’s books and records.
Cash larceny. Cash is stolen from an organization after it has been recorded on the organization’s books and records.
Approximately three-fourths of the cash frauds in the study involved some form of fraudulent disbursement, making this the most common category by far. Schemes that involved a fraudulent disbursement also had the highest median loss, at $125,000. (See exhibit 6 .)
Billing. A fraudster causes the victimized organization to issue a payment by submitting invoices for fictitious goods or services, inflated invoices, or invoices for personal purchases. Example: When a secretary for a public company interceded on behalf of an unpaid legitimate supplier and the accounts-payable department could not locate the original invoice, it nonetheless agreed to pay the vendor based on a fax copy. Seizing on this basic internal control deficiency, the secretary and two nonemployee accomplices set up three phony companies, submitting fax copies of doctored original invoices for “consulting fees.” The fraud was discovered when a manager questioned a huge variation in the budget—but not until four years and $1.7 million later.
Payroll. An employee causes the victim organization to issue a payment by making false claims for compensation. Example: A controller for a small nonprofit organization, believing she should be earning twice her salary, added a “ghost” employee to the payroll. Since she managed both the bank accounts and the books—a serious internal control deficiency—that was easy enough to do. Every pay period, she wrote a paycheck to the nonexistent ghost, but thanks to the company’s direct payroll deposit policy, the money actually went straight to her bank account. The bank evidently never noticed the discrepancy. During a surprise audit of the payroll account, the controller mysteriously left town. It didn’t take the auditors long to figure out why when they matched the direct deposits and uncovered the scheme, which had cost the nonprofit $208,000 over three years.
Expense reimbursements. An employee
enters a claim for reimbursement of fictitious or inflated
Register disbursements. An employee makes false entries on a cash register to conceal the fraudulent removal of currency. Example: A crafty service station attendant discovered a flaw in the cash register system; it could put a sale on hold until the transaction was completed. Simply depressing the “hold” button for a few extra seconds made the transaction disappear altogether. So when a customer bought gasoline, the clerk would erase the sale and pocket the proceeds. Company auditors finally noticed a large disparity when they compared fuel inventory to sales. After exhausting all other possibilities (including leaks in the fuel storage tanks), they installed surveillance cameras over the cash registers and caught the fraudster on tape. This simple scheme cost the company $132,000.
Respondents were asked what, if any, antifraud measures they had in place at the time the frauds occurred. They listed anonymous reporting mechanisms (typically hotlines), internal audit or fraud examination departments and external audits. Exhibit 9 shows the percentage of victimized organizations that had implemented these mechanisms.
This result is also consistent with the data the ACFE gathered showing the most common way for frauds to be discovered is through tips. Obviously, hotlines and other reporting mechanisms are designed to facilitate tips on wrongdoing. The fact that tips were the most common means leading to detection—combined with the fact that organizations that had reporting mechanisms showed the greatest reduction in fraud losses—indicates this is an extremely valuable antifraud resource. The effectiveness of these reporting mechanisms is significantly higher when they are made available to customers, vendors and other third parties—not just employees. Organizations that rushed to implement employee hotlines to comply with Sarbanes-Oxley might profit from adding these valuable additional sources of information.
Curiously, anonymous reporting mechanisms were the least common antifraud measure of the three we tested for; only slightly more than one-third of victim organizations in our study had established anonymous reporting structures at the time they were victimized.
THE WAGES OF CRIME
But the 2004 report also presents new information about occupational fraud that is especially critical in the post Sarbanes-Oxley world. For example, the ACFE found that over half of all frauds committed by owner/executives were detected through a tip, which was much higher than the rate for fraud in general. By comparison, only 6% of these cases were caught through internal controls. Obviously, this was because owners and executives often were able to override controls to commit fraud. Given the fact that schemes by owner/executives now must be disclosed to audit committees regardless of whether they are material, and that these schemes tend to be the most costly, the study offers strong support for Sarbanes-Oxley’s requirement for the establishment of anonymous reporting mechanisms.
The 2004 report also looked more deeply into the ways in which small businesses were affected by occupational fraud. The ACFE found one-third of the small business cases involved a billing scheme, and one-third involved check tampering—two forms of fraudulent disbursements that typically succeed when there is a lack of control over the company checkbook. This suggests that if there is one critical area where small businesses should focus their antifraud efforts and resources, it is in establishing solid controls—including a strong separation of duties—over the check-cutting and payables functions.
The ACFE also found that very few small businesses in the study—only 31%—had any form of internal audit or fraud examination department. But among that group, it was the internal audit department that detected half of the frauds. This suggests that internal auditors can have a significant impact in detecting occupational fraud and minimizing losses in small businesses.
JOSEPH T. WELLS, CPA, CFE, is founder and chairman of the Association of Certified Fraud Examiners and professor of fraud examination at the University of Texas at Austin. Mr. Wells won the Lawler Award for the best JofA article in 2000 and 2002 and has been inducted into the Journal of Accountancy Hall of Fame. His e-mail address is firstname.lastname@example.org .